Synopsis
Indian cybersecurity firms are leveraging in-house AI agents built on LLMs to drastically reduce software vulnerability detection and remediation times from days to hours. This acceleration is crucial as attackers operate at machine speed, with the window for human response shrinking to near zero.Listen to this article in summarized format
Assembly Elections 2026Election Results 2026 Live Updates: Who's ahead in which stateWest Bengal Election Results 2026 Live UpdatesTN Election Result 2026 Live Updates
Companies are already seeing this shift play out in real time.
"Finding flaws in a client's software used to take about four to five days for us," Ashish Tandon, chief executive of Indusface told ET. "If the application is very big, it could take 10 to 20 days. Now it is happening within hours."
Homegrown firms Astra Security and Indusface, along with global operator Proofpoint, are responding by deploying AI agents that compress what once took human analysts weeks into a matter of hours.
The average time for an attacker to move within a network after gaining access has fallen to 48 minutes, with the fastest case at just 51 seconds, according to CrowdStrike's Global Threat Report 2025. The window for defenders to act is shrinking to near zero, forcing companies to secure systems at machine speed.
That pressure is also coming from an unexpected direction — AI models themselves. Anthropic's new model, Claude Mythos Preview, can find and exploit software weaknesses on its own. It has since been brought into Project Glasswing, a coalition including Amazon, Apple, Microsoft, Cisco and CrowdStrike, aimed at fixing critical vulnerabilities before such capabilities reach hostile actors.
The scale of the problem is also rising. By 2030, documented cybersecurity vulnerabilities are expected to cross one million a year, up more than 300% from about 277,000 in 2025, according to global firm, Gartner.
Speed up, but gap remains
"Previously, humans took one to two weeks to test an application. Now AI agents can do that in hours," said Ujwal Ratra, chief operating officer at Astra Security.
But spotting a flaw quickly is only half the battle. Closing it is another matter. Before a patch can go live, teams have to test it, check whether it breaks anything else, and work around systems that cannot go offline. By the time a fix is ready, the window of danger has often been open far too long.
Nearly 67% of incidents now begin with compromised credentials rather than traditional exploitation, according to Sophos's Active Adversary Report 2026. Attackers are finding faster ways even as companies improve detection.
"AI is giving attackers a massive advantage in volume and velocity," said Sunil Sharma, vice president of sales (India and SAARC) at Sophos. "The real danger is the latency gap, the time it takes for a human-reliant security team to respond to a machine-speed threat."
Global firms eye India
That gap is drawing global security firms to India, where new data protection rules have sharpened the commercial stakes.
Nasdaq-listed Proofpoint set up a local team last year after serving Indian customers from its Singapore office. For the firm, India is as much a compliance story as a security one. "What was earlier just a phishing email is now a potential legal and financial risk for companies," said chief executive Sumit Dhawan. The firm serves employees at several large Indian organisations and is in talks with major banks, exchanges and government bodies.
The deeper problem is scale. Proofpoint's AI agents sort through thousands of daily threat alerts, work that would otherwise need a large team of analysts.
But the industry is running short of people either way. There are far fewer trained security professionals than there are open roles, and the gap keeps widening as more devices and services come online. "There is not enough human manpower to process as many alerts as the systems are generating and that number only grows," Dhawan said.
Gartner cybersecurity analyst Apeksha Kaushik said the shift is only accelerating. By 2027, a large share of security operations centres will have to rethink how they use AI for detection. "Organisations that fail to proactively adopt AI-driven tools will fall behind threat actors," she said.
