AI Cyberattacks Will Beat Old-School Defenses By 2025: Report

Released on April 7, 2025, the report, prepared by CERT-In, under the Ministry of Electronics and Information Technology (MeitY), CSIRT-Fin, and SISA and vetted by RBI and SEBI, highlights rising cyber threats to the financial sector, amid rapid digital adoption.

The report anticipates that AI will be the hacker in chief, outlining major cyber threats expected to rise in 2025. These include deepfakes and AI-generated content, supply chain attacks — where malicious code slips into widely used software tools — and LLM prompt hacking.

New AI tools like WormGPT and FraudGPT are making it easier for even inexperienced hackers to launch serious cyber attacks. These tools can help them write convincing scam emails, create harmful software, and find security gaps to break into systems. 

Attackers exploit flaws within hours of the disclosure of a vulnerability, with the average time for exploitation now just eight days. This leaves organisations struggling to patch in time. It is feared that traditional defenses like basic antivirus solutions, firewalls and intrusion prevention systems will fall short in addressing the advanced AI-powered cyber threats.

Banks Hit The Hardest Already

According to the Economic Survey 2024-25, banks are getting hit the hardest by cyberattacks, with nearly one in five reported incidents targeting financial institutions. As India’s financial sector goes more digital, it’s also facing more kinds of cyber threats.

With 954.4 million of India’s population now connected via the internet, digital payments have surged, bringing convenience but also increasing the risk of cyberattacks that can impact millions in seconds.

“Cyberattacks are no longer confined to external breaches or malware infections; they now infiltrate the entire BFSI value chain — from core financial application platforms and payment gateways to cloud infrastructure and customer-facing applications,” says the Digital Threat Report.

The financial stakes are high, with the average cost of a data breach reaching US$ 2.18 million in India.

MeitY secretary S Krishnan, chief guest at the event, said there are little things we do in a day that may expose us to cyber threats. He added that with the Digital Personal Data Protection (DPDP) Act coming into force soon, being careless with how organisations handle or share personal data could lead to big fines. So, individuals and businesses alike need to be more careful and responsible about data security.

“Financial institutions must stay ahead of adversaries,” said Sanjay Bahl, Director General, CERT-In. "Report is meant to adapt to emerging risks and build long-term cyber resilience."

"This report does say a lot of things, but it also doesn't say some things," further added the secretary.

The secretary emphasised the importance of maintaining discretion around certain cybersecurity capabilities developed within key organisations.

Some capabilities have been intentionally left out of the report, as no country openly shares its full range of domestic cyber capabilities, and India is no exception.

"We’re dealing with adversaries, not operating in a friendly neighbourhood," he said, adding that it's neither strategic nor expected that we disclose all our defensive strengths to the public.