Scaling AI for Billions_ Building Digital Public Infrastructure

Summary

This panel discussion explored the intersection of artificial intelligence and cybersecurity, examining both how AI can enhance security measures and how AI systems themselves need protection. The conversation featured experts from government, private sector, and cybersecurity companies discussing the dual nature of AI as both an opportunity and a challenge for security professionals.

Daisy Chittilapilly from Cisco emphasized that AI follows the pattern of previous technologies in presenting both benefits and risks, noting that while AI promises better security management at machine scale, it also introduces new vulnerabilities like model jailbreaking and data poisoning. G. Narendra Nath highlighted the unprecedented speed of AI adoption compared to previous technological revolutions, creating challenges for both enterprises and national security, particularly because adversaries can leverage AI more effectively than defensive users.

A.S. Lakshminarayanan from Tata Communications warned that organizations are “running towards a cliff” by implementing AI on already fragile digital infrastructure, arguing that enterprises need an “AI operating system” with proper governance and trust layers rather than focusing solely on individual AI applications. Richard Marko stressed the importance of understanding AI agent operations and maintaining oversight of automated processes to ensure security.

The panelists agreed that AI is fundamentally changing cybersecurity from protecting systems and data to protecting decision-making and trust itself. They emphasized the need for new assessment frameworks, better capacity building across sectors, and a shift from viewing AI as merely an automation tool to recognizing it as a technology that scales decisions. The discussion concluded with expectations that AI-native companies will emerge to disrupt existing business models, while nations must balance AI adoption for competitive advantage with protection against its adverse effects.

Keypoints

Major Discussion Points:

– AI’s Dual Role in Cybersecurity: The discussion extensively covered how AI serves both as a solution for cybersecurity challenges (enabling better threat detection and management at machine scale) and as a source of new risks (model poisoning, jailbreaking, data leakage, and sophisticated attacks by adversaries).

– Infrastructure Fragility and Readiness Gap: Multiple panelists emphasized that current digital infrastructure is already fragile, and organizations are rushing to implement AI without adequate foundational security measures. There’s a significant gap between AI adoption ambitions and actual organizational readiness in terms of data strategy, compute capacity, and security frameworks.

– Speed of AI Adoption vs. Security Preparedness: Unlike previous technological revolutions that allowed time for gradual adaptation, AI is being adopted at “breakneck speed” without sufficient time to understand and mitigate adversarial effects, creating unprecedented risks for enterprises and national infrastructure.

– Need for New Frameworks and Governance: The discussion highlighted the necessity for new assessment frameworks, AI operating systems, and governance structures. This includes corporate AI responsibility, trust and verification mechanisms, and the evolution from traditional cybersecurity to protecting decision-making processes and maintaining system trust.

– Strategic Transformation and Future Outlook: Panelists discussed how AI represents a paradigm shift from scaling transactions to scaling decisions, requiring new business models, talent approaches, and the emergence of AI-native companies that could disrupt existing industries within the next five years.

Overall Purpose:

The discussion aimed to explore the intersection of AI and cybersecurity from multiple perspectives – examining both how AI can enhance cybersecurity capabilities and how AI introduces new security challenges. The panel sought to address current readiness gaps, discuss strategic implications for enterprises and national infrastructure, and envision the future landscape of AI-enabled security.

Overall Tone:

The discussion maintained a balanced but cautionary tone throughout. While panelists acknowledged the tremendous opportunities AI presents for cybersecurity (describing it as creating a “level playing field” between attackers and defenders), there was a consistent undercurrent of concern about the pace of adoption outstripping security preparedness. The tone was professional and analytical, with experts sharing both optimistic possibilities and serious warnings about infrastructure fragility and the need for more thoughtful, systematic approaches to AI implementation.

Speakers

Speakers from the provided list:

– Samrat Kishor – Moderator/Host of the discussion

– Daisy Chittilapilly – Works at Cisco, focuses on AI and cybersecurity infrastructure, networking and security solutions

– G. Narendra Nath – Government official working on national security and cybersecurity policy, involved with CERT India and cybersecurity frameworks

– A. S. Lakshminarayanan – Executive at Tata Communications (TataCom), focuses on digital infrastructure and AI operating systems for enterprises

– Richard Marko – Expert in cybersecurity resilience, AI risks, and digital security systems

– Dharshan Shanthamurthy – Works with a cybersecurity company, provides consulting and thought leadership for large enterprises and government officials

– Pradeep Sekar – Cybersecurity expert working with enterprise leaders and boards on AI risk management and strategic cybersecurity

Additional speakers:

None – all speakers mentioned in the transcript are included in the provided speakers names list.

This comprehensive panel discussion at a technology summit explored the complex intersection of artificial intelligence and cybersecurity, examining both the transformative opportunities and significant risks that AI presents to digital security infrastructure. The conversation brought together experts from government, telecommunications, cybersecurity, and technology consulting to address what moderator Samrat Kishor framed as the dual challenge of “AI for cybersecurity” and “cybersecurity for AI.”

The Dual Nature of AI in Cybersecurity

The discussion opened with Daisy Chittilapilly from Cisco establishing a fundamental framework for understanding AI’s role in cybersecurity. She emphasised that AI follows the pattern of previous technologies in presenting both opportunities and challenges, but noted its unique potential to redefine how humanity lives, works, and plays. Chittilapilly highlighted that cybersecurity has long struggled to manage threats at human scale, making AI’s promise of machine-scale security management particularly compelling. However, she cautioned that AI simultaneously introduces new vulnerabilities, including model jailbreaking, confidential information leakage, data poisoning, and inherent vulnerabilities in open-source models.

This dual nature became a recurring theme throughout the discussion, with Dharshan Shanthamurthy from the cybersecurity sector providing a particularly optimistic perspective. He argued that AI represents a historic opportunity to level the playing field between attackers and defenders, noting that cybersecurity has traditionally been asymmetric, with intruders needing to succeed only once whilst defenders must succeed consistently. Shanthamurthy described AI as enabling the identification of “needles in haystacks” and transforming security operations centres from requiring constant human monitoring to automated, agent-driven processes. He emphasised that India is positioned at a “sweet spot” between AI and cybersecurity, creating opportunities to develop world-class talent and capabilities.

Infrastructure Fragility and the Readiness Gap

A critical concern emerged around the fragility of existing digital infrastructure and organisations’ readiness for AI implementation. A.S. Lakshminarayanan from Tata Communications delivered perhaps the most sobering assessment, warning that organisations are “fast running towards the cliff” by implementing AI on already fragile digital foundations. He used a powerful metaphor, stating that enterprises “can’t build a skyscraper with a foundation of a bungalow,” which became a reference point throughout the discussion.

Lakshminarayanan detailed how AI will exponentially increase network traffic, particularly east-west traffic, through numerous API calls and long-lived sessions that will strain edge infrastructure. He argued that the excitement around AI has overshadowed the critical need to strengthen foundational digital infrastructure before adding AI capabilities.

This concern was reinforced by Chittilapilly’s reference to Cisco’s AI readiness research, which revealed significant gaps in enterprise preparedness. Despite widespread enthusiasm for AI deployment among Indian enterprises, substantial readiness challenges exist across data strategies, compute capacity, threat understanding, and innovation infrastructure.

Unprecedented Speed and Strategic Asymmetries

G. Narendra Nath, representing the national cybersecurity perspective, highlighted a crucial difference between AI and previous technological revolutions: the unprecedented speed of adoption. Unlike earlier technologies that allowed gradual integration and time to understand both beneficial and adversarial applications, AI adoption is occurring at “breakneck speed” with widespread enterprise willingness to adopt AI tools immediately.

Nath identified a critical strategic asymmetry: adversarial actors, including nation-states and malicious enterprises, are more motivated and focused in their AI implementation than defensive users. Whilst organisations adopt AI primarily for productivity and efficiency gains, adversaries dedicate significant effort and thought to leveraging AI more effectively for malicious purposes. This creates a dangerous imbalance that must be addressed through conscious effort and strategic planning.

He also noted technical challenges unique to AI systems, particularly the lack of separation between control and data planes that characterises traditional systems. In AI, data itself becomes control, making systems vulnerable to model poisoning through inputs and creating drift over time that makes system behaviour unpredictable and non-deterministic.

Risk Management Frameworks and Governance

Pradeep Sekar introduced a comprehensive framework for understanding AI risks through three distinct lenses: compliance risk (meeting regulatory requirements like the EU AI Act), operational risk (assessing model reliability and service provider dependencies), and strategic risk (understanding financial impact of AI-driven attacks on organisational reputation and customer relationships). He noted that whilst most organisations focus on compliance, few have progressed to strategic risk assessment, which requires quantifying potential financial impacts and communicating these to boards in business terms.

Sekar also argued that cybersecurity must evolve beyond protecting systems and data to protecting decision-making and trust. He introduced the concept of measurable trust through provenance, authenticity, and verification mechanisms, suggesting that future security systems will need to assess and rate the trustworthiness of transactions and communications in real-time.

The moderator suggested evolving from corporate social responsibility to “corporate AI responsibility,” where organisations take explicit ownership of their AI systems’ actions and impacts.

The Need for New Operating Systems and Architectures

Lakshminarayanan proposed the concept of an “AI operating system” as a comprehensive solution, arguing that organisations should move beyond evaluating individual large language models to implementing systematic frameworks with distinct layers: context (bringing together relevant information), agentic (enabling autonomous actions), and trust/governance (controlling what agents can and cannot do).

This architectural approach addresses the fundamental challenge of making AI knowledge actionable whilst maintaining control and oversight. Without such governance layers, organisations cannot safely leverage AI models’ capabilities or ensure responsible AI behaviour.

Chittilapilly provided insights into how AI is fundamentally changing infrastructure requirements, leading to a complete rewiring and restacking of enterprise infrastructure. The traditional approach of building security as bolt-on solutions is becoming obsolete, requiring instead system resilience built into all layers of both infrastructure and AI stacks.

Sectoral Challenges and National Perspectives

From a national perspective, Nath highlighted the uneven readiness across different sectors, creating both a “cybersecurity divide” and an “AI divide.” Whilst the financial sector has achieved relative maturity in cybersecurity practices, sectors like healthcare show similar enthusiasm for AI adoption despite significantly lower cybersecurity maturity. This creates new vulnerabilities in critical infrastructure.

He outlined government initiatives to address these challenges, including the development of assessment frameworks for AI systems, capacity building programmes, and leveraging existing institutional frameworks like CERT India and sectoral regulators. The use of regulatory sandboxes in financial and telecommunications sectors provides mechanisms for safely testing AI technologies before production deployment.

Human Factors and Implementation Challenges

Richard Marko brought attention to the human element in AI security, noting that people remain the weakest link in cybersecurity and that AI amplifies this vulnerability. He highlighted how AI-generated deep fakes and sophisticated social engineering make it increasingly difficult for humans to distinguish legitimate communications from scams. Additionally, AI agents performing tasks on behalf of users create new risks through potentially unsupervised actions.

The discussion also revealed talent challenges, with observations that younger professionals often adapt more readily to AI paradigms than experienced professionals, creating additional workforce considerations for organisations implementing AI systems.

Future Outlook and Strategic Implications

The panel identified AI as representing a paradigm shift from scaling transactions (the focus of previous technologies) to scaling decisions. This distinction requires organisations to rethink culture, talent development, and operational approaches. Lakshminarayanan argued that the decisions made in the next five years regarding AI strategy will determine organisational health for decades to come, particularly for his company’s infrastructure planning.

From a national perspective, Nath emphasised that AI adoption represents a competitive advantage that countries cannot afford to ignore, as other nations and enterprises will leverage AI for business improvement. However, this must be balanced with protection against AI’s adverse effects and careful management of dependencies created by AI integration into critical infrastructure.

Assessment and Governance Development

A significant gap identified throughout the discussion was the lack of adequate assessment frameworks for AI systems. Nath highlighted ongoing government efforts to develop frameworks that evaluate both security and functional aspects of AI systems before deployment, including the ability to distinguish between cybersecurity incidents and AI system malfunctioning or poor design.

Both government and private sector initiatives are developing these capabilities, with emphasis on making frameworks accessible to enterprises across sectors and providing clear guidance on security requirements and best practices.

Conclusion

The panel discussion revealed a complex landscape where AI’s transformative potential in cybersecurity is matched by significant implementation challenges and new risk categories. The consensus emerged that whilst AI offers unprecedented opportunities to improve security capabilities and level the playing field between attackers and defenders, successful implementation requires fundamental changes in infrastructure, governance, and strategic thinking.

The conversation highlighted the critical importance of building proper foundations before implementing AI capabilities, developing comprehensive governance frameworks, and addressing the speed mismatch between AI adoption and security preparedness. The discussion emphasised the need for coordinated action across sectors and between public and private stakeholders to address capacity building, assessment frameworks, and strategic risk management.

The panel concluded with recognition that India is well-positioned to develop world-class capabilities at the intersection of AI and cybersecurity, provided that proper attention is paid to building robust foundations and governance frameworks for this transformative technology.

Agreement points

Infrastructure fragility and inadequate preparation for AI implementation

Speakers

– Daisy Chittilapilly
– A. S. Lakshminarayanan
– G. Narendra Nath

Arguments

There’s an ambition versus reality gap – 90% of enterprises want to deploy AI agents, but only a fraction have adequate data strategy, compute capacity, or AI threat understanding

Digital infrastructure in enterprises is already fragile, and adding AI will multiply this fragility by 100 times due to increased network traffic and API calls

There’s a cybersecurity divide across sectors, with varying levels of maturity in adopting AI while maintaining security posture

Summary

All three speakers agree that current digital infrastructure is inadequately prepared for AI implementation, with significant gaps between AI adoption ambitions and actual readiness across enterprises and sectors

Topics

Building confidence and security in the use of ICTs | Artificial intelligence | Information and communication technologies for development

Need for comprehensive AI governance and operating systems

Speakers

– A. S. Lakshminarayanan
– G. Narendra Nath
– Pradeep Sekar

Arguments

Enterprises require an AI operating system with context, agentic, and trust/governance layers to control what agents can and cannot do

Assessment frameworks for AI systems are needed to evaluate both security and functional aspects before deployment

Cybersecurity must evolve from protecting systems and data to protecting decision-making and trust through measurable mechanisms

Summary

These speakers converge on the need for comprehensive frameworks and operating systems that go beyond traditional approaches to govern AI implementation with proper trust, assessment, and control mechanisms

Topics

Artificial intelligence | The enabling environment for digital development | Data governance

AI as both opportunity and threat in cybersecurity

Speakers

– Daisy Chittilapilly
– Dharshan Shanthamurthy
– Pradeep Sekar

Arguments

AI presents both opportunities and challenges in cybersecurity, similar to previous technologies but at unprecedented scale and speed

AI creates a level playing field between defenders and attackers, offering hope for better threat detection and automated security operations

AI industrializes disruption at scale, particularly in phishing and social engineering attacks

Summary

All speakers acknowledge AI’s dual nature in cybersecurity – providing powerful defensive capabilities while simultaneously enabling more sophisticated attacks

Topics

Building confidence and security in the use of ICTs | Artificial intelligence

Rapid pace of AI adoption creates unique challenges

Speakers

– G. Narendra Nath
– A. S. Lakshminarayanan
– Richard Marko

Arguments

AI adoption is happening at breakneck speed without adequate time to assess and mitigate adversarial effects, unlike previous technological revolutions

AI represents a paradigm shift from scaling transactions to scaling decisions, requiring different cultural and talent approaches

Resilience requires attention to details and understanding of background processes, sometimes necessitating slowing down implementation

Summary

These speakers agree that AI’s unprecedented speed of adoption creates unique challenges requiring careful consideration and sometimes deliberate slowing of implementation to ensure proper security measures

Topics

Artificial intelligence | Building confidence and security in the use of ICTs | Capacity development

Similar viewpoints

Both speakers from major technology companies (Cisco and Tata) emphasize the fundamental inadequacy of current infrastructure approaches and the need for integrated, distributed security solutions rather than traditional bolt-on security measures

Speakers

– Daisy Chittilapilly
– A. S. Lakshminarayanan

Arguments

Networks must integrate security as a distributed mesh rather than separate appliances, with secure networking becoming the primary focus

Digital infrastructure in enterprises is already fragile, and adding AI will multiply this fragility by 100 times due to increased network traffic and API calls

Topics

Building confidence and security in the use of ICTs | Information and communication technologies for development

Both speakers emphasize the strategic imperative of AI adoption while stressing the need for comprehensive risk management that goes beyond basic compliance to address operational and strategic concerns

Speakers

– G. Narendra Nath
– Pradeep Sekar

Arguments

AI adoption is a competitive advantage at national level, but countries must also protect against adverse effects and identify dependencies

Organizations need to move beyond compliance-focused approaches to address operational and strategic AI risks

Topics

Artificial intelligence | The enabling environment for digital development | Building confidence and security in the use of ICTs

Both speakers focus on the human vulnerability aspect of AI-enhanced attacks, emphasizing how AI amplifies existing human weaknesses in cybersecurity through more sophisticated social engineering and unsupervised agent actions

Speakers

– Richard Marko
– Pradeep Sekar

Arguments

People remain the weakest link in cybersecurity, and AI agents performing tasks on behalf of users create new risks through unsupervised actions

AI industrializes disruption at scale, particularly in phishing and social engineering attacks

Topics

Building confidence and security in the use of ICTs | Human rights and the ethical dimensions of the information society | Artificial intelligence

Unexpected consensus

Need to slow down AI implementation despite competitive pressures

Speakers

– Richard Marko
– A. S. Lakshminarayanan
– G. Narendra Nath

Arguments

Resilience requires attention to details and understanding of background processes, sometimes necessitating slowing down implementation

The next five years will determine organizational health for the next 50 years, with AI-native companies potentially disrupting existing business models

AI adoption is happening at breakneck speed without adequate time to assess and mitigate adversarial effects, unlike previous technological revolutions

Explanation

Despite the competitive pressures and transformative potential of AI, multiple speakers from different backgrounds (cybersecurity expert, telecom executive, and government official) converge on the counterintuitive need to deliberately slow down implementation to ensure proper foundations and security measures

Topics

Artificial intelligence | Building confidence and security in the use of ICTs | The enabling environment for digital development

Corporate responsibility evolution for AI era

Speakers

– Samrat Kishor
– A. S. Lakshminarayanan

Arguments

Corporate AI responsibility should evolve from corporate social responsibility, with companies taking ownership of their AI actions

Enterprises require an AI operating system with context, agentic, and trust/governance layers to control what agents can and cannot do

Explanation

The moderator’s suggestion for corporate AI responsibility finds unexpected alignment with the industry executive’s technical proposal for AI governance systems, suggesting convergence between ethical frameworks and practical implementation needs

Topics

Artificial intelligence | Human rights and the ethical dimensions of the information society | The enabling environment for digital development

Overall assessment

Summary

The speakers demonstrate remarkable consensus on key challenges: infrastructure inadequacy, the dual nature of AI in cybersecurity, need for comprehensive governance frameworks, and the unprecedented speed of AI adoption requiring careful management. Despite coming from different sectors (government, private industry, cybersecurity), they align on both the transformative potential and significant risks of AI implementation.

Consensus level

High level of consensus with strong implications for coordinated action. The agreement across diverse stakeholders suggests these challenges are universally recognized and require collaborative solutions spanning public-private partnerships, new regulatory frameworks, and fundamental rethinking of digital infrastructure approaches. The consensus particularly around slowing implementation despite competitive pressures indicates mature understanding of the risks involved.

Different viewpoints

Pace of AI implementation versus security preparedness

Speakers

– G. Narendra Nath
– A. S. Lakshminarayanan
– Richard Marko
– Dharshan Shanthamurthy

Arguments

AI adoption is happening at breakneck speed without adequate time to assess and mitigate adversarial effects, unlike previous technological revolutions

Digital infrastructure in enterprises is already fragile, and adding AI will multiply this fragility by 100 times due to increased network traffic and API calls

Resilience requires attention to details and understanding of background processes, sometimes necessitating slowing down implementation

AI creates a level playing field between defenders and attackers, offering hope for better threat detection and automated security operations

Summary

While Narendra Nath, Lakshminarayanan, and Marko emphasize the need to slow down AI implementation due to infrastructure fragility and security risks, Dharshan presents a more optimistic view focusing on AI’s opportunities for cybersecurity improvement

Topics

Artificial intelligence | Building confidence and security in the use of ICTs | The enabling environment for digital development

Focus on fear versus hope in AI cybersecurity discourse

Speakers

– Dharshan Shanthamurthy
– G. Narendra Nath
– A. S. Lakshminarayanan

Arguments

AI creates a level playing field between defenders and attackers, offering hope for better threat detection and automated security operations

AI adoption is happening at breakneck speed without adequate time to assess and mitigate adversarial effects, unlike previous technological revolutions

Digital infrastructure in enterprises is already fragile, and adding AI will multiply this fragility by 100 times due to increased network traffic and API calls

Summary

Dharshan emphasizes the hopeful aspects and opportunities AI brings to cybersecurity, while Narendra Nath and Lakshminarayanan focus more on the risks and challenges that need immediate attention

Topics

Artificial intelligence | Building confidence and security in the use of ICTs | Capacity development

Unexpected differences

Role of human factors in AI security

Speakers

– Richard Marko
– Dharshan Shanthamurthy

Arguments

People remain the weakest link in cybersecurity, and AI agents performing tasks on behalf of users create new risks through unsupervised actions

AI creates a level playing field between defenders and attackers, offering hope for better threat detection and automated security operations

Explanation

While both speakers acknowledge AI’s impact on cybersecurity, Marko emphasizes increased human vulnerability and risks from AI agents acting without supervision, whereas Dharshan focuses on AI’s potential to automate and improve security operations, representing fundamentally different views on human-AI interaction in security contexts

Topics

Building confidence and security in the use of ICTs | Human rights and the ethical dimensions of the information society | Artificial intelligence

Overall assessment

Summary

The main areas of disagreement center around the appropriate pace of AI implementation, the balance between optimism and caution in AI adoption, and the role of human factors in AI security. While all speakers acknowledge both opportunities and risks in AI cybersecurity, they differ significantly in their emphasis and proposed approaches.

Disagreement level

Moderate disagreement level with significant implications for AI policy and implementation strategies. The disagreements reflect different risk tolerances and implementation philosophies that could lead to substantially different approaches to AI governance and cybersecurity frameworks at organizational and national levels.

Partial agreements

All speakers agree that current enterprise infrastructure and frameworks are inadequate for AI deployment, but they propose different solutions – Daisy focuses on infrastructure readiness gaps, Lakshminarayanan proposes AI operating systems, and Narendra Nath emphasizes assessment frameworks

Speakers

– Daisy Chittilapilly
– A. S. Lakshminarayanan
– G. Narendra Nath

Arguments

There’s an ambition versus reality gap – 90% of enterprises want to deploy AI agents, but only a fraction have adequate data strategy, compute capacity, or AI threat understanding

Enterprises require an AI operating system with context, agentic, and trust/governance layers to control what agents can and cannot do

Assessment frameworks for AI systems are needed to evaluate both security and functional aspects before deployment

Topics

Artificial intelligence | The enabling environment for digital development | Building confidence and security in the use of ICTs

All speakers agree that AI requires fundamental changes in how organizations approach technology and security, but they focus on different aspects – Daisy on network architecture, Pradeep on trust mechanisms, and Lakshminarayanan on organizational paradigms

Speakers

– Daisy Chittilapilly
– Pradeep Sekar
– A. S. Lakshminarayanan

Arguments

Networks must integrate security as a distributed mesh rather than separate appliances, with secure networking becoming the primary focus

Cybersecurity must evolve from protecting systems and data to protecting decision-making and trust through measurable mechanisms

AI represents a paradigm shift from scaling transactions to scaling decisions, requiring different cultural and talent approaches

Topics

Artificial intelligence | Building confidence and security in the use of ICTs | Organizational Strategy and Risk Management

Similar viewpoints

Both speakers from major technology companies (Cisco and Tata) emphasize the fundamental inadequacy of current infrastructure approaches and the need for integrated, distributed security solutions rather than traditional bolt-on security measures

Speakers

– Daisy Chittilapilly
– A. S. Lakshminarayanan

Arguments

Networks must integrate security as a distributed mesh rather than separate appliances, with secure networking becoming the primary focus

Digital infrastructure in enterprises is already fragile, and adding AI will multiply this fragility by 100 times due to increased network traffic and API calls

Topics

Building confidence and security in the use of ICTs | Information and communication technologies for development

Both speakers emphasize the strategic imperative of AI adoption while stressing the need for comprehensive risk management that goes beyond basic compliance to address operational and strategic concerns

Speakers

– G. Narendra Nath
– Pradeep Sekar

Arguments

AI adoption is a competitive advantage at national level, but countries must also protect against adverse effects and identify dependencies

Organizations need to move beyond compliance-focused approaches to address operational and strategic AI risks

Topics

Artificial intelligence | The enabling environment for digital development | Building confidence and security in the use of ICTs

Both speakers focus on the human vulnerability aspect of AI-enhanced attacks, emphasizing how AI amplifies existing human weaknesses in cybersecurity through more sophisticated social engineering and unsupervised agent actions

Speakers

– Richard Marko
– Pradeep Sekar

Arguments

People remain the weakest link in cybersecurity, and AI agents performing tasks on behalf of users create new risks through unsupervised actions

AI industrializes disruption at scale, particularly in phishing and social engineering attacks

Topics

Building confidence and security in the use of ICTs | Human rights and the ethical dimensions of the information society | Artificial intelligence

Key takeaways

AI in cybersecurity presents a dual nature – offering opportunities for better threat detection and automated security operations while simultaneously creating new attack vectors and risks at unprecedented scale and speed

Current digital infrastructure is fragile and unprepared for AI implementation, with most enterprises lacking adequate data strategy, compute capacity, and AI threat understanding despite ambitious deployment plans

AI fundamentally changes cybersecurity from protecting systems and data to protecting decision-making and trust, requiring new frameworks that can measure and verify authenticity and provenance

Organizations need AI operating systems with integrated context, agentic, and governance layers rather than implementing isolated AI use cases

The paradigm shift involves scaling decisions rather than just transactions, requiring new cultural approaches, talent development, and risk management strategies

India is positioned advantageously at the intersection of AI and cybersecurity to develop world-class talent and leverage emerging opportunities

Assessment frameworks for AI systems are critically needed to evaluate both security and functional aspects before production deployment

Corporate AI responsibility should emerge as a new standard, with organizations taking ownership of their AI systems’ actions and impacts

Resolutions and action items

Development of assessment frameworks for AI systems by government agencies (mentioned ongoing project funded by National Cyber Security Coordinator’s office starting November 2024)

Implementation of AI operating systems with trust and governance layers by enterprises like TataComm

Utilization of regulatory sandboxes (RBI, telecom sector) for testing AI technologies before production deployment

Building secure networking infrastructure with distributed security mesh rather than separate appliances

Capacity building initiatives across sectors, particularly in less mature sectors like healthcare

Development of institutional frameworks leveraging existing cybersecurity infrastructure (CERT India, CIPC)

Unresolved issues

How to bridge the cybersecurity maturity divide across different sectors while maintaining uniform AI adoption enthusiasm

Specific mechanisms for measuring and quantifying AI-related strategic risks in financial terms for board-level decision making

How to balance the speed of AI adoption with necessary security precautions without losing competitive advantage

Standardization of AI assessment frameworks across industries and regions

Managing the talent gap between younger AI-native workers and experienced professionals in traditional paradigms

Identifying and preparing for potential business model disruptions from AI-native companies

Addressing the fundamental challenge of applying deterministic security requirements to probabilistic AI technologies

Developing effective governance mechanisms for AI agents performing unsupervised tasks on behalf of users

Suggested compromises

Slowing down AI implementation when necessary to ensure proper security foundations are in place, despite competitive pressures

Using regulatory sandboxes as a middle ground to test AI technologies safely before full production deployment

Implementing AI operating systems that provide governance controls while still enabling AI innovation and productivity gains

Building virtual distributed security mesh that balances the need for pervasive security with infrastructure flexibility

Adopting a platform approach for AI implementation rather than individual use cases to balance efficiency with governance

Focusing on capability building and outcome definition simultaneously rather than pursuing either in isolation

I don’t think people have woken up to the fact that they are fast running towards the cliff. Because I genuinely think that the digital infrastructure in enterprises today are already fragile… So that’s why I’m saying that in all our excitement of AI, I’m very passionate and excited about AI, but I genuinely feel that people are not looking at the foundations… So you can’t build a skyscraper with a foundation of a bungalow, which is what they’re trying to do.

Speaker

A. S. Lakshminarayanan

Reason

This metaphor powerfully reframes the entire AI adoption conversation from one of opportunity to one of foundational risk. It challenges the prevailing excitement about AI by highlighting that enterprises are building advanced AI capabilities on inherently fragile digital infrastructure.

Impact

This comment fundamentally shifted the discussion’s tone and became a recurring theme. Multiple subsequent speakers referenced this ‘fragility’ concept, with Daisy citing their AI readiness index showing the ‘ambition versus reality gap’ and other panelists building on the infrastructure concerns. It moved the conversation from theoretical AI benefits to practical implementation challenges.

Case of AI is that it’s really happening at a breakneck speed… the issue is that there are nation states or big enterprises which are adversarial enterprises which would be using AI as a tool for doing it and they have got a lot of motivation to put in effort and thought process into how do I use it more effectively. Then the persons who are actually using AI for their own benefit… So this is where there is a disconnect and this has to be really bridged.

Speaker

G. Narendra Nath

Reason

This insight reveals a critical asymmetry in AI adoption – that malicious actors are more motivated and focused in their AI implementation than defensive users, creating a dangerous imbalance. It’s a sophisticated analysis of the strategic dynamics at play.

Impact

This comment introduced the concept of motivational asymmetry that influenced later discussions. Dharshan later built on this by discussing how AI could level the playing field for defenders, directly addressing this imbalance. It shifted the conversation from technical challenges to strategic and motivational ones.

I think rather than focusing on whether this LLM is good or that LLM is good and so on, this AI operating system is what is required for people to build an application which will ensure that all of these are governed properly… enterprises require an AI operating system… you need the context layer, you need the agentic layer, and more importantly, you need to have a trust and governance layer.

Speaker

A. S. Lakshminarayanan

Reason

This concept of an ‘AI operating system’ with distinct layers (context, agentic, trust/governance) provides a concrete architectural framework for managing AI complexity. It moves beyond abstract concerns to propose a systematic solution.

Impact

This framework became a reference point for other speakers. Dharshan later mentioned ‘AI security operating system’ as a parallel concept, and the layered approach influenced discussions about governance and control. It elevated the conversation from problem identification to solution architecture.

Cybersecurity has so far been a very asymmetric equation. The intruders have always had an advantage over the defenders… But with AI, now all of a sudden we are at the level playing field from a technology standpoint to identify a needle in the haystack.

Speaker

Dharshan Shanthamurthy

Reason

This reframes AI as potentially solving one of cybersecurity’s fundamental problems – the asymmetric advantage of attackers. It provides a hopeful counterpoint to the fear-based discussions while acknowledging the historical challenge.

Impact

This comment provided crucial balance to the discussion, shifting from predominantly risk-focused to opportunity-focused. It directly responded to earlier concerns about adversarial AI use and influenced Pradeep’s later discussion about AI as a ‘force multiplier’ for both sides.

AI is quietly reshaping the risk equation within the enterprise… cybersecurity can no longer be just about protecting systems and the data… it needs to evolve into something more… how can it evolve to start protecting decision-making and trust? Because trust is starting to become measurable… through provenance, through authenticity, as well as verification.

Speaker

Pradeep Sekar

Reason

This insight fundamentally redefines cybersecurity’s scope from protecting static assets to protecting dynamic processes like decision-making. The concept of ‘measurable trust’ introduces a new paradigm for security thinking.

Impact

This expanded definition of cybersecurity influenced the discussion’s scope, connecting to earlier points about trust and governance. It provided a bridge between technical security measures and business decision-making, elevating the strategic importance of the conversation.

AI is going to scale decisions and when you’re scaling decisions you need to think of a different paradigm all together, and we are still talking in the old paradigm of what tasks can be automated… this is a new paradigm.

Speaker

A. S. Lakshminarayanan

Reason

This distinction between ‘scaling transactions’ (previous technologies) versus ‘scaling decisions’ (AI) provides a fundamental conceptual framework for understanding AI’s unique impact. It challenges conventional thinking about AI as merely an automation tool.

Impact

This paradigm shift concept influenced the final portions of the discussion about future disruptions and strategic thinking. It provided a lens for understanding why traditional approaches to technology adoption may be insufficient for AI.

Overall assessment

These key comments transformed the discussion from a surface-level exploration of AI and cybersecurity to a deep, multi-layered analysis of systemic challenges and paradigm shifts. Lakshminarayanan’s infrastructure fragility metaphor set a sobering tone that grounded the entire conversation in practical reality, while his later insights about AI operating systems and decision-scaling provided constructive frameworks for moving forward. The interplay between pessimistic realism (infrastructure fragility, adversarial asymmetry) and optimistic pragmatism (leveling the playing field, measurable trust) created a balanced, nuanced discussion. The comments built upon each other, with speakers referencing and expanding on previous insights, creating a cohesive narrative that evolved from problem identification to solution frameworks to paradigm recognition. The discussion successfully bridged technical, strategic, and policy perspectives, largely due to these pivotal insights that elevated the conversation beyond typical AI hype or fear-mongering.

How do we develop effective assessment frameworks for AI systems that cover both security and functional aspects?

Speaker

G. Narendra Nath

Explanation

There’s a critical need for standardized frameworks to test and assess AI systems before deployment, as current assessment infrastructure is lacking

How can we bridge the cybersecurity maturity divide across different sectors adopting AI at similar rates?

Speaker

G. Narendra Nath

Explanation

Different sectors have varying levels of cybersecurity maturity, yet similar enthusiasm for AI adoption, creating uneven risk exposure

What new business models and disruptions will emerge from AI-native companies in the next five years?

Speaker

A. S. Lakshminarayanan

Explanation

Understanding potential market disruptions is crucial for strategic planning, as AI may create new intermediaries similar to how internet/cloud technologies did

How do we distinguish between cybersecurity issues and AI system malfunctioning or poor design?

Speaker

G. Narendra Nath

Explanation

The lack of clarity between security breaches and system design flaws creates challenges in proper incident response and remediation

How can enterprises build the necessary infrastructure capacity to handle AI’s exponential demands on networks and systems?

Speaker

Daisy Chittilapilly and A. S. Lakshminarayanan

Explanation

Current digital infrastructure is fragile and may not support the increased network traffic, API calls, and computational demands of AI systems

How do we make AI decision-making deterministic in critical applications while using inherently probabilistic technology?

Speaker

Daisy Chittilapilly

Explanation

Financial and citizen service applications require predictable outputs, but AI models are probabilistic by nature, creating a fundamental challenge

What mechanisms are needed to measure and quantify trust in AI systems for enterprise decision-making?

Speaker

Pradeep Sekar

Explanation

Trust is becoming measurable through provenance and verification, but enterprises need concrete methods to assess and rate trustworthiness of AI-driven decisions

How can we develop comprehensive capacity building programs to address the AI divide across different sectors?

Speaker

G. Narendra Nath

Explanation

Different sectors have varying levels of readiness for AI adoption, requiring targeted education and framework development

What are the specific dependencies created by AI adoption and how can we mitigate the risks of those dependencies?

Speaker

G. Narendra Nath

Explanation

Understanding and managing dependencies is crucial for national security and business continuity as AI becomes more integrated into critical systems