To beat AI-powered attacks, India's Ministry of Defence is fighting fire with fire

Training AI systems on domestic datasets and internal operational information reduce reliance on external systems, maintain greater control over sensitive data, and tailor models to local requirements, says the Ministry’s IT and Cyber Director, Vivek Yadav.

India Ministry of Defence's IT and Cyber Director, Vivek Yadav. Image: Yadav and Ministry of Defence

Cyberattacks no longer unfold at human speed. 

 

By the time a suspicious email is reported, investigated and escalated, attackers may already have generated dozens of new versions, targeted different agencies, or shifted to another tactic entirely. 

 

Speaking to GovInsider, India’s Ministry of Defence (MoD)’s Director of IT and Cybersecurity, Vivek Yadav, is watching this play out close in his sector. 

 

While MoD previously relied on human effort to detect malicious actors, as well as to conduct risk assessment and incident triage, it cannot simply keep up with the speed of artificial intelligence (AI)-powered cyberattacks.  

 

In just a split of seconds, malicious actors can now automate and deploy cyberattacks. This poses more pressing challenges as governments continuously cope with real-time attacks. 

 

India has been strengthening cyber defence through its foundational principle “Use AI to fight AI” to manage speed, scale, and complexity of modern attacks. 

 

Shifting cyber defence from a checkpoint to a continuous process  

 

Conventional cybersecurity approaches rely on past incidents and static rules to identify malicious activity, making it difficult to detect novel attack patterns, AI-generated threats, and rapidly evolving adversarial techniques. 

 

As AI has now accelerated the speed and scale of cyber threats, the challenge is no longer simply detecting threats, but being quick enough to respond before the attacks happen. 

That means building defence in earlier, rather than bolting it on after a system is already live. 

 

“One of the most significant shifts has been the integration of AI from the earliest stages of software development,” Vivek highlights.  

 

Previously, the security teams operated in rigid layers: generating the alerts, reviewing batches, and escalating for investigation. Now, AI-assisted coding tools provide developers with real-time feedback, identifying insecure coding practices as software is being written.  

 

Instead of discovering vulnerabilities weeks later during testing, issues can be corrected immediately. 

 

The same approach applies to cyber operations.  

 

Rather than requiring analysts to manually review every alert, AI performs much of the initial filtering, identifying suspicious behaviour and flagging anomalies before they reach human responders. 

 

"The distinction is not simply faster detection," says Vivek. "It changes how security teams are organised." 

 

This broadens the monitoring and improves visibility while reducing response times.  

 

“Analysing patterns across large datasets allow the AI systems to surface indicators of compromise that may otherwise go unnoticed,” he adds. 

What it means for public sector: Speed vs. accountability 

 

For public organisations, the focus on AI-enabled cyber defence changes how quickly governments can see and act on risk. 

 

Cyber incidents are no longer isolated technical events. They directly affect everyday services that citizens depend on.  

 

At scale, they might introduce adversaries to probe national systems and erode public confidence in the digital governance system. 

 

Faster detection therefore translates into reduced service disruption, lower financial leakage, and improved continuity of essential public services.  

 

As governments adopt more AI-enabled defence systems, challenges around accountability, explainability, and accuracy also emerge.   

 

Faster detection means increasing reliance on automated judgement.  

A focus on sovereign AI capabilities 

 

In high-stakes environments, like defence, even small inaccuracies in risk classification can cascade into data leakages and malware attacks, posing adverse risks to national security.   

 

That is why MoD emphasises the importance of developing sovereign AI capabilities rather than relying entirely on external models. 

 

As Vivek notes, “Training AI systems on domestic datasets and internal operational information can reduce reliance on external systems, maintain greater control over sensitive data, and tailor models to local operational requirements.” 

 

Cyber resilience is linked to who owns, trains, and governs the AI systems supporting that infrastructure.  

 

This ownership and governance enable previously siloed datasets to be organised, annotated, and translated into strategic decision-making. 

 

Strengthening the cyber defence readiness of officers 

 

Cyber defence readiness is no longer shaped only by detection systems, but by how well organisations can prepare for unfamiliar scenarios. 

 

AI-enabled simulation changes training environments by generating evolving and unpredictable scenarios for militaries. This shifts from learning from past incidents to rehearsing plausible future ones. 

 

Through the War Game Development Centre (WARDEC), India's MoD adopts AI-generated scenarios to expand the range of training conditions available to commanders.  

 

Instead of relying solely on human-designed exercises, the team can now model a wider set of cyber tactics and response pathways, allowing them to be more prepared for novel cyberattacks.  

 

Beyond simulation, readiness is also shaped by how talent is developed in India.  

 

As shared by Vivek, universities and specialised training institutions have established programmes that treat cybersecurity as a dedicated discipline rather than a subset of broader computer science education. 

 

This addresses the lack of a formalised pipeline between technical training and operational defence needs. 

 

Cyber advisories and security information are only effective if they are clearly understood by those receiving them.  

 

Under India’s multilingual environments, readiness also depends on how information is accessed at scale.  

 

Through AI-enabled translation initiatives such as BHASHINI, the public sector workforces are now able to access the cybersecurity guidance in their preferred languages, ensuring that alerts and operational instructions are not limited within the linguistic constraints. 

Cyber defence as a long-term national capability  

 

When attacks operate at machine speed, defence cannot remain human-paced.  

 

As we enter what may be called the algorithmic age of welfare, resilience increasingly depends on an organisation's ability to adapt as quickly as threats evolve. 

 

India’s approach reflects a broader transformation in strengthening cyber resilience, especially the ability to prepare people, systems, and decision-making processes to operate under rapidly evolving threat conditions. 

 

“Risk assessments can no longer focus solely on technology. They must also consider people, processes, infrastructure, implementation practices, and governance structures.” Vivek notes.