India's BFSI sector endured 2.9 million cyber attacks in 2025, a 2x surge since 2021. MeitY's new Digital Threat Report 2025-26 warns that AI's offensive capabilities are outpacing defenses faster than ever. This means banks and payment platforms face industrial-scale, automated threats that current incident response systems cannot handle.
How We Got Here
CERT-In first flagged AI-generated malicious code in an advisory issued back in 2023. The latest report directly ties this earlier concern to the current 2025 cyber attack figures, showing a direct link between AI advancement and attack volume.
The Numbers
- In November 2025, a Chinese group used Anthropic's Claude AI for GTG-1002, conducting 90% of a cyberespionage campaign against 30 global firms.
- By April 2026, Claude Mythos Preview autonomously found 23,000+ vulnerabilities across 1,000 open-source projects, with 1,752 being high-severity.
- Frontier AI models generated working attacks against 207 historical smart contract exploits, simulating $550 million in stolen funds.
- AI now allows ransomware groups to independently generate exploits, previously bought from brokers, at a fraction of the cost.
- The report identifies parallel, multi-vector campaigns as a new threat, where AI simultaneously hits internal networks, emails, and cloud systems.
What Happens Next
🇮🇳 Why This Matters for India
For fintech founders in Hyderabad developing new payment rails, this report signals an urgent need to bake AI-native defenses into product architecture from day one, not as an afterthought.
The Take
This report confirms the industrialization of cybercrime, transforming it into a software manufacturing pipeline. Traditional human-led incident response teams are already outmatched, creating a critical and immediate market opportunity for AI-powered defensive solutions.
Source:
MediaNama ↗