India now accounts for nearly 20 percent of the world’s digital data, making cyber threats a growing concern for both the government and law enforcement agencies. Criminals are increasingly exploiting popular online platforms to target unsuspecting users. A recent case involving Meta, the parent company of Facebook and Instagram, brought the issue into sharp focus after child abuse content and advertisements surfaced on its platforms. The government swiftly directed the company to remove the content, sending a strong warning to social media platforms. But such incidents represent only a small part of a much larger challenge.
The rapid rise of AI has added a new layer of complexity. AI is making cyberattacks faster, cheaper and more sophisticated. Recognising this, the government recently said it is considering a separate regulatory framework for AI as the technology evolves and creates new risks. India has built one of the world’s largest digital ecosystems through Aadhaar, UPI, ONDC and other public digital platforms. While these have improved governance and financial inclusion, they have also expanded the country’s digital attack surface. AIpowered cyberattacks are becoming increasingly difficult to detect and prevent, posing risks to sectors such as banking, telecommunications, defence, power and healthcare
The threats are evolving rapidly. Cybercriminals are using AI to create convincing phishing emails, deepfake videos, fake identities and sophisticated malware. AI can also help hackers identify software vulnerabilities much faster than before, making attacks more frequent and harder to stop. To address these risks, the government has already launched several initiatives, including the IndiaAI Mission, strengthening the Indian Computer Emergency Response Team (CERT-In), adopting a “Zero Trust” security approach, and mandating faster response timelines for known vulnerabilities. India is also investing in indigenous AI capabilities. The Ministry of Electronics and Information Technology has supported the development of home-grown large language models, multimodal AI systems and open-source foundation models to reduce dependence on foreign technologies.
However, these efforts remain fragmented, with multiple agencies working independently. This necessitates a dedicated mechanism to anticipate AI-related cyber risks, coordinate responses across agencies, and ensure quicker access to emerging technologies. Strengthening the Indian Cybercrime Coordination Centre (I4C) would also improve coordination between the Centre and states in tackling cyber threats. The next phase of India’s AI strategy must focus not only on developing advanced technologies but also on creating institutions capable of defending them against increasingly sophisticated cyber threats