AI-driven cybercrime threatens India’s digital future, Rs 23,000 crore lost in 2024

BENGALURU: As India races ahead in its digital journey, a chilling new report warns of the dark flipside: Artificial Intelligence (AI) is rapidly emerging as the most dangerous weapon in the cybercriminal’s arsenal.

A whopping Rs 22,812 crore ($2.78 billion) was lost to digital frauds in 2024 alone, most of it triggered by AI frauds and committed not just in cities like Bengaluru but also in the rural parts of the country. The findings were part of ‘The State of AI-Powered Cybercrime: Threat & Mitigation Report 2025’ jointly released by GIREM (Global Initiative for Restructuring Environment and Management) and automotive tech firm Tekion.

The report was unveiled in Bengaluru by Karnataka’s director general and inspector general of police (DG&IGP) M A Saleem on Wednesday.

The report highlights how cyber criminals are leveraging AI to craft phishing emails, clone websites, and even spin up deepfake-driven scams. AI tools were involved in 80 per cent of the phishing mails, which, in other words, mean that AI was deployed in eight out of every 10 phishing campaigns.

AI is transforming the cybercrime landscape, enabling attackers to execute faster, targeted and personalise attacks like never before, the report warned while pointing out that Indian users were frequently targeted through imitation dashboards, spoofed brand communications, and malicious mobile apps. “This report is a wake-up call. It doesn’t just document cyber threats, it reveals the human cost behind them,” said Jay Vijayan, founder and CEO of Tekion. “Phishing scams, identity theft, cyber slavery are no longer abstract dangers. AI has turned them into a daily reality,” he added. The report warned that organised e-crime syndicates such as FIN7, which have been targeting the auto industry in the US, have started using AI to target hospitality chains and restaurants in India, an indication of how even well-defended corporate networks are now vulnerable.India registered a record 1.91 million cybercrime complaints in 2024, up from 1.55 million the previous year — a nearly ten-fold increase since 2019. The losses, particularly in financial fraud, have tripled in just one year. Digital frauds under the guise of police or government impersonation, dubbed ‘digital arrest’ scams, alone accounted for Rs 1,936 crore in 2024. Cumulatively, cybercriminals have siphoned off over Rs 33,000 crore from individuals and enterprises in the last four years in India. In Karnataka, the police said, there was a five-fold increase in cybercrime reports over the last two years, with complaints rising from 20,894 in 2022 to 97,929 in 2024. Financial losses surged from Rs 113 crore in 2022 to Rs 2,396 crore in 2024. Bengaluru alone recorded 12,356 cybercrimes in the first eight months of 2024, with losses exceeding Rs 1,242 crore. Citing a recent threat report, the police said the state witnessed around 11.46 million malware detections and 1.78 million ransomware attacks in 2024, many of which leveraged AI techniques to evade detection and adapt continuously.

Cyber criminals are also using AI to develop counterfeit apps that mimic official government services such as Parivahan or fake bank helplines. These apps are often used to deploy malware and steal sensitive financial information, the report stated. India is now the second most targeted country in the world, after the US, for crypto-related cyberattacks, the report stated. “The rise in cyber threats underscores the critical need for stronger cybersecurity measures and a robust awareness at every level of the society,” said GIREM chairman Shyam Sundar S Pani.

To combat these threats, Karnataka has established India’s first Cyber Command Centre, unifying 45 cybercrime police stations to address financial frauds, ransomware, identity theft, and other cybercrimes. “Awareness is being created to educate the people about the emerging threats,” DG&IGP Saleem added.On the cyber defence measures to be taken, the report suggested integrate digital safety and cybersecurity education in schools and workplaces; establishing advanced cybercrime labs in universities and police departments; deploying AI-based threat detection systems across critical infrastructure; launching public awareness campaigns in regional languages; and strengthening international cooperation to combat cyber slavery and transnational crimes.