India's Digital Infrastructure Is Under Siege: Why AI-Powered Attacks Are Changing the Cybersecurity Playbook
India's digital infrastructure, which underpins everything from electricity distribution to financial transactions, is facing an unprecedented threat landscape shaped by artificial intelligence and state-sponsored adversaries. The country's ambitious digital public systems, including the Unified Payments Interface (UPI) and Aadhaar identification platform, have created enormous attack surfaces that hostile actors are actively probing. At the same time, frontier AI models with exceptional cybersecurity capabilities are raising alarms about how quickly attackers could discover and exploit vulnerabilities in the future.
What Makes India's Digital Infrastructure So Vulnerable?
India has built one of the world's most sophisticated digital ecosystems, processing over 20 billion UPI transactions monthly and connecting hundreds of millions of citizens to government services. Yet this same infrastructure has become a target. Power grids have been probed by hostile state actors, financial systems have been targeted, and military communication architectures have been tested for weaknesses.
The vulnerability stems from several interconnected factors. India's rapidly expanding Internet of Things (IoT) ecosystem, which includes smart meters and autonomous sensors embedded in critical infrastructure, often runs on legacy software lacking uniform security standards. Many of these devices are manufactured within global supply chains that have not been fully audited for security risks. Additionally, India's growing dependence on cloud infrastructure hosted on servers outside national jurisdiction creates strategic vulnerabilities that deserve far greater policy attention, particularly during geopolitical crises when foreign jurisdictions may restrict or withhold access to critical national data.
Beyond technical vulnerabilities, India faces what experts call "cognitive warfare." This involves the systematic use of AI-generated deepfakes, coordinated disinformation, algorithmic amplification, and targeted propaganda to manipulate public perception, inflame communal tensions, distort electoral processes, and erode confidence in national institutions. With over 500 million active social media users in India, where communal sensitivities can be weaponized rapidly, cognitive warfare has become a powerful tool for destabilization.
How Could Frontier AI Models Change the Attack Landscape?
The cybersecurity community is watching a specific AI model with intense concern: Claude Mythos, developed by Anthropic. This frontier AI system has demonstrated exceptional capability in identifying and exploiting software vulnerabilities. Anthropic took an unusually cautious approach to its distribution, making it available only to a small, vetted group of organizations through a controlled access program called Project Glasswing.
The underlying concern is straightforward: if a model with Mythos' capabilities became available to threat actors, three overlapping changes could fundamentally alter the threat environment. First, attackers could discover previously unknown vulnerabilities, leading to a dramatic increase in "zero-day" exploits where attacks occur before security patches are released. Second, threat actors could use automation to reduce the cost and time required to exploit certain vulnerabilities, making attacks on known vulnerabilities economically viable for the first time. Third, the window between when vulnerabilities are published and when active exploitation begins could shrink dramatically, giving organizations less time to respond.
Currently, as of June 2026, Travelers Insurance has not seen evidence of significant recent changes in threat actors' ability to locate or exploit vulnerabilities. While ransomware activity has risen substantially, this trend is attributed to factors either unrelated to or only moderately influenced by AI tools. However, the threat remains on the horizon.
Steps to Harden Your Organization Against AI-Accelerated Threats
- Establish Aggressive Patch Management: Treat critical patch deployment as a hard operational deadline rather than a best-effort target. Define response times by severity, addressing critical vulnerabilities within 72 hours of release and all others on a defined monthly cycle. Prioritize internet-facing systems, particularly virtual private networks (VPNs), firewalls, and remote access infrastructure, which have become the dominant initial access vector for ransomware groups.
- Deploy Managed Detection and Response (MDR) Capabilities: Implement an MDR solution that provides 24 hours a day, 7 days a week, 365 days a year active monitoring of your environment. Ensure your MDR solution includes endpoint detection and response (EDR) capabilities that monitor device-level activity and can identify malicious behavior such as lateral movement or credential harvesting. Enable automated containment and response capabilities rather than relying solely on human responses, which will prove too slow as attackers automate their attacks.
- Implement Phishing-Resistant Authentication: Require phishing-resistant multi-factor authentication (MFA) on all remote access points, email, and administrative accounts. Replace Short Message Service (SMS)-based MFA with authenticator apps or hardware keys wherever possible. Audit for default credentials across your environment regularly, with particular attention to systems that have recently been updated, upgraded, or newly deployed.
- Maintain Resilient Backups and Recovery Plans: Follow the 3-2-1 backup rule by maintaining at least three copies of data on two different types of media, with one copy stored offline. Ransomware groups have increasingly targeted and destroyed backup systems before deploying encryption, so resilient backups that follow this pattern are critical hedges against worst-case scenarios.
What Is the Broader Strategic Threat to India?
For India's political and military leadership, the message from the strategic environment is increasingly clear: the digital domain is now a primary theatre of national security. A simultaneous multi-sector disruption affecting power, telecommunications, and financial clearing across four to five major urban centers would involve far more than inconvenience. It could severely disrupt emergency services, freeze economic activity, disrupt military logistics, and generate cascading crises that existing governance structures may struggle to manage simultaneously.
The threat is compounded by what experts call the "Sino-Pakistani technological nexus." Pakistan's cyber capabilities have historically relied on a combination of state-directed actors, military intelligence-linked groups, and non-state proxies. These capabilities are being amplified by the democratization of offensive cyber tools using AI and open-source frameworks, making sophisticated attacks accessible to a broader range of adversaries.
Supply chain vulnerabilities add another layer of risk. India's dependence on imported electronics, telecommunications equipment, semiconductor systems, and application software creates a structural vulnerability that cannot be resolved by software security alone. Hardware backdoors, compromised firmware, supply-chain infiltration, and embedded malicious code represent threat vectors against which traditional perimeter cybersecurity defenses are often ineffective. These risks are particularly acute in network and cloud infrastructure, where equipment from vendors with opaque ownership structures and potential state-linked obligations creates persistent intelligence and disruption risks.
The convergence of four accelerating forces sets this moment apart from previous periods of technological disruption: the extraordinary scale of India's digital exposure, the rapidly expanding capabilities of adversarial states, the democratization of offensive cyber tools using AI, and the inadequacy of current governance, procurement, and industrial structures to respond at the required pace. Future conflicts may not begin with artillery. Instead, they could begin, and perhaps even end, with coordinated attacks on payment systems, power grids, and waves of automated disinformation unfolding simultaneously with no clear source.