India’s 2025 Cybersecurity Shift: Bolstering Defence Through AI - orfonline.org

Home Research Essay Series Expert Speak India’s 2025 Cybersecurity Shift: Bolstering Defence Through AI AUTHOR : PRANOY JAINENDRAN Expert Speak Digital Frontiers Published on Apr 29, 2026 India’s 2025 cybersecurity shift integrated AI, policy reform, and predictive systems—marking a transition from reactive defence to anticipatory resilience In 2025, India underwent a significant transformation in its cybersecurity architecture, driven by the rapid integration of artificial intelligence (AI) into national defence mechanisms against cybercrime. As digital ecosystems expanded across governance, finance, healthcare, and education, cyber threats also grew in scale and sophistication. Traditional cybersecurity systems were largely reactive and signature-based, and proved increasingly inadequate against evolving attack vectors such as ransomware, advanced persistent threats (APTs), and AI-enabled phishing campaigns. India’s cybersecurity strategy underwent a structural shift toward proactive, intelligence-driven defence systems. This transition was anchored in three major developments: the widespread deployment of AI-powered threat detection systems, significant policy and institutional reforms, and the expansion of predictive analytics for anticipatory threat mitigation. Against this backdrop, India’s cybersecurity strategy underwent a structural shift toward proactive, intelligence-driven defence systems. This transition was anchored in three major developments: the widespread deployment of AI-powered threat detection systems, significant policy and institutional reforms, and the expansion of predictive analytics for anticipatory threat mitigation. Together, these pillars signalled a move from reactive containment to proactive resilience, positioning India as an emerging leader in AI-driven cybersecurity. This transformation was evident during Operation Sindoor in May 2025, when AI-enabled tools, enhanced threat monitoring, and coordinated national-level responses were deployed to counter a surge in cross-sector attacks and reinforce India’s cyber posture amid heightened conflict. From Reactive Defence in Threat Detection to Real-Time Intelligence One of the most significant advancements in 2025 was the maturation of AI-powered threat detection systems. Conventional cybersecurity tools, which rely on pre-identified threat signatures, long struggled to identify novel or “zero-day” attacks. This resulted in an estimated 30 percent of emerging threats remaining undetected. AI systems addressed this gap by leveraging machine learning (ML) algorithms capable of analysing vast volumes of data in real time and of identifying anomalous patterns indicative of malicious activity. A key illustration of this transformation came from Seqrite Labs, whose telemetry data from over 8 million endpoints recorded approximately 265.52 million detections in 2025, averaging over 500 detections per minute. Behaviour-based technologies such as Next-Generation Antivirus systems and anti-ransomware engines played a central role, identifying more than 34 million anomalous incidents, including fileless malware intrusions and unauthorised encryption attempts. Unlike traditional systems, AI-driven tools rely on behavioural analytics rather than static signatures. By correlating real-time data across endpoints, networks, and cloud environments, these systems can identify deviations from normal patterns, enabling the detection of sophisticated threats such as APTs and zero-day exploits. Innovations such as AI-driven threat intelligence platforms and advanced malware analysis systems enhanced cybersecurity capabilities by providing predictive insights and enabling automated response mechanisms across hybrid infrastructures. AI systems addressed this gap by leveraging machine learning (ML) algorithms capable of analysing vast volumes of data in real time and of identifying anomalous patterns indicative of malicious activity. Notably, systems hosted within an organisation’s physical infrastructure and internal networks accounted for 91 percent of detected threats, highlighting the persistent vulnerabilities associated with legacy systems. This underscores the importance of integrating AI tools into older infrastructures to bridge security gaps. Sector-specific deployments also gained prominence, particularly in education, healthcare, and manufacturing, which collectively emerged as high-risk domains. Geographically, cyber threats were concentrated in key economic hubs such as Maharashtra, Gujarat, and Delhi, which together accounted for nearly half of all detections. The majority of these threats were driven by Trojans and infectors, reflecting attackers’ continued reliance on scalable and adaptable malware frameworks. The integration of AI into threat detection has thus fundamentally altered India’s cybersecurity posture, enabling real-time, adaptive responses to increasingly complex threats. Building Towards an AI-Enabled Cybersecurity Ecosystem Technological advancements in cybersecurity were complemented by substantial policy and institutional measures in 2025. Workforce development received significant attention during this period. Recognising the acute shortage of cybersecurity professionals adept in AI-enabled security, the government implemented initiatives to strengthen national capacity. The National Cybersecurity Exercise 2025, hosted by the Ministry of Electronics and Information Technology (MeitY) in collaboration with CERT-In and industry partners, served as a large-scale, hands-on capacity-building platform, focusing on AI-driven attack scenarios, deepfake-based manipulation, and AI-enhanced incident-response procedures, thereby reinforcing the link between government-led exercises and the practical upskilling of India’s cyber workforce. Public-private partnerships emerged as a cornerstone of this ecosystem. A notable example is the collaboration between Microsoft and the Maharashtra government, which led to the development of the MahaCrimeOS AI platform integrated with the MARVEL system. This initiative significantly enhanced the efficiency of cybercrime investigations by automating evidence analysis, standardising investigative workflows, and enabling faster case resolution. Nationwide, such innovations helped address millions of reported cyber incidents. These innovations were further catalysed through initiatives such as the IndiaAI CyberGuard Hackathon, which encouraged the development of AI models for fraud detection and cybercrime prevention. These models, particularly those leveraging natural language processing, improved the detection of phishing scams and financial fraud on platforms such as the National Cybercrime Reporting Portal. These institutional and policy measures were aligned with broader regulatory frameworks, including the Digital Personal Data Protection Act, which emphasised data security and accountability. Together, they fostered a cohesive and proactive cybersecurity ecosystem capable of addressing both current and emerging threats. Anticipating Threats Before They Emerge While real-time detection remains critical, the most significant development in 2025 was the growing integration of predictive analytics into cybersecurity frameworks, enabling more proactive threat anticipation and response. Moving beyond reactive and even real-time approaches, predictive systems aim to anticipate threats before they materialise, enabling pre-emptive interventions. These systems leverage advanced AI models such as long short-term memory (LSTM) networks and graph neural networks to analyse historical and real-time data. By identifying patterns across longitudinal datasets, they can forecast potential attack vectors, map threat actor behaviour, and predict vulnerabilities in complex digital ecosystems. The impact of predictive analytics was particularly evident in high-risk regions such as Maharashtra and Gujarat, which together recorded over 60 million detections. The impact of predictive analytics was particularly evident in high-risk regions such as Maharashtra and Gujarat, which together recorded over 60 million detections. During peak ransomware periods, such as the January 2025 surge, predictive patching mechanisms played a crucial role in preventing widespread disruptions. By identifying vulnerabilities in advance, these systems enabled timely updates and mitigations, preserving operational continuity in critical sectors, including manufacturing. The economic implications of such interventions are significant. With cybercrime losses in India projected to reach INR 20,000 crore annually, predictive cybersecurity measures played a crucial role in mitigating financial damage by preventing large-scale ransomware incidents. In the education sector, which accounted for a substantial proportion of cyber threats, predictive models were employed to identify and neutralise malware propagation in open networks. This approach not only safeguards sensitive research data but also helps ensure uninterrupted academic activities for millions of students. Furthermore, predictive analytics was shown to secure supply chains and identity infrastructures, two of the most vulnerable components of modern digital economies. By correlating seemingly unrelated data points, these systems can detect multi-vector attacks that span across organisations and geographies. In essence, predictive analytics represents the next frontier in cybersecurity, enabling a shift from defence to anticipation. Conclusion India’s advancements in AI-driven cybersecurity in 2025 reflected a comprehensive and strategic transformation of its digital defence ecosystem. The integration of AI-powered threat detection, robust policy frameworks, and predictive analytics has enabled a shift from reactive responses to proactive and anticipatory security mechanisms. India’s advancements in AI-driven cybersecurity in 2025 reflected a comprehensive and strategic transformation of its digital defence ecosystem. This transformation is exemplified by incidents such as Operation Sindoor, where AI-enabled systems successfully thwarted coordinated cyberattacks on critical infrastructure. Similarly, in the banking and financial services sector, predictive analytics helped prevent large-scale supply chain breaches, safeguard economic stability and public trust. Educational institutions, once frequent targets of cyberattacks, have also benefited from AI-driven defences, achieving greater resilience against malware and data breaches. These successes underscore the importance of a unified approach that combines technological innovation with institutional coordination. Looking ahead, the continued evolution of cyber threats, particularly those leveraging AI, will necessitate sustained investment in research, workforce development, and international collaboration. As cyber warfare becomes increasingly intertwined with geopolitical dynamics, the ability to anticipate and neutralise threats will be critical to maintaining national security and digital sovereignty. Collectively, India’s progress in 2025 positioned it as a global leader in AI-driven cybersecurity, offering a model for other nations seeking to navigate the complexities of the digital age. Pranoy Jainendran is a Research Assistant with the Centre for Security, Strategy and Technology at the Observer Research Foundation. Artificial Intelligence India AI phishing detection AI-driven cybersecurity India APT cybersecurity behavioural analytics cybersecurity CERT-In MeitY initiatives cyber resilience India Digital Personal Data Protection Act machine learning threat detection MahaCrimeOS MARVEL platform Operation Sindoor cyber response predictive analytics cyber defence ransomware mitigation real-time threat intelligence zero-day attack detection The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews. PREV NEXT Author Pranoy Jainendran Pranoy Jainendran is a Research Assistant with ORF’s Centre for Security, Strategy & Technology. His work examines how technology shapes State institutions, national and international affairs, ... Read More + Related Search Terms AI Phishing Detection AI-Driven Cybersecurity India APT Cybersecurity Behavioural Analytics Cybersecurity CERT-In MeitY Initiatives Cyber Resilience India Digital Personal Data Protection Act Machine Learning Threat Detection MahaCrimeOS MARVEL Platform Operation Sindoor Cyber Response Predictive Analytics Cyber Defence Ransomware Mitigation Real-Time Threat Intelligence Zero-Day Attack Detection Publications Disciplined Expansion: Decoding China’s 2026 Defence Budget China Military Apr 29, 2026 Energy News Monitor | Volume XXII, Issue 38 Energy | Energy Security | Energy Efficiency Apr 29, 2026