India is now both a target and a launchpad for AI-driven cyber threats, says Proofpoint CEO

As AI expands the attack surface, enterprises are shifting toward human-centric, intent-based security models and sovereign data controls.

For years, India was not at the centre of global cyber conflict. Attackers prioritised North America and Europe, where financial returns were higher and operational familiarity stronger. Currency friction and limited scale acted as partial buffers.

That insulation no longer exists.

“The rise of cryptocurrency removed that currency barrier, and generative AI enabled attackers to launch sophisticated threats in volume across geographies. As a result, organisations in India, along with markets like Japan and parts of the Middle East, are now seeing a higher percentage growth in attacks,” Proofpoint’s CEO, Sumit Dhawan, told CRN India.

At the same time, India has become one of the top countries for threat actors. Botnets are being set up in India, and AI-generated attacks are being launched from India, targeting not just Indian companies but organisations globally, said Dhawan.

Indian enterprises have traditionally relied on network-based, signature-based cybersecurity models. While that approach worked in the past, it is not sufficient against today’s sophisticated threats.

According to Dhawan, enterprises now require intent-based threat detection, systems that detect the intent behind communications and user behaviour using AI and language models to fight AI-driven threats.

This shift has become important over the past two to three years, including for public sector organisations.

AI adoption is expanding the risk surface

The second dimension of risk does not come from attackers. It comes from adoption itself.

AI is designed to mimic human intelligence. That means it carries risks similar to those of humans. Humans are vulnerable to social engineering; AI systems are vulnerable to prompt engineering, said Dhawan.

Humans can accidentally or maliciously leak data, and AI systems can also expose sensitive information if improperly configured or insufficiently governed.

He added that humans can make flawed judgments, and AI systems can hallucinate, generating outputs that appear authoritative but are factually incorrect.

Additionally, Indian enterprises are rapidly deploying copilots and autonomous agents.

Dhawan said, “Without guardrails, AI adoption is like moving from a horse-drawn carriage to a high-speed vehicle with an accelerator but no brakes or steering. You gain speed, but not control.”

Securing this new environment requires moving beyond infrastructure defence to governing identity, intent and machine behaviour.

AI governance is becoming the new security perimeter

Dhawan explains that AI governance can be understood across three distinct stages: visibility, data access, and behavioural control.

The first stage is shadow AI governance, and this is where most Indian enterprises currently stand. Organisations understand which AI tools are being used internally, which ones are officially approved, and which must be restricted or blocked.

Dhawan mentioned that for many CISOs, the moment of concern begins when they say, “I don’t know what AI is being used and what is not being used.”

That lack of visibility becomes the immediate security risk. At this stage, the focus is on discovery, control and eliminating unauthorised AI usage. Most Indian enterprises are currently operating in this phase.

The second stage shifts the focus to data governance.

Once organisations define which AI tools are permitted, the next question becomes: what can those tools access? Does the AI have the right permissions? Does it have access to more data than necessary? Employees pasting financial models, customer information or proprietary code into AI systems can unintentionally create exposure.

Governance here is about ensuring AI systems access only what aligns with policy and business requirements, said Dhawan.

The third stage moves deeper into intent and behaviour governance.

Dhawan said, “Controlling access is not sufficient if organisations do not also govern what the AI is doing with the data. Is it oversharing information? Is it responding to prompts in ways that conflict with compliance requirements or internal controls?”

This stage requires oversight of interactions between humans and AI agents, ensuring that outputs and actions remain within defined guardrails.

“While Indian organisations are currently in the early shadow AI governance phase, they are likely to move to data governance within months, and soon after that, to intent and behaviour governance. The transition is expected to be fast because AI adoption itself is moving quickly,” said Dhawan.

Sovereign controls become a strategic imperative

India’s cybersecurity posture is being shaped by converging structural forces. AI-driven threats are intensifying. The Digital Personal Data Protection (DPDP) Act is raising accountability standards. Geopolitical shifts and evolving trade relationships are increasing expectations around cyber resilience.

Dhawan mentioned, “As Indian enterprises integrate deeper into global supply chains, they are required to demonstrate stronger controls across both human and AI risks.”

This convergence is pushing sovereignty to the forefront.

When Proofpoint launched its sovereign solution in India last year, it structured the architecture to meet localisation requirements, said Dhawan.

He said, models are trained only on discarded and filtered threat intelligence data, not on customer emails, files or enterprise content. Customer data is not used for global model training.

Proofpoint launched a sovereign data centre in Mumbai last year to meet India’s data localisation requirements and deliver human-centric cybersecurity locally.

Dhawan mentioned India's business quadrupled last year and is expected to triple or quadruple again this year. Since launching the sovereign solution, proof-of-concept activity has increased sharply.

The current India data centre capacity has already reached approximately 50 percent utilisation within four months of going live, said Dhawan.

He added that expansion plans are already underway. Capacity will continue to scale in line with utilisation. Partnerships with public cloud providers will further support geographic expansion as new local facilities become operational.

From a global perspective, India’s contribution to the company’s $5 billion revenue vision by 2030 is expected to grow materially. Roughly four years ago, nearly 78 to 79 percent of revenue came from the US. Today, that share is closer to two-thirds.

“India is expected to contribute approximately 5 percent of global revenue, in the range of $200 to 250 million, over the coming years, implying sustained double- or triple-digit growth,” Dhawan said.