Something fundamental has shifted in cybersecurity, and while a few nations are beginning to grasp the implications, most, particularly India, remain dangerously unprepared for what comes next.
Last week, Anthropic revealed that its latest Artificial Intelligence (AI) system can autonomously discover, chain, and weaponise software vulnerabilities at machine speed, far beyond anything human teams can achieve. It identified thousands of high-severity zero-days across major operating systems and browsers and even uncovered a flaw in OpenBSD’s TCP stack that had survived 27 years of audits and stress testing.
This rewrites the rules of cyber conflict by shifting attacks from tricking humans into clicking malicious links to machines that can independently find and exploit vulnerabilities. The entire lifecycle of an attack, the reconnaissance, exploitation, and persistence, can now run as a continuous, automated process operating faster than humans can respond.
Anthropic fully grasped the explosive implications of its breakthrough and deliberately chose not to release the system publicly. Instead, it created Project Glasswing, a highly exclusive, tightly controlled initiative that grants access only to a privileged circle of America’s most critical institutions: Apple, Google, Microsoft, AWS, Nvidia, and JPMorgan Chase. The Pentagon and Wall Street were promptly briefed.
Tellingly, even though this same technology poses an equally grave — if not greater — risk to India’s banks, tech giants, and critical infrastructure, Anthropic did not bother to extend the invitation to a single Indian institution.
The US is treating this with national urgency because the implications are so profound. AI has lowered the barrier to offensive cyber operations in a way that makes scale and speed the defining advantages. What once required specialised teams can now be executed by machines, continuously and with little warning.
Recent events show how this capability is already being used and what it could mean for India. In January 2026, the US deployed AI-augmented cyber operations in Venezuela, triggering targeted blackouts across Caracas by disrupting power grids and air-defence systems, enabling the capture of Nicolás Maduro without large-scale military engagement. Weeks later, similar cyber effects were integrated into joint US-Israeli strikes on Iran, disabling communications, sensors, and command networks in minutes. These operations demonstrate how a country’s critical infrastructure can be disrupted remotely, quietly, and with limited attribution.
The same playbook, if turned against India, could unleash catastrophic damage across the country — plunging Delhi, Mumbai, Bengaluru and other major cities into prolonged blackouts that would leave hundreds of millions of people without electricity, water or basic services; paralysing the national railway network and financial markets in a single blow; cutting off water supply to entire states; and blinding key defence installations — all within hours and with almost no chance of clear attribution.
While America is moving quickly, India remains dangerously complacent, still basking in its self-image as the world’s IT superpower. Its companies secure the world’s banks, cloud platforms, and Fortune 500 systems with world-class discipline and precision, yet that same rigour rarely extends to its own critical infrastructure. The result is a nation dangerously exposed: Outdated systems, inconsistent patching, and a security culture that still treats risk as a mere compliance checkbox rather than a core national responsibility.
The scale of India’s exposure is already visible. More than 60% of advanced cyber threats targeting the country are believed to originate from the China–Pakistan axis, with over 265 million cyberattacks recorded in 2025 alone. These are sustained efforts to map critical infrastructure — power grids, water systems, telecom networks, and defence assets — for future disruption.
India has not responded at the level this threat demands. There has been no comprehensive national audit of foreign hardware dependencies; AI-driven red-teaming of critical infrastructure remains limited; and there has been little public acknowledgment of how dangerously exposed these systems truly are.
And that is just the software problem. The hardware nightmares are much worse.
Across India’s power grids, water systems, transportation networks, and defence installations, millions of Chinese devices still form the backbone of operations; its surveillance cameras, routers, switches, and industrial control systems are embedded everywhere. These are not peripheral systems; they sit at the very core of critical infrastructure, are difficult to replace, and in many cases are not even fully understood.
While the US has acted to restrict Chinese networking equipment, recognising it as a national security threat, India continues to tolerate this deep dependence mainly because the devices are significantly cheaper. The government has no hesitation slapping import duties on Chinese smartphones and solar panels in the name of Atmanirbhar Bharat, yet when it comes to the routers, switches and industrial control systems that actually power the nation’s critical infrastructure, cost still triumphs over security. India must treat this as a national security emergency and immediately launch an Atmanirbhar Bharat Cyber Suraksha Mission. High-risk foreign hardware needs to be systematically replaced across critical infrastructure with trusted and verifiable alternatives. This is a matter of national security.
India must also deploy AI within its own systems to continuously test and strengthen defences, identifying vulnerabilities before they are discovered externally. Critical systems should be isolated where necessary to reduce exposure and limit how far an attack can spread.
These actions require urgent coordination across government, industry, and academia, backed by sustained investment and strong political will — and there is no time to waste. Otherwise, to put it simply, complacency will lead to disaster.
Vivek Wadhwa is CEO, Vionix Biosciences. The views expressed are personal
