Why Cybersecurity holds key to India's AI strategy

As India prepares to host the India AI Impact Summit from Monday, February 16, it stands at a defining moment in its digital governance journey. India’s AI strategy is anchored in a clear principle: Artificial Intelligence must be safe, trusted, and accountable to serve as a foundation for inclusive and sustainable growth. Under the leadership of Prime Minister Narendra Modi, AI is increasingly being deployed to enhance economic productivity, strengthen public service delivery, and deepen citizen-centric governance. At the same time, security by design has emerged as a core pillar of this strategy, recognising that as India’s digital footprint expands, so too does the responsibility to proactively safeguard cyberspace against evolving and sophisticated threats.

AI-enabled capabilities can be exploited by malicious actors through automated cyberattacks, deepfakes, data manipulation, and intelligent malware. For a digitally advancing nation like India, trust is not an abstract ideal but a functional necessity for AI adoption at population scale. Innovation without trust cannot be sustained. The defining challenge of this decade, therefore, is not whether nations adopt AI, but how governments institutionalise safety, security, and accountability to ensure AI serves the public interest.

CERT-In handled over 29.44 lakh cyber incidents last year. These figures underscore both the scale of India’s digital ecosystem, awareness and the proactive reporting mechanisms that have been institutionalised. India ranked second globally in phishing attacks in 2025, reflecting the scale and sophistication of social engineering threats. In the Global Cybersecurity Outlook 2025 published by the World Economic Forum (WEF), CERT-In has been highlighted for its deployment of AI-driven situational awareness systems to analyse and detect 2.2 billion malicious domains and phishing activities affecting 6,95,000 users in 2024. Such threats directly impact citizens, enterprises, and the continuity of essential government services, with the potential to erode public trust in digital systems if left unaddressed, making cybersecurity a national priority rather than a sectoral concern.

To address the opportunities and risks posed by rapid AI adoption, India has articulated an approach that emphasises the development and deployment of safe, trusted, and resilient digital systems, while leveraging emerging technologies for inclusive growth. This approach is reflected across the Digital India programme and India’s evolving AI policy discourse, where cybersecurity, resilience, and trust are positioned as foundational principles guiding technological innovation and governance. Security is not an afterthought to innovation; it is the bedrock on which trusted AI systems are built. Delivering on this trust-first vision requires strong institutional guardianship of cybersecurity.

Within India’s broader emphasis on building trust and security in its digital ecosystem, the Indian Computer Emergency Response Team (CERT-In) plays a central role in strengthening cyber resilience. CERT-In is the national nodal agency for cybersecurity incident response, responsible for the collection, analysis, and dissemination of information on cyber incidents, as well as issuing security advisories, guidelines, and vulnerability notes. Through continuous threat monitoring and automated cyber threat exchange platform, running a command and control centre for sharing near-real time information on existing and potential cyber threats with organisaitons covering all sectors, coordination across stakeholders, and capacity-building initiatives, CERT-In contributes to safeguarding India’s digital infrastructure and reinforcing public confidence in digital systems, including those increasingly shaped by emerging technologies such as artificial intelligence.

AI shall be integral to this mission. Machine learning and advanced analytics enable real-time detection of anomalous activity, rapid correlation of threat indicators across sectors, and early warning of coordinated or large-scale cyber threats. These capabilities allow analysts to process terabytes of threat data at machine speed, ensuring that AI-enabled systems remain secure, reliable, and worthy of citizen trust, enhancing national preparedness and response capabilities.

Going forward, India’s cybersecurity posture will be guided by a whole-of-government approach that integrates AI-driven threat intelligence across ministries, sectors, digital public infrastructure and State governments. The emphasis will be on anticipatory security, detecting, deterring, and neutralising threats before they materialise into systemic disruptions. This approach recognises that trusted AI cannot exist in silos, but requires coordinated institutional vigilance. Strengthening institutional coordination, standardisation, and curated information sharing will remain central to this effort.

In recent years, the Government of India has taken decisive steps to embed artificial intelligence at the core of national development. The IndiaAI Mission, with a planned outlay of over ₹10,300 crore, is explicitly structured around seven pillars, covering compute capacity, foundational and generative AI models, high-quality datasets, application development, talent and skilling, startup financing, and safe and trusted AI, reflecting a comprehensive and coordinated approach to building sovereign AI capabilities while governing AI at a population scale. Importantly, safety, accountability, and security are embedded as a dedicated pillar and as cross-cutting priorities across the IndiaAI Mission, ensuring that scale and innovation do not come at the cost of trust.

Under these IndiaAI Mission pillars, the government has operationalised platforms such as AIKosh, which hosts thousands of non-personal datasets; supported the development of indigenous foundational and language models such as Sarvam-1; and initiated the establishment of AI Centres of Excellence in priority sectors including healthcare, agriculture, and urban sustainability, backed by an initial ₹500 crore allocation in the Union Budget 2025–26.

These interventions represent not only technological advancement but also strategic state capacity building. India already ranks among the fastest-growing AI markets globally. This trajectory is underscored by the Stanford University AI Index, which places India third worldwide after the United States and China based on parameters such as AI research output, talent depth, investment, and deployment, with projections suggesting the country’s AI industry could reach $17 billion by 2027. Sustaining this growth, however, depends on maintaining trust in AI-enabled systems at scale.

Government-led skilling initiatives such as YUVA - AI for All, spearheaded by MeitY, are ensuring that the benefits of AI adoption are broad-based, inclusive, and regionally distributed. By equipping young citizens with foundational and applied AI skills, these programmes are strengthening India’s human capital for a data-driven economy.

Globally, cybersecurity is increasingly shaped by automated threats and self-evolving malware. In response, India is promoting AI-assisted threat intelligence, continuous monitoring, and predictive security across sectors, strengthening incident response and threat anticipation, with 94% of enterprises now using AI-enabled security tools. These measures reinforce the trustworthiness of India’s digital and AI infrastructure.

Going forward, the Government will prioritise the mainstreaming of AI-enabled security across public digital platforms and critical infrastructure, alongside institutional capacity-building to ensure policy and enforcement keep pace with technological change. The objective is clear: to ensure that India’s AI-driven digital ecosystem remains resilient, trusted, and sovereign.

At the same time, the Government remains cognizant of risks introduced by AI, including adversarial manipulation and misuse of synthetic content. Addressing these challenges requires anticipatory governance. Accordingly, MeitY has strengthened the IT Rules to curb deepfakes, mandate platform accountability, and ensure timely takedowns, further reinforcing public trust in digital platforms.

Public awareness and capacity building remain central to cyber resilience. A secure digital India depends not only on technology, but on an informed citizenry, supported through national awareness initiatives and sustained collaboration with state governments, industry, and academia.

The India AI Impact Summit affirms that AI and cybersecurity are inseparable pillars of India’s digital future. Trust connects both innovation and impact. As AI deepens its role in governance and citizen services, the government sees its responsibility to ensure trust and resilience. India’s digital public infrastructure shows that innovation at scale can coexist with strong safeguards. CERT-In’s trust-centric, security-first mandate ensures that India’s AI future is secure by design, resilient by default, and firmly anchored in the national interest.

The writer is currently director general at CERT-In.