In an era where digital security is as critical as physical infrastructure, and as India’s digital ambitions accelerate at an unprecedented pace, the question is no longer whether systems are connected — but whether they are secure. At the centre of this conversation is Prof Sandeep K Shukla, Director of IIIT Hyderabad, who is steering the Cyber MANTHAN Centre, inaugurated in September 2025, towards addressing some of the country’s most pressing cyber vulnerabilities. Envisioned as a premier hub for research in cybersecurity, forensics, and trusted infrastructure, the centre brings together cutting-edge innovation while building strategic collaborations — including with law enforcement agencies like the Telangana Police to develop ‘Vyuha’-driven, future-ready solutions. With a strong focus on critical infrastructure protection, AI-led security systems, and capacity building, the centre aims to bridge the gap between research, policy, and real-world cyber defence. In this exclusive interaction, he unpacks how the centre is working to create resilient, indigenous systems for a rapidly shifting threat landscape and more.
Excerpts
What specific gap in India’s cybersecurity ecosystem is the Cyber MANTHAN Centre aiming to fill?
India’s cybersecurity ecosystem has strengthened significantly through the efforts of institutions such as CERT-In, which handles cyber incident response, empanels auditors, and issues guidelines for organisations including MSMEs. It also facilitates training and coordination with state and global CERTs. National Critical Information Infrastructure Protection Centre (NCIIPC) plays a key role in securing critical infrastructure and defining cybersecurity maturity frameworks.
At the enforcement level, the Indian Cyber Crime Coordination Centre and cyber police units across states investigate cybercrime, monitor threats, and issue advisories. Oversight across agencies is coordinated by the National Cyber Security Coordinator’s office under the National Security Council Secretariat. Sectoral regulators like Reserve Bank of India, Securities and Exchange Board of India, and Insurance Regulatory and Development Authority of India enforce strict cybersecurity compliance in the BFSI sector, with penalties for violations. The Department of Telecommunications has also laid out extensive telecom security requirements.
However, critical gaps remain. Sectors such as power, oil and gas, transportation, healthcare, education, and consumer devices (phones, wearables, smart TVs, network equipment) lack comprehensive cybersecurity regulation and resilience frameworks. These domains present large attack surfaces, often with embedded foreign software components that may pose national security risks.
Additionally, the rapid deployment of generative and agentic AI across sectors introduces new cyber and privacy threats. While some regulators address fairness and explainability, cybersecurity risks linked to AI remain underexplored.
India has made progress in Banking, financial services and insurance (BFSI)0 security, data protection, and cybercrime response, but significant vulnerabilities persist in cyber-physical systems like power grids, water treatment plants, manufacturing, transport systems (metros), healthcare infrastructure, and even government systems. Another major gap is the shortage of skilled cybersecurity professionals. There is also a misconception equating cybersecurity solely with hacking, whereas the field encompasses governance, resilience, and system-wide protection — areas that AI tools may reshape.
How does the centre differentiate itself from the existing ones?
Having previously co-founded cybersecurity research initiatives at IIT Kanpur, I observed a gradual shift where research centres began taking on operational roles — such as audits, SOC setups, and consulting — which diluted their focus on innovation. These activities are better suited to private companies.
Cyber MANTHAN is designed to remain a research-driven centre. It collaborates with regulators, government agencies, and industry to co-create solutions tailored to India’s threat landscape. The goal is to develop indigenous technologies, frameworks, and policies — not to compete with consulting firms. A key differentiator is its strong focus on AI security, an area still underexplored by most research centres. At MANTHAN, innovation is the priority; operational cybersecurity services are deliberately excluded from its mandate.
How will the centre enable real-time collaboration between academia, law enforcement, and industry?
We are already collaborating with the Telangana Cyber Security Bureau (TGCSB) through the Vyuha Labs. This partnership focuses on developing advanced analytics for cybercrime data, generating predictive insights, and improving threat intelligence.
We are also integrating technologies like Bhashini to convert multilingual cybercrime complaints from helpline data into structured text, enabling further analysis such as modus operandi classification and intervention strategies.
In collaboration with NALSAR University of Law, we are establishing a centre for cyber law, policy, and technology to address evolving legal and regulatory challenges.
Additionally, we are developing AI-enabled forensic workflows in partnership with industry to offer ‘forensics as a service’ for MSMEs — making post-incident analysis more accessible and affordable.
What role will Telangana Police and TGCSB play in shaping research priorities at MANTHAN?
TGCSB plays a crucial role through the Vyuha Lab, a vertical within Cyber MANTHAN focused on cybercrime research and intervention.
We are also working on training initiatives, including a proposed cyber commando programme with the Telangana State Police Academy under I4C. While TGCSB significantly influences the Vyuha Lab’s direction, overall research priorities are shaped collaboratively across sectors. Leadership from officers under DGP Shikha Goel has been instrumental in guiding this effort.
What are the key focus areas?
Cyber MANTHAN focuses on:
Digital twins for threat modelling, attack simulation, and response planning
1. AI-driven cyber defence, governance, and threat detection
2. Security frameworks for generative and agentic AI
3. Cybersecurity workforce development through education and training
The centre also works with regulators like RBI, SEBI, and IRDAI to build indigenous cybersecurity tools, reducing dependence on foreign technologies that may pose security risks.
How will MANTHAN support startups working in cybersecurity?
Currently, Cyber MANTHAN does not provide direct funding for incubation. However, IIIT Hyderabad has a strong startup ecosystem with numerous ventures in incubation, supported by government initiatives like the Atal Innovation Mission and NMICPS Technology Innovation Hubs.
MANTHAN’s role will be to assist startups by testing and validating their products. Certification of effectiveness, even if not legally binding, can significantly enhance credibility and market readiness.
How soon can we expect deployable solutions emerging from the centre?
We already have several deployable technologies, including:
1. A tool for ranking CERT-In empanelled auditors using public data
2. AI-based tools for policy compliance against cybersecurity standards
3. Ransomware intervention tools
4. LOLBin-based malicious activity detection systems
These are currently available as proof-of-concept solutions. With further development and industry collaboration, they can be scaled into robust products. The centre aims to continuously generate such PoCs for adoption and refinement by industry partners.
Could MANTHAN contribute to shaping national cybersecurity policies or frameworks?
Yes, that is a key objective. We work closely with regulatory bodies, ministries, and organisations such as CDAC and UPSIFS, which have direct links to government policymaking.
Our involvement in national committees provides opportunities to contribute to the development of cybersecurity policies, regulations, and frameworks aligned with India’s needs.