
The Indian government has asked domestic AI firms Sarvam and BharatGen to modify their existing foundation models and build capabilities similar to advanced cyber-focused frontier models for use in protecting critical infrastructure. The initiative is intended to create indigenous AI capabilities that can be hosted on isolated government compute infrastructure and deployed for defensive cyber operations.
The development comes as governments and regulated sectors globally assess how frontier AI models may alter cybersecurity risk. Advanced models capable of reasoning across code, vulnerabilities and systems can be valuable for defensive work such as vulnerability discovery, red-teaming, incident triage and remediation planning. The same capability profile also raises concerns because it can compress the time available for institutions to identify and fix weaknesses in legacy technology environments.
India’s approach appears to be shaped by two linked priorities: access and control. Access to the most advanced foreign AI systems can be constrained by export controls, provider restrictions, model safety policies or geopolitical decisions. Control matters because critical-infrastructure defence involves sensitive operational data, government systems and regulated-sector dependencies that cannot always be routed through commercial cloud environments or foreign-hosted AI tools.
Sarvam and BharatGen are already part of India’s broader effort to build domestic AI capabilities. Sarvam has been associated with Indian-language foundation-model development and domestic AI infrastructure ambitions, while BharatGen is positioned around sovereign model development. Asking such firms to adapt their models for cyber-defence workloads reflects a policy push to develop national AI capacity that is operational, not merely demonstrative.
The government has also deployed a combination of open-source models, including Sarvam, to plug gaps in critical infrastructure. Officials are still exploring access to frontier systems developed overseas, but the domestic track is intended to reduce dependence on external providers for sensitive cyber functions.
The effort sits at the intersection of AI sovereignty, cybersecurity and public-sector infrastructure modernisation. For Indian enterprises, especially in banking, telecom, energy, transport and public digital infrastructure, it signals a likely shift in expectations around AI-enabled security operations. Defensive AI could become part of national cyber preparedness, but deployment will need strong governance, model evaluation, auditability, access controls and clear boundaries between defensive testing and offensive capability.
The most material question now is execution: whether adapted domestic models can match the reliability, reasoning depth and security controls required for high-stakes infrastructure environments.




