Photo credit: businesstoday.inIndia’s Ministry of Defence is using AI tools to find weak code, sort cyber alerts and train officers for attacks that have not happened yet. The reason is blunt. Cyberattacks now move faster than the people who used to track them manually.Vivek Yadav, the Ministry’s Director of IT and Cybersecurity, told GovInsider that the Ministry is following a “Use AI to fight AI” approach. The aim is to use machines for the first layer of cyber defence, while analysts and commanders take the harder calls.This is not about handing defence networks to a chatbot. It is about cutting the time between a warning appearing and a person seeing the warning that matters.An attacker can send thousands of altered phishing emails, test exposed systems or use stolen credentials at a speed no human team can match by hand. A security team can still investigate the serious cases. It cannot realistically examine every odd login, failed access attempt or suspicious file without help.That is where the Ministry wants AI to step in.The first change is happening while software is being writtenSecurity checks used to arrive late.A system would be built. It would move into testing. A security team would inspect it. If they found weak code, developers had to go back and repair work that may already have been tied into several other parts of the system.Yadav said the Ministry is now bringing AI tools into software development much earlier. These tools can flag insecure coding practices while developers are still writing the software.The idea is simple. Fix a weakness before the system goes live, not after it becomes a problem.That could include spotting hard-coded passwords, unsafe input handling, weak access controls, risky software libraries or code that does not follow internal security rules. AI tools can flag those patterns quickly. They cannot decide whether a system is secure on their own.A developer still needs to know what the software does. A security team still needs to know who can access it, what information it handles and what happens if it fails.AI can point at the smoke. People still have to decide whether there is a fire.The Ministry wants machines to sort the noiseThe same thinking applies to day-to-day cyber operations.Large government networks generate a huge number of alerts. Some come from harmless activity. Some come from configuration errors. Some point to a real attack. The problem is not getting alerts. The problem is finding the one that needs attention before it becomes serious.Yadav told GovInsider that AI is being used to filter alerts, identify unusual behaviour and flag possible signs of compromise before human responders begin their review.That can save time. A system may notice that one account is trying to access an unusual set of files, logging in from a strange location or behaving differently from its normal pattern. It can push that case higher in the queue. An analyst can then check whether it is a compromised account, an authorised user travelling, a test system or something else entirely.This is an important limit. A machine can spot a pattern. It cannot always explain intent.A late-night login may be suspicious. It may also be a person doing their job at a bad hour. A large file transfer may be theft. It may be an approved backup. Defence work has too many unusual situations for an automated system to make every final call.The Ministry’s approach, based on Yadav’s remarks, is to use AI for sorting and early warning, not as a replacement for human judgment.Faster attacks are changing the job of cyber teamsAI has made cyberattacks cheaper to produce and easier to vary.A phishing email can now be written in several styles and languages within minutes. An attacker can change names, subject lines and wording to avoid simple spam filters. They can create fake voices, fake messages and fake documents that look more convincing than the old “You have won a prize” scams.The danger is not that every attack suddenly becomes brilliant. The danger is volume. A weak attack sent once may fail. The same attack sent in 10,000 slightly different forms may eventually find someone who clicks.That creates a problem for government teams. They cannot wait for an attack to look exactly like an older attack. They need systems that can notice unfamiliar behaviour as well.Yadav said the Ministry is trying to use AI to analyse patterns across large sets of data and surface signs that might otherwise be missed.That can help. It can also go wrong. It's a double-edged sword. AI systems can produce false positives. They can rank harmless activity as dangerous. They can miss threats if the data used to train them is weak or incomplete. Attackers may also try to feed bad data into systems, hide inside normal traffic or create behaviour designed to confuse detection tools.The Ministry has acknowledged that accuracy, explainability and accountability matter when automated systems are used in defence.That is the right concern. A security tool that cannot explain why it raised an alert can still be useful. A security team that blindly follows it is not.“Sovereign AI” means control over data and systemsYadav also spoke about sovereign AI.The phrase can sound vague. In this case, it means the Ministry wants greater control over the models, data and systems used for sensitive work.A defence body cannot casually upload internal network data, operational information or sensitive documents to an external AI service and hope for the best. It needs to know where the data goes, who can access it, how long it is stored and whether it can be used to train someone else’s system.Yadav said training systems on domestic datasets and internal information can reduce dependence on outside models and give the government more control over sensitive data.That does not mean every AI tool needs to be built from scratch inside a ministry office. It means the Ministry wants control over the data that matters most.There is a practical reason for this. An AI system trained on internal activity may get better at spotting behaviour that does not belong in a defence network. It may understand normal patterns more clearly than an outside system built for generic business users.But that brings its own risk. A model trained on sensitive internal data becomes valuable. If someone manipulates the training data, compromises a feed or learns how the system ranks threats, they may find ways to hide from it.The point is not just to own the model. It is to know what the model knows, where that information sits and who is responsible when it gets something wrong.WARDEC is using software to make military exercises less predictableThe Ministry is also looking beyond live cyber operations.Yadav said AI-generated scenarios are being used through the War Game Development Centre, known as WARDEC, to expose commanders to cyber situations that may not match past incidents.The purpose is not to predict the future perfectly. Nobody can do that. It is to stop training only for the last attack.A cyber exercise can test what happens when systems fail in the wrong order, when a false alert distracts a team, when communications are disrupted or when an attack hits during another crisis. AI can help generate more variations than a training team could create by hand.WARDEC already has a visible role in the Indian Army’s software-led training and decision support work. In February 2026, the Army announced three indigenous WARDEC applications: the Auto Evaluation Map Marking Tool, Combat Decision Resolution Version 9 and Automated Intelligence Preparation of the Battlefield. The Army said the tools were meant to support commanders at different levels.That does not prove that all defence cyber exercises are now driven by generative AI. It does show that the Army is investing in software that helps commanders examine choices and prepare for difficult situations.The value of a war game depends on the quality of the exercise.A weak simulation teaches people to win a game. A good simulation shows them where their plans fail.Language can slow down a security responseCybersecurity guidance often arrives in dense English, full of terms that people may recognise but not fully understand. That is a problem when the person receiving the alert has to act quickly.Yadav pointed to BHASHINI as an example of how AI-based translation could help make cybersecurity instructions available in more Indian languages.BHASHINI is a government-backed language technology programme under the Digital India Bhashini Division. Its stated aim is to help people access digital services in their own languages through speech, translation and other language tools.For cyber defence, the value is basic. An alert that is not understood is not much use.A warning about a phishing attempt, a password reset or a suspicious attachment needs to be clear enough for the person receiving it to act. It should not need a second person to translate it before the first person knows what to do.Translation tools need care in this setting. A badly translated instruction can create a new problem. Technical terms must stay precise. The message must remain clear. But the Ministry is right to treat language as part of the job, not an afterthought.The hard part is still humanThe phrase “Use AI to fight AI” makes a tidy headline. The actual work is messier.Cyber defence still depends on people following basic security rules. It depends on software teams fixing issues early. It depends on analysts checking serious alerts. It depends on managers giving security teams the time and authority to act. It depends on training that feels close enough to real pressure to be useful.Yadav said cyber risk assessments need to include people, processes, infrastructure, implementation and governance, not only technology.That is the heart of the story.A strong AI system cannot rescue a weak password policy. It cannot fix a team that ignores patching. It cannot stop every person from clicking a convincing fake link. It cannot make an unclear chain of command suddenly work during an incident.It can help a small team see more, faster.That is valuable. It is not magic.What the Ministry has said, and what it has notThe Ministry’s comments show where it wants to go.It wants AI involved earlier in software development. It wants AI to reduce alert overload in cyber operations. It wants better training through WARDEC. It wants language tools to make guidance easier to use. It wants more control over sensitive data and internal models.It has not said that India has deployed autonomous cyber systems that can respond to attacks without human approval.It has not said that AI can prevent every breach.It has not said that sovereign AI removes dependence on external technology overnight.Those details matter because defence technology stories can quickly turn into grand claims. The Ministry’s own position is more practical than that. It is trying to give people better tools before the attack becomes too large to handle comfortably.That is a much more useful goal.end of article