India’s digital economy is growing at an unprecedented pace, projected to contribute 20% of GDP by 2026. While this rapid digitalisation opens doors for innovation and growth, it also creates new attack surfaces for increasingly sophisticated cyber threats. In this era where cyber incidents strike every 39 seconds, organisations need to move beyond reactive defences and embrace AI-driven security that can predict, prevent, and respond autonomously.
We spoke with Diwakar Dayal, Managing Director & Area Vice President – India & SAARC, SentinelOne, on how Agentic AI is transforming cybersecurity, tilting the balance of power towards defenders, and empowering Indian enterprises to secure their digital future against AI-powered attacks, ransomware, and complex supply chain risks.
Some edited excerpts:
1. What are the biggest lessons Indian enterprises and governments should take from high-impact cyber incidents?
Cyber incidents strike every 39 seconds. Reactive defences are no longer enough – it’s about learning. A key lesson from high-impact cyberattacks is that the lack of a strong incident response framework puts organisations at risk of significant financial and reputational damage. What is a strong Incident response framework? One that continuously adapts to strengthen the organisation’s cybersecurity posture.
India’s fast-expanding digital economy – projected to contribute 20% of the GDP by 2026 – is a double-edged sword. Quick growth brings with it increased exposure, especially as cloud and AI adoption rise. All this while the nation grapples with a shortfall of 1.5 million cybersecurity professionals by 2025, according to the Arconis Cyberthreats Report. Now more than ever, in the age of AI-powered threats, automation and integrated platforms are critical to security.
Building an elite in-house security team is unreachable for many businesses in India, particularly SMEs. Fortunately, they can outsource their incident response. There are solutions in the market that deliver round-the-clock threat intelligence, regulatory expertise, and rapid containment of breaches.
Investing in structured incident response services, upskilling their teams, and continuously learning from each incident will enable Indian organisations to build resilience and stay ahead of evolving threats.
2. In hindsight, what common preparedness gaps do you see across these attacks – and how could an autonomous response strategy have made a difference?
A common problem is fragmented security tool stacks, slowing down communication between tools. When analysts have no choice but to jump between dashboards, response times suffer. Detection, containment, and recovery are all slowed exactly when speed matters the most.
Another key gap is the lack of SIEM interoperability. For many Indian enterprises, this results in limited visibility across multi- and hybrid cloud environments. It also creates a lot of friction when migrating data or integrating new security layers.
The clear value of autonomous response strategies is that it doesn’t need constant manual monitoring. It can also triage, analyse, and remediate rapidly. AI-driven tools empower quick response times and can scale the capabilities of even small security teams.
3. As AI becomes a double-edged sword – used both to attack and defend – how do you see the balance of power shifting in the cybersecurity ecosystem?
With AI, cyberthreats like deepfakes and zero-days are becoming harder to detect. But defenders are not powerless. While attackers are using AI to scale their assaults, defenders are using AI to scale intelligence, speed, and impact. SentinelOne’s Purple AI, for instance, doesn’t just assist—it acts. By replicating and scaling the reasoning of expert analysts, the advancedAI security analyts reduces fatigue, hastens investigations and resolutions, and enables full-loop automated workflows. This auto-triage and investigations slashes response times from hours to minutes. And a growing number of Indian enterprises are embracing it to drive proactive security and bolster their defenses.
4. What role is Agentic AI playing in tilting the advantage toward defenders? Can you share real examples of this in action?
Agentic AI is redefining cyber defence by enabling machines to think and act like seasoned analysts at the speed and scale of machines. With SentinelOne’s Purple AI,, defenders can move from manual response to AI-powered triage, investigation, and autonomous action. This slashes dwell time and shifts the advantage firmly toward defence.
Key SOC functions like anomaly detection, rule porting, and SIEM orchestration are powered by Purple AI. It also seamlessly integrates with other platforms to boost detection capabilities without forcing vendor changes. Additionally, partners are trained to leverage AI more effectively, which reduces the manual workload while scaling the impact of analysts.
5. With ransomware groups becoming increasingly industrialised and deepfakes adding a new layer of deception, how is SentinelOne helping organisations detect faster and respond smarter?
SentinelOne’s AI-native architecture is built to detect advanced threats like deepfake-driven intrusions and lateral movement. Leveraging behavioural AI to detect malicious activity instead of just known patterns makes it incredibly effective against AI-powered and zero-day threats. The patented Storyline technology analyses activities across users, devices, and networks to reconstruct attack chains in real time, allowing organisations to detect complex threats within minutes and head off damage before it escalates.
Its cloud-native design adds another layer of defence, securing critical assets like containers, keys, and certificates—frequent entry points for ransomware.
6. How can businesses strengthen cyber resilience across complex supply chains where risk is often inherited?
Digital supply chain attacks represent a strategic shift for cybercriminals, offering a pathway to compromise multiple organizations through a single, often unsuspecting, point of entry. By infiltrating suppliers’ networks, adversaries can inject malicious code, compromise data integrity, and even manipulate physical processes in manufacturing and distribution.
Global reliance on third-party vendors in the business landscape comes with a set of inherent cyber risks that organizations across all industries must grapple with. These risks stem from the closely-connected nature of supply chains, where vendors often have access to sensitive data and systems.
To safeguard organizations from third-party related cyber risks, C-level executives and security leaders need to establish a Third-Party Risk Management (TPRM) Program, which includes creating a standard vendor assessment process; understanding vendors’ cybersecurity strategies; and establishing security expectations and requirements. They must also leverage autonomous, AI-driven cybersecurity platforms like SentinelOne Singularity™ to deliver all-around protection.
7. Looking ahead, what are the 2-3 strategic imperatives that CISOs in India must act on now to ensure long-term resilience?
To ensure long-term resilience, CISOs in India must shift from reactive to predictive security by adopting AI-native platforms. Solutions like SentinelOne’s Purple AI enable faster threat detection, autonomous response, and continuous learning to stay ahead of evolving attacks.
Next, CISOs in India must integrate and unify their fragmented environments. They should prioritise platforms that can seamlessly integrate with existing SIEMs, multi-cloud setups, and endpoint tools without needing to overhaul the entire infrastructure.
Finally, CISOs must invest in partnerships that will help efficiently scale security operations. Engaging with MSPs, GSIs, and cloud providerss essential. India is ahead of the curve here, as the region has a high adoption rate of SentinelOne’s full partner stack compared to other global markets. Whether by upskilling internal teams or tapping into partner expertise, CISOs must build agile, collaborative security ecosystems for the future.