AI-driven cyber threats forcing rethink of enterprise security, says Elastic CISO

The speed and scale at which cyber threats are evolving is forcing enterprises to fundamentally rethink how they manage cybersecurity operations, according to Mandy Andress, Chief Information Security Officer at Elastic.

Speaking to Business Today, Andress said the biggest shift organisations are seeing is the pace at which artificial intelligence is enabling new forms of attacks.

“Earlier, we had days, maybe hours to act as defenders when a new vulnerability was found, now it is down to minutes. You either need to be reactive at machine speed or redesign your controls to be more proactive,” she said.

The San Francisco-headquartered company provides an open-source platform for search, observability and security solutions. According to Andress, discussions with customers are increasingly shifting beyond traditional cybersecurity towards cyber resilience, as organisations look to withstand the scale and velocity of attacks that AI is enabling.

Importantly, the shift is no longer confined to IT teams.

“The shift is happening at a senior management level and is now being seen through an enterprise risk perspective, not just as a technology risk,” she said.

India emerging as a key market

India has emerged as an important market for Elastic, with customers spanning financial services, public sector organisations and telecom companies.

“We see a massive opportunity here with the government investing in building digital infrastructure. All companies are investing in modernisation and bringing in AI, so there’s a big market opportunity,” Andress said.

The company operates a global innovation centre in Bengaluru, which supports product development as well as several global functions.

Elastic works with enterprises across three key areas: modernising security infrastructure, maximising existing technology investments and addressing the cybersecurity talent gap.

According to Andress, many companies initially invest in security tools primarily to meet regulatory requirements, but often fail to extract the full value from those systems.

Elastic’s approach involves adding an AI layer on top of existing security infrastructure to improve cyber defence capabilities and help organisations access information across fragmented data sources.

The platform is also being used to augment cybersecurity teams by enabling junior analysts to operate more effectively.

“It also helps them bridge the skills gap by providing AI support to junior security analysts to enable them to operate with the same level of skills and proficiency as a senior security analyst or SOC operator,” she said.

Elastic’s customers in India include public sector enterprises, digital-native companies such as Apna and large enterprises like Bharti Airtel.

Airtel’s Managed Security Services platform uses Elastic’s AI-driven analytics and search capabilities to deliver real-time security operations. This enables customers to detect, investigate and respond to threats across distributed infrastructure.

Supply-chain attacks and credential theft on the rise

The nature of cyber threats is also evolving, with attackers increasingly targeting third-party software packages and open-source libraries used during the development process.

“As a result, developers are downloading and implementing compromised packages at the product development stage, creating malware or backdoors in the software,” Andress said.

This has triggered a greater focus across the industry on securing the software development lifecycle (SDLC) with stronger and more proactive controls.

In India specifically, Elastic’s 2025 Global Threat Research Report identified three major emerging risks:

• Weaponisation of AI
• Industrialisation of credential theft
• Changes in attacker behaviour once they gain system access

Generative AI tools and large language models are increasingly being used to automate the creation of malicious software, making it easier to launch large-scale attack campaigns.

According to the report, 64% of organisations in India ranked AI-enabled attacks as their top security risk, including hyper-personalised phishing campaigns and deepfake-enabled fraud.

The report also highlights the growing “access broker” economy, where attackers focus on stealing credentials rather than directly targeting sensitive data.

Nearly 70% of organisations said credential theft was the leading technique used in cloud attacks in India, while Trojans and file infectors accounted for almost 70% of detections in the country.  Attackers moving faster after breaching systems

Another major shift is in how attackers behave after gaining access to systems. Instead of hiding quietly inside networks, attackers are increasingly executing malicious code quickly before cybersecurity defences can respond.

According to the Elastic 2025 Mirror report, the tactic of “execution” has overtaken “defence evasion” as the most common attack technique.

Execution-based tactics accounted for 32.5% of all observed activity on Windows systems, nearly doubling compared to previous observations.

With the rise of AI-driven attacks, Andress said organisations will need to adopt new security models built around continuous visibility, risk-based access and intelligence-driven operations.

Compared to some global markets, Indian enterprises are also showing a greater willingness to adopt AI-driven cybersecurity tools.

“What stands out in India is the openness to adopt AI,” Andress said.