Govt tightens AI use in offices, warns against unapproved tools for official data: Report

Government organisations have started tightening safeguards around the use of artificial intelligence in official work, with employees being advised not to use unapproved external AI platforms for processing or sharing official, confidential or sensitive information, according to a Moneycontrol report.

The move follows recent advisories issued by the Indian Computer Emergency Response Team (CERT-In), which warned government entities about emerging cyber threats posed by advanced artificial intelligence models and urged organisations to strengthen their cyber security posture.

According to internal communications cited by Moneycontrol, government offices have been asked to restrict the use of unapproved external AI platforms while handling official data.

The communication specifically refers to the "restriction on use of unapproved external AI platforms/tools for processing or sharing official/confidential/sensitive data".

However, the directions do not amount to a blanket ban on the use of generative AI services for government work, the report said.

According to Moneycontrol, government organisations have also been asked to strengthen multi-factor authentication, install security patches, conduct regular vulnerability assessments and security audits, monitor internet-facing systems and maintain secure offline backups. They have also been told to report cyber incidents to CERT-In and appoint nodal officers to oversee cyber security preparedness.

The advisory comes amid growing concerns over the ability of frontier AI models to automate sophisticated cyber attacks.

In an advisory issued in April, CERT-In said attackers were using AI to automate vulnerability discovery, generate exploits and accelerate cyber attacks. It warned that organisations now have much less time to detect and fix security flaws.

The agency advised organisations to implement stronger identity controls, continuous monitoring, timely patch management, human oversight for AI systems and safeguards against data leakage and malicious use of AI.

Earlier this month, CERT-In issued separate guidelines for technology providers and equipment makers, asking them to conduct AI-assisted vulnerability assessments, strengthen secure software development practices, maintain updated software bills of materials, implement multi-factor authentication and rapidly disclose critical vulnerabilities to affected organisations and CERT-In.

The guidelines also call for accelerated patch management and stronger incident response mechanisms as AI-powered cyber threats continue to evolve.