No using unapproved AI tools for official work: Modi government
29 Jun 2026

In a bid to bolster cyber security, the Indian government has issued internal directives urging its departments to steer clear of unapproved external artificial intelligence (AI) platforms.

The move comes in the wake of an advisory from the Indian Computer Emergency Response Team (CERT-In), which flagged new cyber risks posed by advanced AI models.

The advisory also recommended strengthening cybersecurity measures across government organizations.

Internal communication highlights measures
Directive

Internal communications accessed by Moneycontrol show that government offices have been directed to limit the use of unapproved external AI tools for processing official data.

The directive also calls for a wider range of cyber security measures.

It clearly states, "Restriction on use of unapproved external AI platforms/tools for processing or sharing official/confidential/sensitive data."

However, it stops short of a complete ban on generative AI services in government work.

CERT-In's advisory on advanced AI threats
Cyber threat

The advisory from CERT-In comes amid the rise of advanced AI models like Claude Mythos, which can automate complex cyber attacks.

These capabilities, according to CERT-In, could drastically reduce the time available to fix system vulnerabilities.

The agency has advised organizations to patch critical vulnerabilities within 12-24 hours in light of this development.

Comprehensive measures for enhanced cybersecurity
Security enhancements

Along with restricting external AI platforms, the internal communication also urges government organizations to strengthen multi-factor authentication for critical systems, install security patches, conduct regular vulnerability assessments and audits.

It also stresses on monitoring internet-facing infrastructure and maintaining secure offline backups.

The communication further asks organizations to report cyber security incidents to CERT-In as per existing protocols, and appoint nodal officers for overseeing cybersecurity preparedness and compliance.