The article highlights the emergence of a "fourth wave" of cybersecurity threats driven by artificial intelligence, transforming AI into a double-edged sword for organizations, particularly in the BFSI and government sectors. Adversaries are now capable of exploiting vulnerabilities within minutes, rendering traditional patching cycles ineffective, and their AI-powered attacks are highly scalable, personalized, and can circumvent existing defenses, posing risks like account takeovers, payment fraud, identity theft, and compromising sensitive data for banks, and attacking digital infrastructure, stealing citizen information, and compromising databases for governments. Experts emphasize the geopolitical implications of AI model export controls and sanctions, stressing the need for sovereign, localized AI models to ensure national security and resilience, with platforms like Sequretek's Percept aiming to mitigate dependence on foreign policy. The article also points to a unique Indian threat surface created by the convergence of generative AI, agentic LLM tooling, and India's digital public infrastructure (UPI, Aadhaar, DigiLocker), leading to specific risks like voice-cloned UPI fraud and deepfake V-CIP in retail banking, and disinformation and synthetic-identity leakage in government, underscoring the urgent need for AI-based security investments, identity protection, threat intelligence, and a focus on threat modeling at the DPI layer, while advocating for a sovereign LLM push to address data residency and supply chain risks.

The article highlights the emergence of a "fourth wave" of cybersecurity threats driven by artificial intelligence, transforming AI into a double-edged sword for organizations, particularly in the BFSI and government sectors. Adversaries are now capable of exploiting vulnerabilities within minutes, rendering traditional patching cycles ineffective, and their AI-powered attacks are highly scalable, personalized, and can circumvent existing defenses, posing risks like account takeovers, payment fraud, identity theft, and compromising sensitive data for banks, and attacking digital infrastructure, stealing citizen information, and compromising databases for governments. Experts emphasize the geopolitical implications of AI model export controls and sanctions, stressing the need for sovereign, localized AI models to ensure national security and resilience, with platforms like Sequretek's Percept aiming to mitigate dependence on foreign policy. The article also points to a unique Indian threat surface created by the convergence of generative AI, agentic LLM tooling, and India's digital public infrastructure (UPI, Aadhaar, DigiLocker), leading to specific risks like voice-cloned UPI fraud and deepfake V-CIP in retail banking, and disinformation and synthetic-identity leakage in government, underscoring the urgent need for AI-based security investments, identity protection, threat intelligence, and a focus on threat modeling at the DPI layer, while advocating for a sovereign LLM push to address data residency and supply chain risks.

The article highlights the emergence of a "fourth wave" of cybersecurity threats driven by artificial intelligence, transforming AI into a double-edged sword for organizations, particularly in the BFSI and government sectors. Adversaries are now capable of exploiting vulnerabilities within minutes, rendering traditional patching cycles ineffective, and their AI-powered attacks are highly scalable, personalized, and can circumvent existing defenses, posing risks like account takeovers, payment fraud, identity theft, and compromising sensitive data for banks, and attacking digital infrastructure, stealing citizen information, and compromising databases for governments. Experts emphasize the geopolitical implications of AI model export controls and sanctions, stressing the need for sovereign, localized AI models to ensure national security and resilience, with platforms like Sequretek's Percept aiming to mitigate dependence on foreign policy. The article also points to a unique Indian threat surface created by the convergence of generative AI, agentic LLM tooling, and India's digital public infrastructure (UPI, Aadhaar, DigiLocker), leading to specific risks like voice-cloned UPI fraud and deepfake V-CIP in retail banking, and disinformation and synthetic-identity leakage in government, underscoring the urgent need for AI-based security investments, identity protection, threat intelligence, and a focus on threat modeling at the DPI layer, while advocating for a sovereign LLM push to address data residency and supply chain risks.

Today, we have entered the fourth wave of cybersecurity threats, where AI is a double-edged sword. Adversaries now collapse patch windows in minutes, making traditional weekly cycles obsolete. 

In banking and government, these are not just data loss events; they threaten national security and physical safety. At the same time, fast advancements in AI model development are currently leading to new cybersecurity risks, which are especially significant to BFSI and government organisations.

“Such trends may involve phishing using AI-generated content, deepfake impersonation, automation of social engineering techniques, creating synthetic identities, designing AI-powered malware, AI-driven vulnerability research, and attacking AI models. Unlike traditional attacks, those powered by artificial intelligence are highly scalable and personalized, allowing attackers to circumvent existing defense systems,” JP Mishra, founder, Deep Algorithms.

Explaining further, Mishra says that in terms of banking, these cyber risks may cause account takeover, payment fraud, identity theft, illegal access to bank infrastructure, and compromise of customers' sensitive data. “When it comes to governments, these threats may be employed by malicious actors to attack the digital infrastructure of governments, steal citizens' information, compromise important databases and governmental administrative services,” added Mishra.

Experts point out that as India rapidly transforms itself into a fully digital society through online banking, digital payments, and digital governance, cybersecurity attacks powered by AI technologies will only become even more advanced and challenging. Therefore, investments in AI-based security, identity protection, threat intelligence, and resilience are crucial.

“The threat is also geopolitical. When export controls lock AI models or sanctions leave Indian organisations unable to provision Western stacks, India's structural vulnerability becomes undeniable. At the same time, sovereign cybersecurity is not protectionism, it is optionality. Nations and enterprises need localised, governed AI models to secure their data and maintain geopolitical resilience,” remarked Pankit Desai, cofounder and CEO, Sequretek.

Interestingly, Sequretek is building the Percept platform so enterprises are not hostage to another nation's foreign policy. “True security requires aligning technology with the classic triad of people and processes. We then move from "Make in India" to "Made for the World." The next decade belongs to those who prove dependence was a choice, not destiny,” said Desai.

Experts further point out that the convergence of cheap generative audio or video, agentic LLM tooling, and India's digital-public-infrastructure stack (UPI, Aadhaar, DigiLocker, NIC email, GeM) has produced a distinctly Indian threat surface. Banks face voice cloned UPI fraud and deepfake V-CIP, the state faces deepfake disinformation, synthetic-identity DBT leakage, and agentic APTs against NCIIPC-protected infrastructure.

“Voice plus video deepfakes are now the dominant social-engineering vector in Indian retail banking. Experts must treat voice-bio as a soft factor, not a hard one. India's DPI (UPI, Aadhaar, DigiLocker) is a force multiplier for citizens and attackers. Every new GenAI rail must be threat-modelled at the DPI (Deep packet inspection) layer, not just the app layer. Agentic LLM intrusions collapse defender dwell-time advantage and as a result, cooperative banks, PSUs and state-IT departments can be the main targets. Sovereign-LLM push (IndiaAI Mission) is needed for data-residency but expands supply-chain risk demand signed weights, model SBOMs, red-team evidence,” explained Sudin Baraokar, Global AI and Quantum Advisor and the former technology office at the State Bank of India.

TAGS