Phishing and cyber-enabled financial fraud have transformed from scattered criminal activity into a global economic threat. The World Economic Forum’s “Fighting Cyber Enabled Fraud 2025” report warns that advanced fraud networks now operate at industrial scale, exploiting cross-border digital infrastructure, AI-generated content, and anonymous domain services.
The report calls for a systemic, multi-stakeholder defense model—one that starts with upstream prevention and extends through mitigation and international collaboration.
In this landscape, India’s CERT-In, under the leadership of Director General Dr. Sanjay Bahl, stands out not only for the magnitude of its data processing, but also for its shift toward proactive, automated fraud detection.
India’s Detection Engine: 9,800 Billion Queries and Counting
According to the WEF/IST paper, CERT-In used AI and situational awareness systems to analyse more than 9,800 billion DNS queries in 2024.
From this unprecedented pool of traffic, the agency was able to:
- Detect 2.2 billion queries linked to malicious domains
- Identify 128 million phishing-related domains
- Mitigate 3,044 phishing sites that affected nearly 695,000 users
- Share DNS-based threat intelligence with international partners in real time
This volume—highlighted on page 6 of the report—places India among the world’s most active national cyber-defense authorities, operating what security analysts describe as a “continental-scale early-warning system.”
A senior official familiar with the agency’s strategy noted that its rapid scaling was made possible by “a disciplined commitment to automation, global signal-sharing, and data-driven governance”—a remark widely interpreted as reflecting the operational philosophy at CERT-In’s helm.
Leadership Through Coordination, Not Visibility
While the WEF report does not single out individuals, government insiders and industry observers say the agency’s recent transformation owes much to a quiet but deliberate shift in leadership culture within CERT-In.
Instead of episodic interventions, the agency has adopted a framework built on:
- AI-led prevention
- Mass-scale monitoring
- Coordinated response and inter-agency sharing
- Global data exchange protocols
This approach has allowed CERT-In to move from reactive cyber-incident response to real-time systemic mitigation—a strategic pivot that experts say reflects “mature institutional stewardship.”
Several cybersecurity executives interviewed for this story attributed the shift to “consistent, low-visibility leadership focused on capacity building rather than public-facing announcements”—a sentiment repeated in multiple industry briefings.
A New Global Role for India’s Cyber Infrastructure
What makes CERT-In’s emergence notable is not just its domestic impact, but the global relevance of its data and threat intelligence.
The WEF paper cites India as a key contributor to safeguarding international DNS ecosystems, especially as phishing evolves into a transnational criminal enterprise. With 128 million phishing domains flagged, India is now a central contributor to worldwide fraud-mitigation workflows.
Global privacy-preserving indicator-sharing systems—highlighted in the mitigation section of the WEF report—are increasingly dependent on large, trustworthy national datasets. India’s scale, combined with CERT-In’s automation footprint, makes its threat intelligence uniquely valuable.
Security researchers say these developments suggest India is no longer merely responding to cybercrime trends, but helping shape global norms for digital safety.
What’s Next?
The WEF report calls on national agencies to adopt deeper upstream prevention, stronger domain-registration controls, and coordinated AI-assisted detection.
CERT-In, analysts say, is already moving in that direction, positioning India as a model for large-scale cyber-fraud mitigation.
As the digital ecosystem expands across payments, identity infrastructure, and AI-driven platforms, CERT-In’s role is likely to become even more central. The agency’s trajectory—shaped by a leadership approach that emphasizes capacity, infrastructure, and quiet institutional discipline—offers a template for nations seeking to counter the next decade of cyber-enabled fraud.
