India leads APJ in enterprise AI adoption, ranks second globally: Zscaler ThreatLabz Report

India has emerged as the most active market for enterprise AI and machine learning usage in the Asia-Pacific and Japan (APJ) region, and the second largest globally after the US, according to the ThreatLabz 2026 AI Security Report released by Zscaler. The findings underline both the scale of India’s AI adoption and the growing security risks accompanying the shift, as organisations struggle to govern AI systems operating at machine speed.

The report is based on an analysis of nearly one trillion AI and ML transactions processed across the Zscaler Zero Trust Exchange platform between January and December 2025. It points to a tipping point where AI has moved beyond productivity enablement to become a primary vector for autonomous cyberattacks.

“AI is no longer just a productivity tool but a primary vector for autonomous, machine-speed attacks by both crimeware and nation-state,” said Deepen Desai, EVP Cybersecurity at Zscaler. “In the age of Agentic AI, an intrusion can move from discovery to lateral movement to data theft in minutes, rendering traditional defenses obsolete. To win this race, organizations must fight AI with AI by deploying an intelligent Zero Trust architecture that shuts down the potential paths for the attackers of all kinds.”

India at the centre of enterprise AI growth

Between June and December 2025, Indian enterprises generated 82.3 billion AI/ML transactions, accounting for 46.2% of all such activity in APJ. This placed India ahead of Japan, which recorded 18.6 billion transactions, and Australia, with 15.3 billion. Year-on-year, India’s AI/ML activity surged by nearly 310%, reflecting how deeply AI is being embedded into core business operations.

Within the country, AI usage was most pronounced in technology and communications, manufacturing, services, and financial services, highlighting adoption across both digital-native and traditional sectors. However, the report cautions that AI deployment is outpacing governance. Many organisations still lack a clear inventory of where AI models are running and what data they are accessing, leaving sensitive information exposed.

“India’s scale of enterprise AI adoption is accelerating faster than most organizations’ ability to govern it,” said Suvabrata Sinha, CISO-in-Residence, India at Zscaler. “With AI now embedded in everyday business applications and workflows, the security priority for Indian enterprises is clear: understand where AI is being used, inspect the data being shared, and enforce the right controls consistently. A zero-trust approach with strong data protection and continuous visibility is essential to secure AI-driven transformation at the speed the market now demands.”

Agentic AI exposes systemic weaknesses

Zscaler’s red team testing revealed how fragile many enterprise AI environments are under real-world attack conditions. In controlled assessments, critical vulnerabilities were identified within minutes, with a median time to first failure of just 16 minutes. In extreme cases, defences were bypassed in seconds, underscoring how quickly autonomous AI-driven attacks can unfold.

The report also flags the rapid expansion of AI supply chains as a new source of enterprise risk. AI and ML activity across more than 3,400 applications grew by over 90% year-on-year, yet many organisations have little visibility into the models and dependencies interacting with their data. Weaknesses in shared model files, the report notes, are increasingly being exploited as lateral entry points into core systems.

Data exposure through embedded and standalone AI

ThreatLabz highlights the scale at which enterprise data is flowing into AI platforms. In 2025 alone, data transfers to AI and ML applications reached more than 18,000 terabytes, nearly doubling from the previous year. Tools such as ChatGPT and Grammarly have become concentrated repositories of corporate intelligence, attracting heightened interest from cyber adversaries.

Particularly concerning is the rise of “embedded AI” features within everyday SaaS platforms, which are often enabled by default and remain invisible to legacy security tools. The report identifies Atlassian as a leading source of such activity, reflecting widespread use of AI-powered capabilities in tools like Jira and Confluence.

According to the findings, more than 410 million data loss prevention violations were linked to ChatGPT alone, involving attempts to share sensitive information ranging from source code to personal and medical data. This, the report argues, turns AI governance from a policy debate into an immediate operational imperative.

Rethinking security for the AI era

The report concludes that traditional perimeter-based security models are no longer sufficient in AI-driven environments. With AI systems operating dynamically across users, applications, and cloud platforms, Zscaler advocates a zero-trust, AI-native security approach focused on continuous verification, deep inspection of encrypted traffic, and real-time containment of threats.

As Indian enterprises continue to scale AI adoption faster than most global peers, the ThreatLabz report positions the country at the forefront of both opportunity and risk. The message is clear: without modernised security architectures designed for machine-speed threats, the same AI systems driving innovation could rapidly become the weakest link in enterprise defence.