May 2026

Intelligent Security - Rethinking Cybersecurity in India’s AI Moment

India’s AI journey is accelerating, both in scale and capability. What began as a tool to improve efficiency has evolved into something far more complex. As artificial intelligence becomes more sophisticated, faster and increasingly autonomous, it is also exposing gaps in our preparedness, most recently in cybersecurity.

Section image

That concern was underscored when Nirmala Sitharaman sounded a note of caution during a high-level meeting with bank chiefs. She flagged the emerging risks posed by advanced AI systems, including models such as Anthropic Mythos AI, and urged lenders to take “all necessary pre-emptive measures” to secure IT infrastructure, protect customer data and safeguard financial assets.

The government’s advisory reflects a deeper reality of cyber threats evolving at a pace that traditional safeguards are struggling to match. The playbook is changing, and so are the players.

So what does security look like in a world where intelligence itself can be weaponised?

A Different Kind of Digital Risk

For years, cybersecurity has largely been about building firewalls, encryption layers and constant system monitoring. But AI doesn’t just test these defences. It models them, learns their patterns and identifies the most efficient path around them.

Modern AI systems can ingest and analyse vast networks, detect non-obvious vulnerabilities and simulate attack paths in near real time. The shift here is not only about speed, but about precision and adaptability at scale. The risk is no longer confined to human adversaries using better tools; it is about systems that can iteratively refine attack strategies with minimal oversight.

What makes this evolution particularly concerning is its low visibility. Early-stage activity may not trigger conventional alerts. Instead, systems are quietly mapped, behaviours profiled, and weaknesses prioritised long before any overt breach occurs.

Section image

When Systems Begin to Think

The debate around AI and cybersecurity is no longer confined to code, tools or technical fixes. It is increasingly about control and accountability. At what point does a tool stop being just a tool?

When frontier AI systems can autonomously identify weaknesses and suggest ways to exploit them, it raises questions about how these outcomes are being generated with limited human direction. It does not make them independent actors, since intent still lies with human users, but execution is becoming faster, broader and less transparent.

This is where the lines begin to blur. If intelligence can act, adapt and improve with minimal human intervention, accountability becomes harder to define. It is this grey zone that policymakers are now stepping into.

Critical Sectors, Real Vulnerabilities

Nowhere is this concern more immediate than in the financial sector. India’s banking ecosystem, with its mix of legacy infrastructure and large-scale digital adoption, presents a broad and complex attack surface.

The government’s call for stronger coordination and real-time threat sharing among financial institutions reflects an urgent need: cybersecurity can no longer operate in silos. A vulnerability in one system could quickly cascade across others, especially when AI tools can identify patterns across networks.

But the issue extends beyond banking. As governance, healthcare, and public services become more digitised, the potential points of entry multiply. The very systems designed to improve access and efficiency could also become points of risk if not secured with equal sophistication.

Beyond Defence, Rethinking Preparedness

Advisories from CERT-In emphasise continuous monitoring, rapid patching, anomaly detection and the assumption that vulnerabilities can be exploited within hours of discovery. In other words, preparedness must shift from static protection to active anticipation.

This also requires structural change to encourage closer coordination between institutions, faster information sharing, and investment in systems that can detect and respond to threats in near real time. Just as importantly, it requires recognising that cybersecurity is no longer a back-end IT issue. It sits at the intersection of financial stability, operational continuity and public trust.

At this stage, India may also need to consider a dedicated AI Cybersecurity Project in a public–private partnership (PPP) framework, designed to bring together sovereign objectives and private-sector innovation. Such a model could help pool advanced technical talent, research capacity and real-world threat intelligence from industry players, while ensuring commensurate public funding to build resilient, sovereign AI cybersecurity capabilities at scale.

India’s position is a delicate one. AI offers clear advantages in expanding digital access, improving service delivery and driving economic growth. At the same time, the same capabilities that enable progress can also be repurposed to exploit systemic weaknesses.

The real test is whether institutions and frameworks can evolve at a comparable pace, before the gap between capability and control becomes harder to close.




PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
These cookies help us better understand how visitors interact with our website and help us discover errors.
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save