As attackers increasingly weaponise artificial intelligence, most Indian organisations are still playing catch-up. A new joint study by Palo Alto Networks and the Data Security Council of India (DSCI), titled “State of AI Adoption for Cybersecurity in India,” finds that while AI is now central to security strategy conversations, actual implementation is lagging badly.
Despite strong interest and board-level attention, only 24% of CXOs believe their organisations are truly prepared to handle AI-driven threats. At the same time, cyberattacks targeting Indian enterprises continue to increase in scale, speed and sophistication.
High Intent, Low Integration
The headline contradiction is stark:
79% of organisations say they plan to integrate AI and machine learning into their security stack
But just 8% have fully integrated AI into live security operations
Around 40% are stuck in the pilot stage, with experiments not yet scaled into production
In other words, AI is everywhere in strategy decks, but nowhere near mature in day-to-day detection and response workflows.
The report notes that 64% of organisations are now making multi-year risk-management investments, moving away from purely reactive spending. However, the operational maturity of AI-enabled security still lags the ambition on paper.
Boards Pull AI Security Into the Governance Layer
One clear shift is governance. The study finds that 52% of organisations now place AI governance under direct oversight of the board and CISO, putting AI-enabled security squarely in the leadership and accountability zone.
At the same time, 23% of CXOs say their biggest concern is sensitive data exposure to AI models, which is pushing many firms toward privacy-preserving architectures, stricter data controls and more careful model integration with production systems.
What’s Slowing Down AI in Security?
The report calls out a familiar but brutal mix of blockers:
Financial overhead – cited by 19% as the top barrier
Skill and talent deficit – highlighted by 17%
Complex integration with legacy systems – flagged by 15%
In practice, that means a lot of security teams know what they want AI to do – automated triage, pattern detection at scale, faster incident response – but they’re held back by budgets, lack of in-house expertise, and brittle old infrastructure that can’t easily plug into modern AI pipelines.
Human–AI Hybrid Defence Takes Shape
Rather than going “all-in AI” or staying manual, Indian organisations are leaning toward a hybrid model:
31% prefer human–AI hybrid defence teams, where AI handles volume and pattern recognition, but humans make contextual decisions
33% mandate human sign-off for AI-triggered critical security actions
This aligns with what Palo Alto Networks’ Swapna Bapat describes as “using AI to defend against AI” – but with continuous red teaming, Zero-Trust verification at every step, and humans in the loop for anything that carries real business risk.
Training, Change Management and Culture
The study also makes it clear that technology alone won’t close the gap:
27% of organisations are driving adoption through structured training and upskilling
26% are prioritising comprehensive change management
Without this, AI security tools either remain unused, misconfigured, or distrusted by frontline teams.
DSCI CEO Vinayak Godse points out that while AI-enabled attacker capabilities are scaling rapidly, properly deployed AI in cybersecurity can significantly strengthen preparedness across risk, governance and operational readiness – but only if organisations treat it as a long-term capability build, not a one-off tool purchase.
A Narrow Window to Catch Up
The report is a reality check:
Attackers are already using AI at scale
Boards are demanding AI strategies
But operational AI security maturity in India is still nascent
For CISOs, the message is blunt: move pilots into production, invest in people and process, and hard-wire AI into detection, response and governance workflows. The gap between AI-powered attackers and half-baked AI defences is exactly where the biggest incidents will occur.
