CyberXtron
Back to Blogs
AISS 2025: What Three Days Revealed About India’s Cybersecurity Reality — and The Opportunities Ahead
DSCIAISS2025DatasovereigntyAIAttackscyberresiliencesecureAI

AISS 2025: What Three Days Revealed About India’s Cybersecurity Reality — and The Opportunities Ahead

The Data Security council of India did it again and marvelously so. I write this with total respect and awe for Mr. Vinayak Godse, CEO of DSCI and his entire team at DSCI including the volunteers on pulling off a fantastic #AISS2025.

Three immersive days at AISS 2025 brought together policymakers, defense leaders, CISOs, technologists, innovators, researchers and global cybersecurity practitioners. The discussions were candid, sometimes uncomfortable, but ultimately constructive.

What emerged was a shared understanding:

Thought relatively nascent compared to the US cyber space, India’s digital ascent is creating unprecedented opportunity — but also escalating exposure.

And navigating this duality requires readiness, reform, and resilience.
This summary note is intended to trigger ideas and a wider dialogue while stemming from the core themes, concerns, and opportunities shaping India’s cybersecurity trajectory, as reflected through the many discussions at AISS.

1. Sovereignty and Domestic Capacity Building Are Now Strategic Imperatives

Mr. Krishnan (Secretary, MeitY) emphasized a point that echoed across the conference—India must strengthen its domestic cybersecurity muscle. 

Key concerns raised:

  • Global supply chains are increasingly opaque
  • “International backdoors” are a growing national risk
  • Critical sectors depend heavily on foreign tooling
  • Geopolitical risk is reshaping cyber dependencies
  • Threat actors have equal access to AI as much as you do – how are you going to stay 2 steps ahead of them

Opportunity:

India can accelerate a new wave of indigenous innovation — intelligence platforms, secure AI layers, Digital Risk Protection (DRP) solutions, cloud-native defence systems and cyber training ecosystems that reduce strategic dependency.

This isn’t optional. It’s foundational.

2. AI Has Redefined the Threat Surface — Offence Is Outpacing Defence

The acceleration of AI in both legitimate and malicious domains has collapsed traditional security assumptions.

Leaders noted:

  • Attackers now iterate at machine speed
  • AI-generated phishing and impersonation have become nearly indistinguishable
  • Automated reconnaissance and exploit generation are growing
  • AI-driven misinformation and voice cloning are emerging as critical risks

I loved how one of the speakers summed it -  “With AI in the mix, every single day is a warzone.”
And the looming threat of quantum computing — “one quantum computer could break crypto backbones” — raises long-term concerns around encryption, identity, and secure communication.

Opportunity:

India can lead in “secure AI by design,” AI-enabled cyber defence, and post-quantum readiness frameworks that prepare institutions before the inflection hits.

3. Cybersecurity Is Evolving Into Cyber Resilience

Having worked extensively on NBFC and BFSI cybersecurity, I was particularly happy hearing when Mr. Rajesh Thapar (CISO, NSE) and Mr Sameer Ratolikar (CISO, HDFC) highlighted that cybersecurity is no longer about prevention alone.

The industry’s maturity curve has shifted:

It began with security  evolving into Information security which then evolved into Cybersecurity as a focal point and the current need and pulse is Cyber Resilience!

Resilience now requires:

  • Minimizing attack surface area
  • Strengthening vendor and supply-chain posture
  • Building measurable risk appetite models
  • Improving response and recovery cycles
  • Ensuring that the weakest external link doesn’t break the system

Case in point was the scale of failure that exists even with a single second of downtime. With NSE processing over 300,000 transactions per second and transaction volumes growing 20% YoY, the cost of any downtime or breach is magnified across the entire digital economy.

Opportunity:

India can build stronger cross-sector playbooks, resilience frameworks, and stress-testing practices — especially across BFSI, telecom, healthcare, government and critical infrastructure. A best  practice which can tactically make impact is that while crafting policies and simulations etc every stakeholder mus be present in teh room. Example for a bank the Bank’s CISO shouldnt be just startegisng alone but also have the Telecom operators, exchanges etc  as well since they each have critical parts to play. 

4. Hybrid Warfare and Nation-State Threats Demand Unified Preparedness

Vice Admiral Vatsyayan reinforced the growing complexity of India’s security environment:

  • Hybrid threats are now the norm
  • Nation-state adversaries are increasingly sophisticated
  • Criminal ecosystems operate ransomware-as-a-service
  • Civil-military coordination remains underdeveloped
  • Delivery timelines and accountability need tightening

His caution about IST — “Indian Shiftable Timeline” — drew laughter but pointed to a real challenge:
 Execution speed matters as much as strategy.

Opportunity:

 Strengthening civil–military unison, operational readiness, cyber ranges, and public-private coordination programs such as iDEX and Svalamban can create a unified response backbone.

5. Secure AI by Design Must Become a National Mandate

Swapna Bapat (VP & MD, Palo Alto Networks India) emphasized the often-overlooked vulnerabilities emerging inside AI layers themselves:

  • Transcription models leaking sensitive information
  • Poorly governed LLM usage inside enterprises
  • Prompt injection risks
  • Hallucinated outputs influencing business decisions
  • Shadow AI systems bypassing governance

Her message:

 AI security must mature at the same pace as AI adoption — not after.

Opportunity:

There is a clear gap for national AI security standards, continuous red-teaming programs, transparency requirements, and certification pathways for AI-first systems.

6. Skilling, Culture, and Awareness Are India’s Achilles Heel

Pramod Bhasin’s call-out was stark:

  • India’s cyber awareness scores around 2/10.
  • And this gap exists despite:
  • Unprecedented digital adoption
  • Rapid expansion of fintech, healthtech, and public digital infrastructure
  • A projected 50% CAGR in India’s cyber ecosystem

His recommended areas of focus:

  • Skilling and reskilling across all tiers
  • Awareness programs for citizens and SMBs
  • Building cyber entrepreneurs
  • Strengthening public-private partnerships

Opportunity:

India can become a global example of how large-scale digital societies can uplift cyber literacy at population scale — if industry and government move together.

7. Observability, Velocity, and Microsecond Resiliency Are Becoming Mandatory

Across sessions, especially those led by leaders like Sunit Nair (Wiz), a consistent theme emerged:

  • Risk must be managed at velocity
  • Microsecond-level resiliency is essential for financial markets
  • Attack surfaces must shrink faster than they expand
  • Zero Trust must evolve from tooling to culture
  • Large enterprises need cross-domain observability across cloud, identity, data, and external threat surfaces

Opportunity:

 This opens the door for new architectures, new operational models, and new cultural practices where resilience becomes an organisation-wide discipline, not just a CISO responsibility.

Final Reflection: AISS 2025 Was a Mirror — and a Map

AISS did more than highlight challenges.

It provided a map of where India needs to go next:

  • Build domestic capability for strategic autonomy
  • Secure AI at the design stage
  • Shift from security to resilience
  • Strengthen civil–military coordination
  • Invest deeply in talent and awareness
  • Create public-private ecosystems that move faster than adversaries
  • Prepare for quantum-era disruption now, not later

The tone across the conference was serious but optimistic.

India has the talent, the digital infrastructure, and the entrepreneurial energy to lead — not just catch up.

What’s needed now is execution, coordination, and long-term commitment.

As we return from the conference, the sense is clear:

 The work ahead is big, complex, and urgent — but it’s also an enormous opportunity to shape India’s digital future with intentionality and foresight.

 

 

At CyberXTron, we deliver Agentic AI–powered cyber defense, combining autonomous Digital Risk Protection with AI-driven Threat Intelligence to proactively defend against hacktivist threats and targeted cyber-attacks.

Click here to book a free consultation with our expert team.

Elevate your security—get curated threat insights in your inbox.

AISS 2025: What Three Days Revealed About India’s Cybersecurity Reality — and The Opportunities Ahead | CyberXTron Blog