India is facing a shortage of cybersecurity specialists in emerging areas such as cloud, AI, operational technology and IoT security, even as companies deploy AI systems and prepare for a new generation of machine-speed cyber threats.
The country has around 300,000 cybersecurity professionals, but nearly 19% change employers every year, resulting in the same pool of specialists moving between companies instead of expanding the talent base. Around 39,000 cybersecurity positions remain open despite an annual addition of 40,000-60,000 professionals, according to Careernet's India Cybersecurity Talent Outlook 2026.
The report also said that demand is highest in domains with the smallest talent pools. IoT and connected devices security recorded a demand ratio of 237% despite having only 4,612 professionals, while blockchain and Web3 security reported a demand ratio of 230% with a workforce of 1,736 specialists.
Cloud-native and container security recorded the highest workforce churn at 26.67%, followed by AI and machine learning security at 25.97%, reflecting competition for a limited pool of specialists.
"Cybersecurity hiring has become one of the few areas where companies are increasingly unwilling to compromise on quality, even under hiring pressure," said Neelabh Shukla, chief business officer at Careernet.
"In cybersecurity, especially across cloud, OT, infrastructure, and AI-led environments, the cost of a capability gap is far more immediate," he said.
The shortage comes as organisations adopt agentic AI systems. Research by Veeam Software showed that 93% of Indian organisations are already using or piloting AI agents and 44% have deployed them in production. However, 42% of executives identified risks arising from autonomous agent behaviour and decision chaining as a key factor slowing AI adoption.
The pressure on cyber teams has increased following the emergence of Anthropic's Claude Mythos Preview, a restricted AI model that was evaluated by the AI Security Institute and found to represent a step up in cyber capabilities over earlier frontier models.
Anthropic has limited access to the model through Project Glasswing, a programme that gives selected organisations access to Claude Mythos Preview to identify and fix software vulnerabilities. The company expanded the initiative this month to around 150 organisations across more than 15 countries.
Consulting firm Bain & Company said the arrival of Claude Mythos, along with similar capabilities in models such as OpenAI's GPT-5.4-Cyber and Google's Big Sleep, marked the beginning of the era of AI-enabled attacks and that organisations could not afford to remain reactive.
Industry analysts have said the emergence of such systems could shift cybersecurity from a manpower-led approach to one where companies increasingly depend on advanced AI tools alongside human specialists. But they have also warned that organisations with weak cyber foundations could struggle to respond as attacks become faster and more autonomous.
