India Turns to Artificial Intelligence to Counter Rising AI‑Powered Cyber Threats

In recent deliberations before the Union Cabinet, senior officials of the Ministry of Electronics and Information Technology asserted that the relentless proliferation of artificial‑intelligence‑augmented malware and deep‑fake phishing campaigns has rendered traditional signature‑based defences obsolete, thereby compelling the Republic to adopt a counter‑measure strategy wherein autonomous machine learning systems are deployed to detect, analyse, and neutralise hostile code before it can infiltrate critical infrastructure.

The Government, citing the 2024 National Cyber Security Strategy, has earmarked a budgetary allocation of approximately three hundred crore rupees for the establishment of a dedicated Artificial Intelligence Cyber Defence Centre under the aegis of the Indian Computer Emergency Response Team, a move intended to co‑ordinate intelligence sharing among public and private entities whilst imposing rigorous audit requirements on algorithmic transparency.

Prominent Indian technology conglomerates, notably Tata Consultancy Services, Infosys, and Wipro, have proclaimed collaborative initiatives whereby proprietary threat‑intelligence platforms will be fused with government‑run data lakes, thereby promising real‑time anomaly detection across banking, energy, and telecommunications sectors, though critics observe that contractual opacity and the paucity of independent validation raise substantive doubts regarding the efficacy of such public‑private symbiosis.

Nevertheless, the existing legislative scaffolding, chiefly the Information Technology (Intermediary Guidelines and Digital Media Ethics) Rules of 2023 and the forthcoming Personal Data Protection Bill, appear ill‑equipped to compel algorithmic accountability, as they lack explicit provisions for systematic bias audits, thereby leaving consumers vulnerable to inadvertent discrimination and eroding confidence in the purported neutrality of machine‑driven security interventions.

Amidst this milieu, the average Indian citizen, whose personal data routinely traverses unsecured corporate networks and whose financial accounts are increasingly integrated with cloud‑based payment gateways, must reconcile the contradictory promise of heightened cyber resilience with the palpable risk that opaque AI decision‑making may inadvertently curtail access to essential services, an anxiety amplified by recent reports of algorithmic false positives that have temporarily disabled banking apps for thousands of users across metropolitan hubs.

Given that the current statutory framework fails to stipulate mandatory transparency in the training datasets employed by state‑sanctioned cyber‑defence AI, does this lacuna not constitute a breach of the constitutional guarantee to equality before law by permitting unchecked algorithmic bias to influence the allocation of protective resources across different socioeconomic strata? When private vendors such as Tata Consultancy Services and Infosys are remunerated to integrate proprietary threat‑intelligence modules into a publicly funded AI hub without independent performance audits, does not this arrangement infringe upon the principles of fiscal prudence and public accountability enshrined in the Public Financial Management Act? If the algorithmic decisions of the newly created AI Cyber Defence Centre are capable of disabling banking applications on the pretext of anomaly detection, yet the prevailing consumer protection statutes lack explicit redress mechanisms for such AI‑induced service interruptions, should legislators not be compelled to amend the Consumer Protection (E‑Commerce) Rules to expressly encompass digital service denial caused by autonomous security systems?

Considering that the AI‑driven cyber‑defence procurement contracts are awarded through expedited tender processes that obscure cost breakdowns and performance criteria, does this not erode the principles of open market competition mandated by the Competition Act and thereby disadvantage small and medium enterprises seeking entry into the high‑technology security sector? If the government's reliance on autonomous AI systems for threat detection diminishes the demand for traditional cybersecurity analysts, thereby precipitating a structural shift in employment patterns within the technology labour market, ought the Ministry of Labour and Employment not to institute reskilling programmes tailored to the emergent competencies required for overseeing, auditing, and governing such algorithmic infrastructures? Given that the projected cost‑benefit analyses of the AI Cyber Defence Centre rely on speculative risk‑aversion models rather than empirically validated loss‑prevention data, should Parliament not demand a comprehensive audit of fiscal assumptions and enforce periodic public disclosure of the system's actual impact on national cyber‑incident rates?

Published: May 21, 2026

Published: May 21, 2026