Government Response to Frontier AI Systems
The Indian Computer Emergency Response Team (Cert-In) has issued guidelines to help organizations prepare for disruptions caused by advanced AI systems like Anthropic’s Claude Mythos.
Background
- Cert-In operates under the Ministry of Electronics and Information Technology as the nodal agency for cybersecurity.
- The advisory follows discussions led by Union Finance Minister Nirmala Sitharaman on the impact of Claude Mythos on government systems' financial security.
Key Concerns
- Claude Mythos and similar AI models can autonomously discover security vulnerabilities, analyze source code, and execute multi-stage attacks.
- These systems operate at a scale and speed surpassing human expert teams, posing increased risks due to their dual-use nature.
Recommended Actions for Companies
- Maintain an elevated alert posture and increase the frequency of threat monitoring.
- Review and reduce internet-exposed attack surfaces, and disable unnecessary ports and protocols.
- Treat critical vulnerabilities as urgent, requiring immediate action.
- Segment digital systems to prevent attackers from moving across networks.
- Harden or replace outdated remote-access systems like older VPNs.
- Regularly review and patch open-source software components.
- Monitor and restrict outbound traffic to known AI services.
Training and Awareness
- Train internal security teams to detect AI-augmented attacks for quick response.
- Conduct phishing and social engineering training, including AI-generated content simulations.
- Invest in staff development through industry certifications and build an internal AI security community.
