#FactCheck: False Claims of Fireworks in Dubai International Stadium celebrating India’s Champions Trophy Victory 2025

Introduction

Over-the-Top (OTT) streaming platforms have become a significant part of Indian entertainment consumption, offering users the ability to watch films, web series, and short-format videos directly online. These platforms operate on a subscription-based model, allowing for creative freedom, but they also lack clear accountability. On certain platforms, some content has been criticised for focusing on sensational or sexually explicit themes, particularly targeting young viewers seeking risqué entertainment. Such applications lack strong age verification mechanisms and offer ‘user access’ with minimal restrictions, which raises serious concerns about exposure to obscene content. This has triggered serious concerns among regulators, civil society organisations, advocacy and parental groups about the accessibility of such material and its potential influence, especially on minors.

Blocking order issued by the Ministry of Broadcasting and Information (MIB)

On 23rd July 2025, the Government of India, invoking powers under the Information Technology Act, 2000, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, has issued a ‘blocking order’ against 25 OTT platforms. A total of 26 websites and 14 mobile applications of the said OTT platforms were on the list, including several prominent OTT platforms for alleged distribution of obscene, vulgar and pornographic content in some cases.  This regulatory action follows previous statutory advice and repeated warnings to the platforms in question, some of which continued to operate through new domains and disobeyed Indian laws and regulations. 

This action was taken by the Ministry of Broadcasting and Information (MIB) in consultation with Ministry of Home Affairs, Ministry of Women and Child Development, Ministry of Electronics and Information Technology, Department of Legal Affairs, industry bodies and experts in the field of women rights and child rights.

The list of OTT Platforms covered under the said ‘Blocking Order’

‍

The list includes - Big Shots App, Desiflix, Boomex, NeonX VIP, Navarasa Lite, Gulab App, Kangan App, Bull App, ShowHit, Jalva App, Wow Entertainment, Look Entertainment, Hitprime, Fugi, Feneo, ShowX, Sol Talkies, Adda TV, ALTT, HotX VIP, Hulchul App, MoodX, Triflicks, Ullu, and Mojflix. 

The government has explicitly directed Internet Service Providers (ISP’s) to disable or remove public access to these websites within India.

Recent Judicial and Centre’s Interventions

• To refresh the memory, last year in March 2024, the Ministry of I&B blocked 18 OTT Platforms for Obscene and Vulgar Content. 
• In April 2025, the Apex Court of India heard a petition on the prohibition of streaming of sexually explicit content on over-the-top (OTT) and social media platforms. In response to the petition, the Apex court stated, ‘It's not our domain, the centre has to take action and highlighted the need for executive action in the matter. The apex court has also issued notice to the Centre, OTT platforms, as well as social media platforms in response to a petition seeking a ban on sexually explicit content. (Uday Mahurkar & Ors. v. Union of India & Ors. [WP(C) 313/2025])
• The following recent blocking order dated 23rd July 2025 by the Ministry of I&B is a welcome and commendable step that reflects the government’s firm stance against illicit content on OTT platforms. Kangana Ranaut, Actress and politician, while speaking to a news agency, has appreciated the government's move to ban OTT platforms such as Ullu, ALTT, and Desiflix for showing soft porn content.

Conclusion

The centre’s intervention sends a clear message that OTT platforms cannot remain exempt from accountability. The move is a response to the growing concern of harms caused by unregulated digital content and non-compliances by the platforms, particularly in relation to illicit material, and broader violations of decency laws in India. However, the enforcement must now go beyond issuing orders and require a robust measurable compliance framework for OTT platforms. 

In today’s fast-paced era, when subscription-based content platforms place vast libraries at users' fingertips, the government's action is necessary and proportionate, marking a decisive step toward safer digital and healthy regulated environments.

References

• https://www.newsonair.gov.in/govt-bans-25-ott-websites-apps-over-vulgar-and-pornographic-content/
• https://timesofindia.indiatimes.com/technology/tech-news/big-shots-ullu-altt-desiflix-mojflix-and-20-other-ott-apps-banned-what-governments-ban-order-says/articleshow/122918803.cms
• https://www.ndtv.com/india-news/centre-bans-ott-platforms-ullu-altt-desiflix-for-obscene-content-8947100
• https://foxmandal.in/News/sc-takes-note-of-obscenity-plea-issues-notice-to-ott-platforms/
• https://www.morungexpress.com/kangana-ranaut-calls-banning-ott-platforms-for-soft-porn-content-a-much-appreciated-move
• https://www.livemint.com/news/india/do-something-supreme-court-to-centre-ott-platforms-on-obscene-content-pil-netflix-amazon-prime-ullu-altt-x-facebook-11745823594972.html

‍

Introduction

In the face of escalating cybercrimes in India, criminals are adopting increasingly inventive methods to deceive victims. Imagine opening your phone to the notification of an incoming message from a stranger with a friendly introduction - a beginning that appears harmless, but is the beginning of an awful financial nightmare. "Pig Butchering '' scam—an increasingly sophisticated form of deception that's gaining more widespread popularity. Unlike any other scams, this one plays a long game, spinning a web of trust before it strikes. It's a modern-day financial thriller happening in the real world, with real victims. "pig butchering" scam, involves building trust through fake profiles and manipulating victims emotionally to extort money. The scale of such scams has raised concerns, emphasising the need for awareness and vigilance in the face of evolving cyber threats.

How does 'Pig Butchering' Scam Work? 

At its core, the scam starts innocuously, often with a stranger reaching out via text, social media, or apps like WhatsApp or WeChat. The scammer, hiding behind a well-crafted and realistic online persona, seeks to forge a connection. This could be under the pretence of friendship or romance, employing fake photos and stories to seem authentic. Gradually, the scammer builds a rapport, engaging in personal and often non-financial conversations. They may portray themselves as a widow, single parent, or even a military member to evoke empathy and trust. Over time, this connection pivots to investment opportunities, with the scammer presenting lucrative tips or suggestions in stocks or cryptocurrencies. Initially, modest investments are encouraged, and falsified returns are shown to lure in larger sums. Often, the scammer claims affiliation with a profitable financial institution or success in cryptocurrency trading. They direct victims to specific, usually fraudulent, trading platforms under their control. The scam reaches its peak when significant investments are made, only for the scammer to manipulate the situation, block access to the trading platform, or vanish, leaving the victim with substantial losses. 

Real-Life Examples and Global Reach

These scams are not confined to one region. In India, for instance, scammers use emotional manipulation, often starting with a WhatsApp message from an unknown, attractive individual. They pose as professionals offering part-time jobs, leading victims through tasks that escalate in investment and complexity. These usually culminate in cryptocurrency investments, with victims unable to withdraw their funds, the money often traced to accounts in Dubai. 

In the West, several cases highlight the scam's emotional and financial toll: A Michigan woman was lured by an online boyfriend claiming to make money from gold trading. She invested through a fake brokerage, losing money while being emotionally entangled. A Canadian man named Sajid Ikram lost nearly $400,000 in a similar scam, initially misled by a small successful withdrawal. In California, a man lost $440,000, succumbing to pressure to invest more, including retirement savings and borrowed money. A Maryland victim faced continuous demands from scammers, losing almost $1.4 million in hopes of recovering previous losses. A notable case involved US authorities seizing about $9 million in cryptocurrency linked to a global pig butchering scam, showcasing its extensive reach. 

Safeguarding Against Such Scams 

Vigilance is crucial to prevent falling victim to these scams. Be skeptical of unsolicited contacts and wary of investment advice from strangers. Conduct thorough research before any financial engagement, particularly on unfamiliar platforms. Indian Cyber Crime Coordination Center warns of red flags like sudden large virtual currency transactions, interest in high-return investments mentioned by new online contacts, and atypical customer behaviour. 

Victims should report incidents to various Indian and foreign websites and the Securities Exchange Commission. Financial institutions are advised to report suspicious activities related to these scams. In essence, the pig butchering scam is a cunning blend of emotional manipulation and financial fraud. Staying informed and cautious is key to avoiding these sophisticated traps.

Conclusion

The Pig Butchering Scams are one of the many new breeds of emerging cyber scams that have become a bone of contention for cyber security organisations. It is imperative for netizens to stay vigilant and well-informed about the dynamics of cyberspace and emerging cyber crimes. 

References 

1. https://www.sentinelassam.com/more-news/national-news/from-impersonating-cbi-officers-to-pig-butchering-cyber-criminals-get-creative
2. https://hiindia.com/from-impersonating-cbi-officers-to-pig-butchering-cyber-criminals-get-creative/

‍

Introduction
‍

Agentic AI systems are autonomous systems that can plan, make decisions, and take actions by interacting with external tools and environments. But they shift the nature of risk by blurring the lines among input, decision, and execution. A conventional model generates an output and stops. An agent takes input, makes plans, invokes tools, updates its state and repeats the cycle. This creates a system where decisions are continuously revised through interaction with external tools and environments, rather than being fixed at the point of input.

This means the attack surface expands in size and becomes more dynamic. Instead of remaining confined to components as in traditional computational systems, they spread in layers and can continue to grow through time. To understand this shift, the system can be analysed through functional layers such as inputs, memory, reasoning, and execution, while recognising that risk does not remain isolated within these layers but emerges through their interaction.

‍

‍

Agentic AI Attack Surface

‍

A layered view of how risks emerge across input, memory, reasoning, execution, and system integration, including feedback loops and cross-system dependencies that amplify vulnerabilities.
‍

Input Layer: Where Untrusted Data Becomes Control
‍

The entry point of an agent is no longer one prompt. The documents, APIs, files, system logs and the outputs of other agents can now be considered input. This diversity is significant due to the fact that every source of input carries its own trust assumptions, and in the majority of cases, they are weak.

The most obvious threat is prompt injection, where inputs are treated as instructions rather than data. Since inputs are treated as instructions, a virus, a malicious webpage, or a document can contain instructions that override system goals without necessarily being detected as something harmful.

Indirect prompt injection extends this risk beyond direct user interaction. Instead of targeting the interface, attackers compromise the retrieval process by embedding malicious instructions within external data sources. When the agent retrieves and processes the data, it treats the embedded content as legitimate input. As a result, the attack is executed through normal reasoning processes, allowing the system to act on untrusted data without recognising the manipulation.

Data poisoning also occurs at runtime. In contrast to classical poisoning (where training data is manipulated), runtime poisoning distorts the agent’s perception of its environment as it runs. This can change decisions without causing apparent failures.

Obfuscation introduces another indirect attacker vector. Encoded instructions or complicated forms may bypass human review but remain readable to the model. This creates asymmetry whereby the system knows more about the attack than those operating it. Once compromised at this layer, the agent implements compromised instructions which affect downstream operations.
‍

Context and Memory: Persistence of Influence
‍

Agentic systems depend on memory to operate efficiently. They often retain context across sessions and frequently store information between sessions.

This introduces a different type of risk: persistence. Through memory poisoning, attackers can insert false or adversarial information into sorted context, which then influences future decisions. Unlike prompt injection, which is often limited to a single interaction, this effect carries forward. Over time, the agent begins to operate on a distorted internal state, shaping decisions in ways that may not be immediately visible.

Another issue is cross-session leakage. Information in a particular context may be replayed in a different context when memory is being shared or there is insufficient memory separation. This is specifically dangerous in those systems that combine retrieval and long-term storage. The context management in itself becomes a weakness. Agents are required to make decisions on what to retain and what to discard. This is susceptible to attackers who can flood the context or manipulate what is still visible and indirectly affect reasoning.

The underlying problem is structural. Memory turns data into a state. Once state is corrupted, the system cannot easily distinguish valid knowledge from adversarial influence.

The issue is structural. Memory converts temporary data into a persistent state. Once this state is weakened, the system cannot reliably separate valid information from adversarial influence, making recovery significantly more difficult.
‍

Reasoning and Planning: Manipulating Intent Without Breaking Logic
‍

The reasoning layer is where agentic AI stands apart from traditional systems. The model no longer reacts to inputs alone. It actively breaks down objectives, analyses alternatives, and ranks actions.

At the reasoning stage, the nature of risk shifts. The concern is no longer limited to injecting instructions, but to influencing how decisions are made. One example is goal manipulation, where the agent subtly reinterprets its objective and produces outcomes that are technically correct but strategically harmful. Reasoning hijacking operates within intermediate steps, altering how constraints are evaluated or how trade-offs are prioritised. The system may remain internally consistent, which makes such deviations difficult to detect.

Tool selection becomes a critical control point. Agents decide which tools to use and when, so influencing these choices can redirect execution without directly accessing the tools themselves. Hallucinations also take on a different role here. In static systems, they remain errors. In agentic systems, they can trigger actions. A perceived need or incorrect judgement can translate into real-world consequences.

This layer introduces probabilistic failure. The system is not fully weakened, but it is nudged towards decisions that appear reasonable yet are incorrect. The risk lies in how those decisions are justified.

‍
‍Tool and Execution: When Decisions Gain Reach
‍

Once an agent begins interacting with tools, its behaviour extends beyond the model into external systems. APIs, databases, and services become part of the execution path.

One key risk is the use of unauthorised tools. When agents operate with broad permissions, any manipulation of the upstream can be converted into real-world actions. This makes access control a central security concern. Command injection also takes a different form here. The agent generates commands based on its reasoning, so if that reasoning is compromised, the resulting actions may still appear valid despite being harmful.

External tool outputs introduce another risk. If these systems return corrupted or misleading data, the agent may accept it without verification and incorporate it into its decisions. It is also becoming increasingly reliant on third-part tools and plugins adds to this exposure. If these components are compromised, they can affect behaviour without directly attacking the core system, creating a supply-side risk.

At this stage, the agent effectively operates as an insider. It holds legitimate credentials and interacts with systems in expected ways, making misuse harder to identify.
‍

Application and Integration: System-Level Exposure
‍

Agentic systems rarely operate in isolation. They are embedded in larger environments, interacting with identity systems, business logic, and operational workflows.

Access control becomes a major vulnerability. Agents tend to operate across multiple systems with various permission models, creating irregularities that can be exploited. Risks also arise from identity and delegation. In case an agent is operating on behalf of a user, then any vulnerabilities in authentication or session management can allow attackers to assume that authority.

Workflow execution amplifies these risks. Agents can initiate multi-step processes such as transactions, updates, or approvals. Manipulating a single step can change the result of the entire workflow. As integrations increase, so do the number of interaction points, making cumulative risk harder to track.

At this layer, failures are not isolated. They propagate into business operations, making consequences harder to contain.
‍

Output and Action: Where Failures Become Visible
‍

The output layer is where failures become visible, though they rarely originate there.

Data leakage has been a key concern. Agents may disclose information they are allowed to access, especially when tasks boundaries are not clearly defined. Misinformation and unsafe outputs are also important, particularly when outputs directly influence actions or decisions.

Generated code and commands introduce execution risk. If outputs are used without validation, errors or manipulations can have system-level effects. The shift towards autonomous action increases this risk, as small upstream deviations can lead to significant consequences without human intervention. This layer reflects symptoms rather than root causes. Addressing it alone does not reduce the underlying risk.
‍

Beyond Layers: The Missing Dimension
‍

A layered view helps, but it does not capture the full picture. Agentic systems are defined by continuous interaction across layers.

The key missing dimension is the runtime loop. Inputs shape reasoning, reasoning drives action, and actions feed back into both reasoning and memory. These cycles create feedback loops, where small manipulations may escalate over time. This also reduces observability. With multiple interacting components, it becomes difficult to trace cause and effect or identify where failures originate.

Supply chain dependencies add another layer of risk. Models, datasets, APIs, and plugins each introduce their own points of failure. A compromise at any of these points can propagate across the system. The attack surface also includes governance. Weak supervision, unclear responsibility, or excessive autonomy increase overall risk. Human control is not external to the system; it is part of its security.
‍

Conclusion: Structuring the Attack Surface
‍

Agentic AI expands the attack surface beyond traditional systems. It is both recursive and stateful. Risk does not just accumulate across layers; it moves and changes as the system operates.

Any useful representation must go beyond a linear stack. It should capture feedback loops, persistent state, and cross-layer dependencies that characterise the way these systems actually behave. The system is not a pipeline but a cycle. That is where both its capability and its risk emerge.

‍