In a compelling discussion with CIO & Leader, Vaibhav Koul, MD – Technology & Digital, Cybersecurity at Protiviti India, shares actionable insights on leveraging AI to combat cyber threats.
From ransomware to deepfakes, Koul, drawing on his extensive experience, outlines how businesses can navigate AI-driven risks, comply with regulations like India’s DPDP Act, and secure data in a digital era. This story weaves his expertise with recent data to present a clear, impactful narrative.
Vaibhav Koul observes that AI is transforming cybersecurity, both as a threat and a solution. “There are threats related to automated phishing, deepfakes, and polymorphic malware which is AI-driven as well,” he notes, highlighting the sophistication of modern attacks. A 2024 Cybersecurity Ventures report confirms a 10,000-fold surge in phishing attacks over the past three years, driven by AI automation that allows even small teams to execute complex schemes like fund diversion.
Koul emphasizes that defenses must evolve, using AI to automate routine tasks in Security Operation Centers (SOCs). “Typically, there’s an L1 analyst; his or her role can be completely automated,” he explains, noting that AI correlates data, enabling analysts to focus on decision-making. This shift reduces task times from weeks to hours, with a 2025 Gartner study showing a 60% drop in SOC incident response times.
Governance is critical to manage AI risks. Koul warns of “shadow AI,” where employees use unapproved tools like ChatGPT, risking data leaks. “It’s very easy for anyone to log into a Copilot and ask for support… it might have confidential information without you knowing it’s going out,” he says.
Tackling AI-Driven Cyber Threats
Only 22% of organizations had clear AI policies in 2024, per a Deloitte survey, underscoring the urgency of robust frameworks. Koul advises hosting AI platforms, like Microsoft Copilot, on internal clouds to control data and comply with India’s DPDP Act, effective since 2023. He also recommends AI-driven tools to flag sensitive data outflows, akin to internet filters that block harmful sites.
Compliance with the DPDP Act is a cornerstone for privacy, Koul asserts. “The provisions of the DPDP Act require explicit consent… data minimization is again extremely important,” he says, urging businesses to map personal data across servers and automate consent management. According to a Protiviti report, 70% of Indian firms are investing in such tools to align with DPDP, enhancing customer trust. Koul also stresses data subject rights, like requesting data deletion, and regular audits to stay compliant. “If I want an organization to remove all information about me, I have a right to do that,” he notes, emphasizing user empowerment.
Building Trust Through Governance and Compliance
Third-party risks are a growing concern, especially with AI-driven supply chain attacks. Koul explains, “Some of the very typical attacks… are related to man-in-the-middle, fund diversion-related attacks.” Under the DPDP Act, data fiduciaries must enforce vendor security through back-to-back contracts. A 2025 IBM study reveals 40% of breaches involve third parties, highlighting the need for AI-powered data leakage prevention tools to secure supply chains.
In India’s banking sector, Koul sees privacy as a competitive edge. “Banks now are slowly starting to look at privacy and data security as an edge,” he says, noting that transparent consent practices reduce spam and build trust. A 2024 McKinsey survey finds 65% of Indian banking customers prefer such institutions. With RBI and SEBI guidelines mandating robust data protection, Koul underscores AI’s role in managing the “humongous” customer data in this highly regulated sector.
A 2025 Forrester report notes 80% of Indian enterprises use hybrid clouds for security and scalability, with AI-driven identity management ensuring secure access. Cloud adoption, guided by RBI’s data localization rules, is another focus. “The data localization guidance from RBI requires that transaction data should remain within the country,” Koul explains, advocating for hybrid cloud setups.
“The old belief that critical workloads shouldn’t go to cloud no longer holds true. Today, cloud is often more secure—if you do it right.” he highlighted.
Shaping a Secure Future with AI
Looking ahead, Koul is optimistic about AI’s impact. “I would look at it from a very positive lens… it will bring in a lot of efficiencies,” he says, citing applications in banking, pharma, and cybersecurity. Rather than job loss, he foresees job evolution, with a 2024 World Economic Forum report predicting 12 million new AI-related jobs by 2030. However, he stresses human oversight: “The validation part of it is extremely important… people get a sense that the output is 100% correct, which it may not be.”
Koul views AI as a colleague, aiding tasks like brainstorming articles, but warns against over-reliance to maintain personalization. He encourages professionals to treat GenAI like a helpful colleague use it for ideation, execution, and acceleration, but never without validation. “Jobs won’t vanish. They’ll evolve. We must learn how to use AI thoughtfully, with human oversight.” he added.
“If we treat AI like an assistant—not a replacement—and embed responsibility in its usage, it will become a long-term enabler, not a risk.” he added further.
Vaibhav Koul’s insights illuminate AI’s dual role in cybersecurity empowering both threats and defenses. By adopting AI automation, governance, and compliance with regulations like the DPDP Act, businesses can secure data and build trust. As India’s digital economy targets a $1 trillion contribution by 2030, per a 2024 NASSCOM report, Koul’s strategies offer a roadmap for a secure, innovative future.