Indian cyber firms deploy AI agents to fend off threats
Indian cybersecurity firms are leveraging in-house AI agents built on LLMs to drastically reduce software vulnerability detection and remediation times from days to hours. This acceleration is crucial as attackers operate at machine speed, with th...
Agencies
Indian cybersecurity firms are cutting the time it takes to find and fix software weaknesses from days to hours. Firms are taking the help of AI even as they fight the impending onslaught of upcoming models like Mythos. Firms, ET spoke to, said that they are building in-house AI agents on top of large language models to automate work that once kept human analysts busy for weeks compressing action timelines.
Companies are already seeing this shift play out in real time.
"Finding flaws in a client's software used to take about four to five days for us," Ashish Tandon, chief executive of Indusface told ET. "If the application is very big, it could take 10 to 20 days. Now it is happening within hours."
Homegrown firms Astra Security and Indusface, along with global operator Proofpoint, are responding by deploying AI agents that compress what once took human analysts weeks into a matter of hours.
The average time for an attacker to move within a network after gaining access has fallen to 48 minutes, with the fastest case at just 51 seconds, according to CrowdStrike's Global Threat Report 2025. The window for defenders to act is shrinking to near zero, forcing companies to secure systems at machine speed.
That pressure is also coming from an unexpected direction — AI models themselves. Anthropic's new model, Claude Mythos Preview, can find and exploit software weaknesses on its own. It has since been brought into Project Glasswing, a coalition including Amazon, Apple, Microsoft, Cisco and CrowdStrike, aimed at fixing critical vulnerabilities before such capabilities reach hostile actors.
The scale of the problem is also rising. By 2030, documented cybersecurity vulnerabilities are expected to cross one million a year, up more than 300% from about 277,000 in 2025, according to global research firm Gartner.
Speed up, but gap remains
"Previously, humans took one to two weeks to test an application. Now AI agents can do that in hours," said Ujwal Ratra, chief operations officer at Astra Security.
But spotting a flaw quickly is only half the battle. Closing it is another matter. Before a patch can go live, teams have to test it, check whether it breaks anything else, and work around systems that cannot go offline. By the time a fix is ready, the window of danger has often been open far too long.
"AI is giving attackers a massive advantage in volume and velocity," said Sunil Sharma, vice president of sales (India and SAARC) at Sophos. "The real danger is the latency gap, the time it takes for a human-reliant security team to respond to a machine-speed threat."
That gap is drawing global security firms to India, where new data protection rules have sharpened the commercial stakes.
United States-based cybersecurity firm Proofpoint set up a local team last year after serving Indian customers from its Singapore office. For the firm, India is as much a compliance story as a security one. "What was earlier just a phishing email is now a potential legal and financial risk for companies," said chief executive Sumit Dhawan. The firm serves employees at several large Indian organisations and is in talks with major banks, exchanges and government bodies.
The deeper problem is scale. Proofpoint's AI agents sort through thousands of daily threat alerts, work that would otherwise need a large team of analysts.
But the industry is running short of people either way. There are far fewer trained security professionals than there are open roles, and the gap keeps widening as more devices and services come online. "There is not enough human manpower to process as many alerts as the systems are generating and that number only grows," Dhawan said.
Gartner cybersecurity analyst Apeksha Kaushik said the shift is only accelerating. By 2027, a large share of security operations centres will have to rethink how they use AI for detection. "Organisations that fail to proactively adopt AI-driven tools will fall behind threat actors," she said.
Companies are already seeing this shift play out in real time.
"Finding flaws in a client's software used to take about four to five days for us," Ashish Tandon, chief executive of Indusface told ET. "If the application is very big, it could take 10 to 20 days. Now it is happening within hours."
Homegrown firms Astra Security and Indusface, along with global operator Proofpoint, are responding by deploying AI agents that compress what once took human analysts weeks into a matter of hours.
The average time for an attacker to move within a network after gaining access has fallen to 48 minutes, with the fastest case at just 51 seconds, according to CrowdStrike's Global Threat Report 2025. The window for defenders to act is shrinking to near zero, forcing companies to secure systems at machine speed.
That pressure is also coming from an unexpected direction — AI models themselves. Anthropic's new model, Claude Mythos Preview, can find and exploit software weaknesses on its own. It has since been brought into Project Glasswing, a coalition including Amazon, Apple, Microsoft, Cisco and CrowdStrike, aimed at fixing critical vulnerabilities before such capabilities reach hostile actors.
ADVERTISEMENT
The scale of the problem is also rising. By 2030, documented cybersecurity vulnerabilities are expected to cross one million a year, up more than 300% from about 277,000 in 2025, according to global research firm Gartner.
Speed up, but gap remains
"Previously, humans took one to two weeks to test an application. Now AI agents can do that in hours," said Ujwal Ratra, chief operations officer at Astra Security.
But spotting a flaw quickly is only half the battle. Closing it is another matter. Before a patch can go live, teams have to test it, check whether it breaks anything else, and work around systems that cannot go offline. By the time a fix is ready, the window of danger has often been open far too long.
ADVERTISEMENT
Nearly 67% of security incidents were identity related attacks, such as compromised credentials, and phishing rather than traditional exploitation, according to Sophos's Active Adversary Report 2026. Attackers are finding faster ways even as companies improve detection."AI is giving attackers a massive advantage in volume and velocity," said Sunil Sharma, vice president of sales (India and SAARC) at Sophos. "The real danger is the latency gap, the time it takes for a human-reliant security team to respond to a machine-speed threat."
ADVERTISEMENT
Global firms eye IndiaThat gap is drawing global security firms to India, where new data protection rules have sharpened the commercial stakes.
United States-based cybersecurity firm Proofpoint set up a local team last year after serving Indian customers from its Singapore office. For the firm, India is as much a compliance story as a security one. "What was earlier just a phishing email is now a potential legal and financial risk for companies," said chief executive Sumit Dhawan. The firm serves employees at several large Indian organisations and is in talks with major banks, exchanges and government bodies.
The deeper problem is scale. Proofpoint's AI agents sort through thousands of daily threat alerts, work that would otherwise need a large team of analysts.
But the industry is running short of people either way. There are far fewer trained security professionals than there are open roles, and the gap keeps widening as more devices and services come online. "There is not enough human manpower to process as many alerts as the systems are generating and that number only grows," Dhawan said.
Gartner cybersecurity analyst Apeksha Kaushik said the shift is only accelerating. By 2027, a large share of security operations centres will have to rethink how they use AI for detection. "Organisations that fail to proactively adopt AI-driven tools will fall behind threat actors," she said.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
ADVERTISEMENT
