#FactCheck - Misleading Viral Video Targets Rubika Liyaquat, Original Footage Tells Different Story

Introduction
‍

The recent advisory issued by CERT, issued on April 26^th, 2026, titled “Defending Against Frontier AI-Driven Cyber Risks”, on AI-driven cyber threats does not merely add to the list of routine cybersecurity warnings. Instead, it marks a shift in how cyber risk itself is understood. The concern, here, is not just that attacks are increasing, but also that their nature is changing. Artificial intelligence is no longer assisting cyber operations- whether legitimate or malicious, in fragments; it is beginning to organise and execute them at scale. 

What is emerging is a situation where capability is no longer tied to human skill alone. Systems can now identify vulnerabilities, generate exploits, and carry out coordinated attacks with limited intervention. This alters the baseline assumption of cybersecurity, that attacks require effort, time, and expertise.
‍

The Essence: Automation and Capability
‍

At the core of the advisory lies the recognition that AI has introduced speed and autonomy into cyber operations. Tasks such as analysing code, identifying vulnerabilities, or crafting phishing content are no longer sequential processes. They can happen almost simultaneously and at scale. 

This is not simply a matter of efficiency. It changes the structure of the threat itself. When attacks can be automated, they become repeatable and less dependent on specialised actors. The advisory also points to the ability of AI systems to conduct multi-stage attacks, moving across networks and adapting strategies in real time. 

In a way, the threat is no longer just external. It is embedded within the logics of the technology being used.

Significance: Lower Barriers, Wider Exposure

One of the more important aspects of the advisory is its emphasis on ‘accessibility’. AI lowers the barrier of complexity in the commission of cybercrimes. Activities that once required coordinated teams can now be performed by individuals with access to advanced tools. 

This has two consequences. First, the number of potential attackers increases. Second, the scale at which attacks can be carried out expands significantly. Systems that were previously considered low risk may become viable targets simply because automated tools can scan, test, and exploit them rapidly.

There is also a broader anxiety reflected in what is being described as “Mythos concerns”, a shorthand for uncertainty around frontier AI systems and their unpredictable capabilities. This signals that the risk is not fully mapped yet and that regulatory responses are still catching up.

Element of Continuous Risk

The advisory outlines impacts such as unauthorised access, data breaches, identity theft, and financial fraud. These are familiar categories. What is less explicit, but more important, is the shift in how these harms occur.

When AI enables rapid and repeated exploitation, risk becomes continuous. Systems are not attacked once and then secured. They are exposed to ongoing attempts. This creates pressure not only on technical infrastructure but also on legal frameworks that are designed around discrete incidents.

For instance, obligations under the Information Technology Act, 2000 or even emerging data protection frameworks often assume identifiable breaches and reportable events. Continuous probing complicates that model!

Response Framework: From Compliance to Vigilance

CERT-In’s recommendations reflect this change in threat perception. There is a clear emphasis on vigilance rather than mere compliance. Organisations are advised to adopt zero-trust approaches, reduce exposure surfaces, and treat vulnerabilities as immediately exploitable.

The insistence on rapid patching within short timeframes is particularly telling. It acknowledges that the window between vulnerability disclosure and exploitation is shrinking.

There is also a noticeable expansion of responsibility. The advisory does not limit itself to large organisations. It extends guidance to the MSMEs and individuals, recognising that cyber risk is now distributed across the entire digital ecosystem.

A Subtle Legal Shift

Although the advisory itself is not binding in law, it operates within the framework of Section 70B of the Information Technology Act, 2000, which empowers CERT-In to issue directions on cybersecurity best practices and guidelines.

So, while the advisory does not create liability directly, it influences what may later be considered ‘reasonable security practice’. In that sense, it serves as soft law, gradually informing standards of due diligence.

At the same time, there remains a gap. The advisory focuses on defensive measures, but it does not fully address attribution and accountability in AI driven attacks. When actions are automated and anonymised, identifying responsibility and imposing liability becomes more complex.
‍

Conclusion
‍

The CERT In advisory is not just a warning about new threats. It is an acknowledgement of a transition. Cyber risk is moving from being occasional and targeted to being constant and scalable. AI is not simply adding to existing threats; it is restructuring and advancing them.

For cyber vigilance frameworks, this suggests a need to rethink priorities. Static compliance measures are no longer sufficient. It has become necessary to adopt continuous monitoring, adaptive responses, and a clearer understanding of how technology is reshaping risk.

While the advisory does not resolve these questions, it does bring them into focus. And that, in itself, is significant.

‍

References
‍

1. CERT-In issues advisory against AI driven cyber attacks for MSMEs, organisations and individuals, Moneycontrol (Apr. 27, 2026), https://www.moneycontrol.com/technology/cert-in-issues-advisory-against-ai-driven-cyber-attacks-for-msmes-organisations-and-individuals-article-13899942.html.
2. CERT-In warns of rising AI driven cyber threats amid Mythos concerns, Ommcom News (2026), https://ommcomnews.com/science-tech/cert-in-warns-of-rising-ai-driven-cyber-threats-amid-mythos-concerns/.
3. Indian Computer Emergency Response Team (CERT-In), Defending Against Frontier AI Driven Cyber Risks, Advisory No. CIAD-2026-0020 (Apr. 26, 2026)
4. Information Technology Act, 2000, § 70B (India).

‍

Introduction

Global cybersecurity spending is expected to breach USD 210 billion in 2025, a ~10% increase from 2024 (Gartner). This is a result of an evolving and increasingly critical threat landscape enabled by factors such as the proliferation of IoT devices, the adoption of cloud networks, and the increasing size of the internet itself.  Yet, breaches, misuse, and resistance persist. In 2025, global attack pressure rose ~21% Y-o-Y ( Q2 averages) (CheckPoint) and confirmed breaches climbed ~15%( Verizon DBIR). This means that rising investment in cybersecurity may not be yielding proportionate reductions in risk. But while mechanisms to strengthen technical defences and regulatory frameworks are constantly evolving, the social element of trust and how to embed it into cybersecurity systems remain largely overlooked.   

‍

Human Error and Digital Trust  (Individual Trust) 

‍

Human error is consistently recognised as the weakest link in cybersecurity. While campaigns focusing on phishing prevention, urging password updates and using two-factor authentication (2FA) exist, relying solely on awareness measures to address human error in cyberspace is like putting a Band-Aid on a bullet wound. Rather, it needs to be examined through the lens of digital trust. As Chui (2022) notes, digital trust rests on security,  dependability, integrity, and authenticity. These factors determine whether users comply with cybersecurity protocols. When people view rules as opaque, inconvenient, or imposed without accountability, they are more likely to cut corners, which creates vulnerabilities. Therefore, building digital trust means shifting from blaming people to design: embedding transparency, usability, and shared responsibility towards a culture of cybersecurity so that users are incentivised to make secure choices. 

‍

Organisational Trust and Insider Threats (Institutional Trust)

At the organisational level, compliance with cybersecurity protocols is significantly tied to whether employees trust employers/platforms to safeguard their data and treat them with integrity. Insider threats, stemming from both malicious and non-malicious actors, account for nearly 60% of all corporate breaches (Verizon DBIR 2024). A lack of trust in leadership may cause employees to feel disengaged or even act maliciously.  Further, a 2022 study by Harvard Business Review finds that adhering to cybersecurity protocols adds to employee workload. When they are perceived as hindering productivity, employees are more likely to intentionally violate these protocols.  The stress of working under surveillance systems that feel cumbersome or unreasonable, especially when working remotely, also reduces employee trust and, hence, compliance.  

‍

Trust, Inequality, and Vulnerability (Structural Trust)

Cyberspace encompasses a social system of its own since it involves patterned interactions and relationships between human beings. It also reproduces the social structures and resultant vulnerabilities of the physical world. As a result,  different sections of society place varying levels of trust in digital systems.  Women, rural, and marginalised groups often distrust existing digital security provisions more, and with reason. They are targeted disproportionately by cyber attackers, and yet are underprotected by systems, since these are designed prioritising urban/ male/ elite users.  This leads to citizens adopting workarounds like password sharing for “safety” and disengaging from cyber safety discourse, as they find existing systems inaccessible or irrelevant to their realities. Cybersecurity governance that ignores these divides deepens exclusion and mistrust.

‍

Laws and Compliances (Regulatory Trust)

Cybersecurity governance is operationalised in the form of laws, rules, and guidelines. However, these may often backfire due to inadequate design, reducing overall trust in governance mechanisms. For example, CERT-In’s mandate to report breaches within six hours of “noticing” it has been criticised as the steep timeframe being insufficient to generate an effective breach analysis report. Further, the multiplicity of regulatory frameworks in cross-border interactions can be costly and lead to compliance fatigue for organisations. Such factors can undermine organisational and user trust in the regulation’s ability to protect them from cyber attacks, fuelling a check-box-ticking culture for cybersecurity.  

‍

Conclusion 

Cybersecurity is addressed primarily through code, firewall, and compliance today. But evidence suggests that technological and regulatory fixes, while essential, are insufficient to guarantee secure behaviour and resilient systems. Without trust in institutions, technologies, laws or each other, cybersecurity governance will remain a cat-and-mouse game.  Building a trust-based architecture requires mechanisms to improve accountability, reliability, and transparency.  It requires participatory designs of security systems and the recognition of unequal vulnerabilities. Thus, unless cybersecurity governance acknowledges that cyberspace is deeply social,  investment may not be able to prevent the harms it seeks to curb. 

‍

References 

• https://www.gartner.com/en/newsroom/press-releases/2025-07-29
• https://blog.checkpoint.com/research/global-cyber-attacks-surge-21-in-q2-2025
• https://www.verizon.com/business/resources/reports/2024-dbir-executive-summary.pdf 
• https://www.verizon.com/business/resources/reports/2025-dbir-executive-summary.pdf 
• https://insights2techinfo.com/wp-content/uploads/2023/08/Building-Digital-Trust-Challenges-and-Strategies-in-Cybersecurity.pdf 
• https://www.coe.int/en/web/cyberviolence/cyberviolence-against-women 
• https://www.upguard.com/blog/indias-6-hour-data-breach-reporting-rule 

‍

Executive Summary:

The viral video circulating on social media about the Indian men’s 4x400m relay team recently broke the Asian record and qualified for the finals of the world Athletics championship. The fact check reveals that this is not a recent event but it is from the World World Athletics Championships, August 2023 that happened in Budapest, Hungary. The Indian team comprising Muhammed Anas Yahiya, Amoj Jacob, Muhammed Ajmal Variyathodi, and Rajesh Ramesh, clocked a time of 2 minutes 59.05 seconds, finishing second behind the USA and breaking the Asian record. Although they performed very well in the heats, they only got fifth place in the finals. The video is being reuploaded with false claims stating its a recent record. 

Claims:

A recent claim that the Indian men’s 4x400m relay team set the Asian record and qualified to the world finals.

Fact Check:

In the recent past, a video of the Indian Men’s 4x400m relay team which set a new Asian record is viral on different Social Media. Many believe that this is a video of the recent achievement of the Indian team. Upon receiving the posts, we did keyword searches based on the input and we found related posts from various social media. We found an article published by ‘The Hindu’ on August 27, 2023.

‍

According to the article, the Indian team competed in the World Athletics Championship held in Budapest, Hungary. During that time, the team had a very good performance. The Indian team, which consisted of Muhammed Anas Yahiya, Amoj Jacob, Muhammed Ajmal Variyathodi, and Rajesh Ramesh, completed the race in 2:58.47 seconds, coming second after the USA in the event. 

The earlier record was 3.00.25 which was set in 2021. 

This was a new record in Asia, so it was a historic moment for India. Despite their great success, this video is being reshared with captions that implies this is a recent event, which has raised confusion. We also found various social media posts posted on Aug 26, 2023. We also found the same video posted on the official X account of Prime Minister Narendra Modi, the caption of the post reads, “Incredible teamwork at the World Athletics Championships! 

Anas, Amoj, Rajesh Ramesh, and Muhammed Ajmal sprinted into the finals, setting a new Asian Record in the M 4X400m Relay. 

This will be remembered as a triumphant comeback, truly historical for Indian athletics.”

This reveals that this is not a recent event but it is from the World World Athletics Championships, August 2023 that happened in Budapest, Hungary. 

Conclusion:

The viral video of the recent news about the Indian men’s 4x400m relay team breaking the Asian record is not true. The video was from August 2023 that happened at the World Athletics Championships, Budapest. The Indian team broke the Asian record with 2 minutes 59.05 seconds in second position while the US team obtained first position with a timing of 2 minutes 58.47 seconds. However, the video circulated projecting as a recent event is misleading and false.

• Claim:  Recent achievement of the Indian men's 4x400m relay team broke the Asian record and qualified for the World finals.
• Claimed on: X, LinkedIn, Instagram
• Fact Check: Fake & Misleading

‍