Key Insights – AI Incident Database

01 / Evolution of Harm

How Harm Has Evolved (2021–2026)

AI misuse in India has not remained static. Four distinct phases are visible in the data, each characterised by new tools, new targets, and new scales of harm.

2021

Algorithmic Amplification & Communal Misinformation

Predominantly harmful content surfacing via recommendation algorithms — particularly communal misinformation spreading on WhatsApp chains. AI's role was largely amplification rather than generation: the content was often human-made, but AI-powered recommender systems accelerated its reach into previously unreached communities.

2022–23

Deepfakes Become the Dominant Tool

The widespread availability of consumer deepfake tools following the generative AI wave transformed the threat landscape. Deepfakes became the dominant mode of harm — targeting women (explicit content for blackmail), political figures (electoral disinformation), and celebrities (impersonation for financial fraud). Voice cloning fraud also emerged in this period, with several documented cases of elderly people defrauded by AI-generated calls mimicking relatives' voices.

2024

Sophisticated Social Engineering at Scale

Attacks grew significantly more sophisticated. "Digital arrests" emerged as a new fraud type: fraudsters impersonating CBI, customs, or narcotics officials via live video calls used AI-generated uniforms, backgrounds, and voice modulation to make the deception convincing. AI-generated official documents (FIRs, arrest warrants) were used to intimidate victims. Chatbot-based long-term social engineering — building false trust over weeks — appeared in cases of romance and investment fraud.

2025

Operation Sindoor & Real-Time Synthetic Media at Scale

Operation Sindoor (May 2025) marked a new threshold: a coordinated wave of AI-generated deepfakes tied to a live geopolitical conflict, deployed in real time. Synthetic video calls — where the AI interlocutor responds live — appeared for the first time in documented fraud cases. Cross-border AI disinformation, with suspected state-adjacent amplification, reached a scale that challenged existing takedown infrastructure.

2026

Governance Acceleration & Biometric Fraud Frontier

2026 saw India's most concentrated governance response: the Delhi Declaration (MANAV Framework), IndiaAI Mission state integrations, and the first dedicated state AI policies (Odisha, Tamil Nadu, Rajasthan). Simultaneously, AI-enabled biometric fraud entered a new phase — with fabricated Aadhaar fingerprints and facial morphing used to pass KYC checks, exposing systemic vulnerabilities in digital identity infrastructure. Northeastern states, which had been data-poor in prior years, now show documented AI harm across all eight states for the first time.

02 / Geographic Concentration

Where Incidents Are Concentrated

High-connectivity states dominate the top of the incident count — but no state is untouched. The concentration in urbanised, high-internet-penetration regions reflects both higher incidence and higher reporting rates. Rural and lower-connectivity states likely have significant under-reporting.

Haryana / Delhi NCR

Maharashtra

Gujarat

Uttar Pradesh

Karnataka

Tamil Nadu

Haryana/Delhi NCR continues to lead, reflecting its role as both a tech hub and a target for sophisticated digital fraud. Maharashtra's rise to 21 incidents — now firmly second — reflects new documented cases including celebrity deepfakes, AI voice fraud, and high-value digital arrest scams (including a ₹10.3 crore CBI-probed case). Uttar Pradesh enters the top five for the first time, driven by documented digital arrest scams and deepfake political content. Assam and Andhra Pradesh now have verified, sourced entries for the first time following parliamentary source research.

03 / Affected Populations

Who Gets Hurt the Most

Women — Specifically Gendered Harm

A substantial proportion of documented incidents involve harms specifically targeting women. Unlike financial fraud — where the goal is theft — the primary objective in gendered AI harm is reputational damage, coercion, or silencing. Key patterns:

Explicit deepfakes created to shame victims or extract money through blackmail (sextortion)
Political deepfakes targeting female candidates and elected officials to suppress participation
Morphed images circulated in professional networks to damage career prospects
AI-generated intimate content used as leverage in domestic abuse contexts

Critically, shame stops most victims from reporting. The social stigma attached to being the subject of explicit deepfakes — even when the victim is entirely blameless — means actual incidence is significantly higher than documented cases suggest.

Elderly & Digitally New Users

Rapid COVID-era digital onboarding brought millions of first-time internet users online — many of them elderly or from previously unconnected communities — without accompanying safety literacy. This population became prime targets for voice cloning fraud and digital arrest scams.

Elderly victims often believe the money is irretrievably gone and the system will not help — so they do not report
Rural victims may not know cyber police stations exist or how to access the national cybercrime helpline 1930
The shame of having been deceived creates an additional barrier to coming forward

04 / The Under-Reporting Problem

Why Our Numbers Are a Floor

Our database almost certainly represents a significant undercount. Sextortion victims do not report due to shame. Elderly fraud victims believe the system will not help. Rural victims face access barriers to reporting channels. Every number in this database is a floor — the real scale of AI-enabled harm in India is larger, possibly by an order of magnitude.

This is not unique to India: under-reporting is a documented feature of AI harm globally. What makes the Indian context distinct is the scale of the digitally new population combined with the absence of accessible, trusted, local-language reporting pathways. Building those pathways is as important as documenting incidents after the fact.

05 / Governance Comparison

India vs EU Governance Approach

India and the EU have taken fundamentally different approaches to AI governance. The comparison reveals both where India has moved quickly and where structural gaps remain.

India's Approach

■DPDPA covers data protection but does not classify AI by risk level

■MeitY guidelines use risk-proportionate language but leave "high-risk" undefined

■No equivalent of the EU prohibition on real-time public biometric surveillance

■Sectoral, adaptive approach — leverages existing IT Act and DPDPA

■Mostly reactive governance: policy follows documented incidents

■MANAV framework and Delhi Declaration (2026) signal proactive positioning

EU AI Act (2024)

■Four risk tiers with binding obligations at each level

■"Unacceptable risk" systems prohibited outright: social scoring, real-time biometric surveillance in public spaces

■High-risk systems require strict accuracy, transparency, and human oversight requirements

■Limited-risk systems must disclose when users are interacting with AI

■Minimal-risk systems: no mandatory requirements

■Independent national oversight bodies in each member state

India will need more structured, tier-based regulation if governance is to keep pace with high-risk AI deployments in consequential domains — particularly where systems make or influence decisions about employment, credit, criminal justice, or public safety.

06 / Guiding Values

Values That Should Guide the Response

Technical and legal solutions are necessary but insufficient. Five values should guide how India — government, platforms, civil society, and individuals — responds to AI harm:

🧠

Digital Literacy

Practical skills for evaluating digital content must be embedded in school curricula and community programmes. Accessible, local-language verification tools can reach rural populations before the next wave of sophisticated scams arrives.

🔍

Transparency

Mandatory labelling of AI-generated content should be standard across platforms. Fact-checking infrastructure on WhatsApp, Facebook, and YouTube must be funded and maintained. DPDPA explainability requirements need real enforcement teeth.

🔐

Consent & Privacy

Using someone's image or voice without consent should carry clear legal consequences. Civil remedies — not just criminal prosecution — are needed so that victims who cannot face police have a realistic pathway to accountability.

⚖️

Accountability

Accountability must run through every level: individuals who create harmful content, platforms that host and amplify it, and AI companies whose tools enable harm at scale. Clearer, non-negotiable accountability chains reduce the diffusion of responsibility.

🏥

Accessible Redress

Easier reporting mechanisms: a national portal, dedicated helplines with local-language support, and sustained investment in police capacity in smaller cities and rural districts. Justice delayed by inaccessibility is justice denied.

07 / India's Global Positioning

MANAV Framework & the Delhi Declaration

India's Prime Minister launched the MANAV framework at the AI Impact Summit held at Bharat Mandapam, New Delhi in February 2026 — positioning India as an active shaper of global AI governance rather than a rule-taker. The framework was subsequently signed as the "Delhi Declaration" by over 90 countries. MANAV stands for five foundational principles for responsible AI:

M Moral

A Accountable

N National Sovereignty

A Accessible

V Valid Systems

The Delhi Declaration marks a significant moment: India has moved from a largely reactive domestic posture to active participation in setting the global norms for AI governance. How this translates into binding domestic regulation will be the key test over the next legislative cycle.