From phishing to trojan horses to ransomware to digital arrest and all sorts of online frauds, cybercrimes affect every one of us citizens. It can cause economic or reputational loss. Often both.

That should probably be the least of our worries.

With cybersecurity threats getting even more alarming with the advent of powerful AI tools, an even more serious format is ransomware, which can cripple organisations. And at the highest level, it becomes almost like warfare, attacking governments and creating rendering it incapable on a much larger scale.

This doomsday-like scenario was voiced by none other than S.Krishnan, India’s electronics & IT secretary, the occasion being the launch of India’s second Digital Threat Report, especially focusing on banking, financial services, insurance, and digital payments.

And no prizes for guessing how new highly powered AI tools have a starring (if villainous) role in it.

The report, prepared by India’s top cybersecurity watchdog CERT-In, in association with the IT ministry, as well as consultancy group SISA, acquires an ominous tone as Dharshan Shanthamurthy, Founder & CEO of SISA, pointed out how almost all the predictions made in the first report a year ago have come true.

And with powerful AI tools coming within reach of more and more people, the threat to banking systems—as well as the whole online payment ecosystem—is immense.

 "The BFSI (banking, financial services, and insurance) industry is built on trust—trust that a transaction is genuine, that the systems processing it are acting as intended, that money will move securely and irreversibly through a network of institutions that depend on one another. When that trust is weakened, the impact is never contained to a single breach or a single firm; it ripples across customers, partners, markets, and entire economies,” said Shanthamurthy.

“This is why cybersecurity can no longer sit at the edge of the business as a technical control function. It has to become central to how institutions grow, innovate, and lead," he added.

Recently, alarm bells rung across India and the rest of the world when Mythos, the latest Claude AI tool from Anthropic, was found to be capable of exploiting vulnerabilities in financial ecosystems by itself.

The US government since then restricted it from the open market, even as India formed an expert group to study the impact of it, if any, on the nation’s banking sector.

The report identifies AI asymmetry as one of the defining risks facing financial institutions. Activities that once required specialist teams, significant resources, and weeks of effort can increasingly be performed at machine speed by comparatively low-resource threat actors (read: a powerful AI tool).

This makes vile actors much more capable at far lesser time, and without the previous entry barrier of high-tech knowledge or hacking wherewithal. And worse, it gives them a headstart when it comes to firewalls, as well as tech defence mechanisms and regulatory safeguards.

This rapid progression demonstrates how the time between the emergence of a threat and its operational exploitation is shrinking—often from years to months, or even weeks, according to a statement released by the government.

Threats previously considered emerging or episodic—including social engineering, credential theft, supply-chain compromise and cloud exploitation—are now established attack methods.

The consequence is a threat environment where the most damaging attacks no longer resemble traditional intrusions at all. They surface as legitimate sessions, approved payments, manipulated workflows, or ordinary user behaviour that are indistinguishable from genuine activity until the damage is already done—according to the government note.

Talking to the media, IT secretary Krishnan revealed that the government has received Meta's response on its plans to introduce usernames for its popular messaging and calling service WhatsApp.

“The reply only came on Saturday, the last date. We are examining it and based on it, we will take action.”

Disclaimer: Comments posted here are the sole responsibility of the user and do not reflect the views of THE WEEK. Obscene or offensive remarks against any person, religion, community or nation are punishable under IT rules and may invite legal action.