Indian government departments have instructed officials to stop using unapproved external AI tools for official work, following a CERT-In advisory on AI-enabled cyber risks. The internal directions, circulated across government organisations, specifically warn against processing sensitive information on platforms that have not been vetted for security.
The Computer Emergency Response Team (CERT-In) issued the advisory earlier this month, flagging new vulnerabilities that could expose government systems to data breaches, phishing, and other attacks amplified by AI. The advisory tells agencies to strengthen cyber security measures and report any incidents immediately.
Unapproved AI tools carry data risks
Officials are now required to use only internally approved AI platforms for official data. The directive does not name specific tools, but the timing coincides with the rapid adoption of generative AI assistants in public sector workflows. Any external AI tool used without clearance could leak sensitive information, the advisory notes.
The government's caution reflects a broader push to secure its digital infrastructure. Training on secure AI for government has become part of the conversation as agencies look to balance innovation with data protection.
Anthropic's Claude model reaches vetted security groups
On June 9, Anthropic rolled out its Claude Mythos 5 architecture to a select group of vetted security organizations. The company had earlier unveiled Claude Mythos Preview on April 7, after a leak of its existence in March. The advanced model is designed for high-security environments, but its availability only to pre-approved entities highlights the divide between consumer AI tools and those built for sensitive use.
Government bodies are not banning AI entirely. Instead, they are drawing a line between tools that have undergone security assessments and those that have not. The CERT-In advisory makes clear that the threat landscape is shifting, and AI can both automate attacks and create new entry points for adversaries.
Why this matters for government employees
If you process official data, the directive means you should not use consumer AI chatbots, writing assistants, or any other unapproved third-party AI tool on your work devices. Check with your IT department for the list of approved platforms. Security incidents must be reported through the designated channels. The rules are not just bureaucratic - they are a response to real, AI-driven threats that CERT-In has identified. Ignoring them could expose your department to data leaks and legal consequences.
Your membership also unlocks:
