India looks beyond OpenAI/Anthropic, but should the goal be Chinese models or AI optionality?

India’s AI strategy should not be about replacing one dependency with another.

Chinese open-weight models may be cheaper, easier to self-host, and useful for experimentation. But the stronger long-term path is optionality.....Indian models, open standards, multi-model stacks, and clear controls around data, security, and deployment.

What you guys think??? Should India lean more on Chinese open models for now, or focus harder on building domestic AI capability???

Read more at:
https://economictimes.indiatimes.com/tech/artificial-intelligence/alternatives-to-openai-anthropic-with-us-prime-ai-off-the-table-india-opts-for-fine-china/articleshow/132057030.cms?from=mdr

u/sunychoudhary — 7 days ago

What do security teams wish founders understood before selling to them?

I’m a founder building in the AI security space, focused on how companies adopt AI tools without leaking sensitive data through prompts, browser-based AI apps, copilots, internal assistants, or agent workflows......I have product and founder experience, but I’m trying to pressure-test my understanding from the practitioner side....///

For people working in security teams.... what do founders in this space often misunderstand about how security actually gets evaluated, adopted, or blocked inside companies?

Areas I’m especially interested in:

- how teams think about DLP and data leakage in AI workflows

- browser/SaaS visibility gaps

- prompt injection and agent misuse

- IAM, access control, and audit trails

- what makes a tool operationally useful vs just another dashboard

- what security teams need before trusting a new product

I’m not looking for generic startup advice. I’m more interested in the practical gaps founders miss when building for security teams.......What would you want an AI security founder to understand before trying to sell into your environment?

reddit.com
u/sunychoudhary — 7 days ago

How should companies estimate the risk of employees using AI tools without approval?

A lot of companies are now dealing with Shadow AI.

Employees use ChatGPT, Claude, Gemini, Perplexity, coding copilots, browser extensions, AI meeting tools, writing assistants, and other AI apps before IT or security teams formally approve them.

The risk is not just that the tool is “unapproved.”

The bigger issue is what gets shared, customer data, internal documents, source code, financial information, meeting transcripts, contracts, confidential strategy, regulated or personal data.

That made me think about how companies should estimate the actual exposure from Shadow AI.

A simple Shadow AI risk estimate should probably look at:

  1. Data sensitivity What kind of information are employees sharing with AI tools?
  2. Number of employees using AI Is this limited to a few people, or is it happening across teams?
  3. Number of AI tools in use Are employees using one approved tool, or dozens of random tools and extensions?
  4. Third-party provider risk Where is the data going? Is it retained? Is it used for training? Is there any vendor review?
  5. Regulatory exposure Could the usage involve personal data, financial data, healthcare data, or other regulated information?
  6. Detection and response maturity Would the company even know if sensitive data was pasted into an AI tool?

The point is not to predict an exact shadow ai breach cost. That is almost impossible.

But even a directional estimate can help companies understand which AI workflows are low risk, which are risky, and where governance should start.

To me, the biggest mistake is treating all AI usage the same.

An employee using AI to rewrite a generic email is very different from someone uploading customer records, source code, or legal documents into an unapproved tool.

Curious how others are thinking about this.

For companies in India adopting AI quickly, should Shadow AI risk be treated mainly as a security issue, a compliance issue, or an employee education issue?

u/sunychoudhary — 10 days ago

Microsoft: 2 ransomware groups hit SharePoint in parallel attacks

A Microsoft investigation into a ransomware case found that 2 different attackers operated simultaneously, demonstrating that modern attacks are not always isolated events and require different responses. The activity was linked to on-premises SharePoint servers that were targeted through known vulnerabilities.

https://cybernews.com/security/microsoft-ransomware-group-sharepoint-parallel-attacks/

reddit.com
u/sunychoudhary — 10 days ago

Microsoft: 2 ransomware groups hit SharePoint in parallel attacks

A Microsoft investigation into a ransomware case found that 2 different attackers operated simultaneously, demonstrating that modern attacks are not always isolated events and require different responses. The activity was linked to on-premises SharePoint servers that were targeted through known vulnerabilities.

https://cybernews.com/security/microsoft-ransomware-group-sharepoint-parallel-attacks/

reddit.com
u/sunychoudhary — 11 days ago

Most AI startups worry about features. Who is checking what data goes into prompts?

A lot of AI startups in India are moving fast right now.

PDF chatbots, customer support bots, sales copilots, HR assistants, internal knowledge tools, coding agents, everyone wants to ship the AI feature before competitors do.

But I don’t see enough people talking about a basic question:

What data are users and employees sending into these AI systems?

Because once the feature goes live, people start pasting everything like customer details, contracts, invoices, API keys, internal docs, support tickets, financial data, HR information or private business context.....

The model may be good. The feature may work. But if sensitive data is entering prompts without checks, logging, redaction, or access control, the product is carrying a hidden risk.

This feels especially important for Indian startups because many teams are building fast with small engineering teams, third-party APIs, open-source models, and quick MVP workflows.

AI security should not start after the first leak.

So i want to know how founders/devs here are handling this?

Are you checking prompt data before it reaches the model?
Are you redacting sensitive information?
Are you logging AI interactions safely?
Are you separating internal data from customer-facing AI features?
Or is this still mostly ignored during MVP stage?

reddit.com
u/sunychoudhary — 13 days ago