AI: The Attacker, The Defender, The New Cyber Battleground

In the first half of 2025, India was one of the world’s most targeted nations for cyberattacks. A recent Acronis report shows India led in overall malware detections, with AI-powered phishing being a major driver. Enforcement of the NIS 2 Directive may be why attackers increasingly shifted focus from the European Union to emerging markets like India, Brazil, and Namibia, where cybersecurity maturity remains lower.

A joint Fortinet-IDC survey revealed that 72% of Indian organisations have faced AI-augmented attacks in the past year, yet only 14% reported confidence in their ability to defend against them. Alarmingly, an Accenture report paints a bleaker picture, only 8% of Indian organisations are ready to counter emerging threats.

Traditional attackers are now weaponising AI. GenAI models create realistic phishing emails, polymorphic malware avoids signature detection, deepfakes impersonate C-suite executives, and command-and-control frameworks automate lateral propagation.

Simultaneously, defenders are racing to adopt AI as a shield through anomaly detection, automated response, and threat intelligence at scale. But this dual role of AI as both weapon and defence reshapes the security landscape into a high-stakes AI arms race.

For Indian enterprises with rapid digital adoption, complex supply chains, and tightening regulations, AI's impact on security is especially significant.

AI as a Weapon

Modern attackers can use AI to automate phishing and spear phishing campaigns. The technology generates personalised messages, dynamic email variants, and mutated content that easily slips past spam filters.

Deepfake and voice cloning technologies add another layer of risk, enabling criminals to impersonate executives or trusted vendors in audio or video formats. As a result, social engineering attacks are expected to escalate in the coming years.

AI is also powering more sophisticated malware and network intrusions. Malware that can change its code or behaviour on the fly, known as polymorphic malware, is adept at evading traditional security measures. AI-powered tools are being used to map out networks, identify valuable targets, and gain access to sensitive information through tactics like living off the land techniques. This helps attackers stay one step ahead of traditional security systems, including signature-based defences, static firewalls, and reactive security protocols, and traditional security models are struggling to keep up.

AI as a Shield 

On the defensive side, AI is reshaping how organisations detect and respond to threats. Machine learning (ML) models establish baselines of normal user and system behaviour. With these baselines, AI security tools can flag anomalies in traffic and access patterns. Once suspicious activity is identified, automated incident response systems can step in immediately and isolate compromised machines, revoke credentials, and block network paths. AI also powers threat intelligence by aggregating signals from known attacks, dark-web chatter, and contextual risk scoring to predict where attackers are likely to strike.

To build trust in these systems, explainable AI (XAI) provides transparency, showing users why a decision was made. For example, an AI security tool will highlight that a login was blocked due to an 87% probability of anomaly. AI tools are also increasingly tailored for cloud environments, monitoring logs, container activity, and hybrid traffic across both on-premises and cloud infrastructure. In this way, defensive AI extends beyond mere detection, closing the reaction gap with rapid containment and adaptive decision-making.

Challenges and Gaps for Indian Enterprises

While AI-driven defence is the way ahead, Indian enterprises face significant hurdles in its adoption. When AI adoption outpaces security maturity, challenges like data quality and bias, legacy systems, and integration complexity hinder deployment. Meanwhile, explainability and compliance needs require traceable AI decisions. Finally, shortages in AI talent and gaps in model governance make it difficult for India's enterprises to leverage AI and stay ahead of threats.

Practical guidance: Embedding AI-Driven Security in Indian Enterprises

Here's a practical roadmap for Indian enterprises to utilise AI in detecting, preventing, and responding to cyberthreats.

Phase 1: Foundation

Indian enterprises should start by building a strong data and telemetry base, standardising logs, user activity, network flows, and application traces in consistent formats like JSON. Threat modelling for AI risks helps identify high-risk use cases, while baseline and anomaly detection allow teams to test AI on narrow scopes and tune false positives.

Phase 2: Defensive AI tools

Organisations can combine layered detection and automation, using rule-based alerts with ML models. Integrating threat intelligence improves AI scoring, while XAI ensures transparency for audits and human oversight. Simulated attacks conducted by red teams and adversarial AI exercises help evaluate the resilience of security systems.

Phase 3: Scaling

Scaling AI defence requires continuous retraining and drift management to maintain model accuracy. Strong governance and model registries track versions for compliance and safe deployments. Cross-domain correlation helps spot threats across networks, devices, apps, and users, while adaptive response automatically isolates, rolls back, and fixes issues safely.

Phase 4: Ecosystem

Enterprises benefit from broader ecosystems, where companies in the same industry share anonymised threat data to improve security modelling. Trusted certifications show that a company's AI-driven security systems are strong and reliable, reassuring customers of their commitment to security. Public-private partnerships with CERT-In, Data Security Council of India, and government initiatives encourage secure AI adoption, especially in Make in India sectors.

The Future of Cyber Resilience

In India’s race toward digital sovereignty and global competitiveness, cyber resilience isn’t optional; it's mandatory. As this new frontline forms, AI is both the sword and the shield. And because the attackers are already writing the next generation of threats today, the real test is how widespread, responsive, and adaptive enterprise AI defences will become.

-By Sujatha S Iyer, Head of AI Security, ManageEngine (Zoho Corp.)

(Disclaimer: The views and opinions expressed in this guest article are solely those of the author and do not reflect the views of CyberMedia or its affiliates.)