Leader InterviewsAI Business & Ecosystem
Dr. Shekhar Pawar on Securing the AI Era: Cyber Threats, Digital Trust, and Quantum Readiness
Article content
1. From Cybersecurity Leadership to Building SecureClaw
Q: Your journey spans cybersecurity leadership, risk management, and enterprise security. Looking back, what experiences shaped your perspective on cybersecurity, and what inspired you to build SecureClaw?
A:
Moving from a corporate job to SecureClaw started in January 2016. Earlier, many a time, I was on the other side of the table facing various cybersecurity and other audits, working for international clients mostly from banking, insurance, and telecommunication. For a long time, I got the opportunity to understand the importance of enterprise security and risk management during my tenure working with giant clients in the USA and European regions. When I started SecureClaw, our focus was to provide two services to clients: firstly, cybersecurity audits and solutions and also enterprise software development for automating business processes.
My past experience of successfully leading big-sized technical teams serving application development and maintenance, being an assessment team member for CMMi Level 5, and various such roles shaped my capabilities to drive such assignments. Also, I got a boost from SJMSOM, IIT-Bombay, during entrepreneurship-focused executive management studies before I moved from corporate to business. I always wanted to start a new venture from scratch, and Steve Jobs' Apple journey was my inspiration.
"The first thing is you need to have clarity of vision, and then if you are aware that every day you are investing towards that, you can grow step by step for a long way."
It was challenging for me, not being from a business family background, lacking a business community support system, not having big funding at the start, and even taking time to build a new brand value in the market. The first thing is you need to have clarity of vision, and then if you are aware that every day you are investing towards that, you can grow step by step for a long way.
2. The Mission Behind SecureClaw
Q: As cyber threats become more sophisticated and business-critical, what gap in the market is SecureClaw addressing, and how do you see the company's role evolving in the broader cybersecurity ecosystem?
A:
Cyber threats are becoming progressively more sophisticated due to advancements in technology and the continuous evolution of cyber kill chain methodologies. Despite this growing complexity, a significant proportion of small and medium-sized enterprises (SMEs/SMBs/MSMEs) worldwide still lack even the most basic cybersecurity controls.
During the initial years of SecureClaw, the organizational focus was on a broad spectrum of potential clients across various sectors. However, during the course of my doctoral research at SSBM, Geneva, Switzerland, this vision was refined toward the development of a Business Domain-Specific Least Cybersecurity Controls Implementation (BDSLCCI) framework, specifically tailored for SMEs. Globally, approximately 400 million businesses - accounting for nearly 90% of all enterprises - fall within the SME category. These organizations play a pivotal role in the global economy, contributing approximately 60-70% of total employment and around 55% of global GDP. Nevertheless, nearly half of these enterprises are exposed to risks of data breaches or cyberattacks.
"This framework delivers a customized set of cybersecurity controls, optimized to reduce implementation complexity, time, and cost, while maintaining adequate security posture."
Findings from my research, which included participation from senior management professionals across 19 countries, indicated several critical challenges faced by SMEs. These include limited financial resources to adopt established cybersecurity standards, a shortage of skilled cybersecurity personnel, and difficulty in quantifying or forecasting returns on cybersecurity investments. Furthermore, each organization possesses distinct mission-critical assets that require individualized protection strategies.
To address these challenges and to facilitate an effective defense-in-depth strategy across all organizational layers, the BDSLCCI framework was conceptualized and developed. This framework delivers a customized set of cybersecurity controls, optimized to reduce implementation complexity, time, and cost, while maintaining adequate security posture. The BDSLCCI framework is made accessible through a web-based portal, thereby simplifying the cybersecurity adoption journey for SMEs. After registration process, it has gap analysis, employee awareness training, process and guidelines documentation, and many helpful ready to use offerings. On successful BDSLCCI audit and assessment, SME receives certificate, transcript, and report showing effectiveness and converge of the implemented controls. Through BDSLCCI, SecureClaw aspires to strengthen cybersecurity resilience among SMEs on a global scale.
3. AI as Both a Threat and an Opportunity
Q: Artificial intelligence is transforming cybersecurity at an unprecedented pace. How do you view AI's dual role as both a powerful defense mechanism and a tool increasingly leveraged by cybercriminals?
A:
AI is reshaping cybersecurity by serving both as a powerful defense mechanism and a tool for sophisticated and cyber threats on larger span. On one hand, it enhances threat detection, predictive analytics, and automated response capabilities, significantly improving organizational resilience. Governments are warning about the risks of agentic AI systems capable of executing large-scale attacks with little human involvement. Ransomware incidents surged to over 7,400 worldwide in 2025, largely due to AI automation. New malware like “Hades” emerged in June 2026, employing AI techniques such as prompt injection to bypass detection. With the 2026 FIFA World Cup approaching, cybercriminals initiated widespread AI-driven scams using counterfeit websites, apps, and impersonation strategies.
Cybercriminals increasingly exploit AI to design advanced malware, automate attacks, and conduct highly targeted phishing campaigns. This dual-use nature creates an evolving arms race between attackers and defenders. Consequently, organizations must adopt advanced AI-driven defenses while ensuring robust governance and risk management. It is important to use responsible AI and adopt AI compliance, also manual human checks are must to avoid complete rely on it.
4. The Rise of AI-Powered Cyber Attacks
Q: Threat actors are using AI to automate attacks, create convincing phishing campaigns, and evade traditional defenses. Which AI-driven threats concern you the most, and where do you believe organizations remain most exposed?
A:
Cybercriminals often succeed due to the psychological vulnerabilities of individuals in organizations, which can be exploited through various manipulative tactics. Concurrently, advancements in AI are leading to increasingly error-free technologies.
If we summerize latest statistics, AI-driven threats raising concern include deepfake-enabled social engineering, autonomous attack agents, and adaptive malware. AI-powered phishing and impersonation exploits human trust, bypassing traditional verification. Autonomous agents automate reconnaissance and attacks at machine speed, while adaptive malware changes behavior to evade detection.
"AI-powered phishing and impersonation exploits human trust, bypassing traditional verification."
Organizations are vulnerable due to human factors, limited detection, and poor AI governance, compounded by reliance on user awareness and lack of AI-native defense strategies.
5. Using AI to Strengthen Cyber Defense
Q: While attackers are embracing AI, security teams are doing the same. Where are you seeing the greatest impact of AI in cybersecurity operations, and how can organizations leverage it responsibly and effectively?
A:
AI can be likened to a pet parrot; the quality of what it "speaks" - or produces - depends heavily on the data and algorithms it is fed. AI systems can be hacked, making their security and compliance crucial. Similarly, AI systems can be hacked, making their security and compliance crucial.
In the field of cybersecurity, AI plays a crucial role by enabling real-time threat detection, automating incident responses, and providing predictive threat intelligence.
"AI is merely a tool; the effectiveness of these systems relies on the proficiency of the security teams that operate them."
However, it is essential to recognize that AI is merely a tool; the effectiveness of these systems relies on the proficiency of the security teams that operate them. AI enhances the ability to analyze vast datasets swiftly, improving overall efficiency and minimizing response times to threats. For organizations leveraging AI in cybersecurity, establishing robust governance frameworks is critical, as is ensuring data integrity and maintaining human oversight. A well-rounded approach that fuses AI automation with human expertise is necessary to navigate ethical implications and uphold accountability within cybersecurity operations.
6. The Growing Importance of Digital Trust
Q: As deepfakes, misinformation, and AI-generated content become increasingly sophisticated, how should organizations think about digital trust, identity, and cyber resilience in the years ahead?
A:
Organizations must adopt a proactive approach to digital trust, identity assurance, and cyber resilience in light of advancing deepfakes and misinformation. Key strategies include implementing maker-check policies, enhancing identity verification with multi-factor authentication, biometric validation, and zero-trust architectures. Utilizing techniques like watermarks on digital media and investing in technologies that can detect synthetic content are crucial.
Cyber resilience should be supported by real-time monitoring, threat intelligence, and rapid incident response. Additionally, bolstering governance, ethical AI use, and awareness programs is essential to counter misinformation and social engineering, ensuring sustained digital trust through a combination of technology, policies, and human vigilance. Even in few use cases, adoption of blockchain enhances digital trust and identity through immutable records of transactions and data, enabling decentralized digital identity control and verification without a single authority. Such approach minimizes identity spoofing risks.
7. Quantum Computing and the Future of Security
Q: Quantum computing has the potential to reshape the cybersecurity landscape. How close are we to meaningful disruption, and what should security leaders be doing today to prepare for a post-quantum future?
A:
Quantum computing is progressing, but according to me, significant disruption to current cryptographic systems is expected in the next decade. Many security technologies, including blockchain, rely on cryptographic keys and hashing. Once quantum systems mature, any such encrypted data can be decrypted, exposing long-term sensitive information.
"The threat of “harvest now, decrypt later” attacks puts today's sensitive and/or encrypted data at risk."
The threat of “harvest now, decrypt later” attacks puts today's sensitive and/or encrypted data at risk. It is advised that the organizations should proactively identify vulnerable assets, particularly those using public-key cryptography like RSA and ECC.
Steps include planning migration to post-quantum cryptography (PQC) in line with NIST or similar standards, enhancing crypto-agility, strengthening data classification, and extending data protection lifecycles. Preparation for a post-quantum future necessitates early strategy, ongoing risk assessment, and the gradual implementation of quantum-resistant security measures.
8. The Next Decade of Cybersecurity
Q: Looking ahead, how do you see AI, cybersecurity, and quantum technologies converging over the next 5–10 years, and what advice would you give organizations seeking to stay ahead of the next wave of threats?
A:
Over the next 5-10 years, the integration of AI, cybersecurity, and quantum technologies is expected to transform cyber capabilities. AI will improve threat detection and automated responses, while adversaries may use AI for advanced attacks. Quantum computing threatens current cryptographic standards, increasing digital trust issues.
Organizations should adopt an AI-native and quantum-aware cybersecurity strategy, investing in AI security platforms, preparing for post-quantum cryptography, and strengthening zero-trust architectures. Success hinges on responsible AI implementation, proactive quantum risk management, and the development of robust cybersecurity frameworks that incorporate human oversight.
About Dr. Shekhar Pawar
Dr. Shekhar A. Pawar is the Founder and CEO of SecureClaw Inc. (USA) and SecureClaw IT and Cybersecurity Pvt. Ltd. He holds a Doctor of Business Administration (DBA) in Cybersecurity from SSBM Geneva, Switzerland, and has completed executive management studies at SJMSOM, IIT Bombay.
A cybersecurity researcher, author, and industry thought leader, Dr. Pawar holds numerous globally recognized certifications, including CISA, CEH, CHFI, ISO 27001 Lead Auditor, PCI-DSS Implementer, and Certified Blockchain Developer. He is the author of BDSLCCI: Business Domain Specific Least Cybersecurity Controls Implementation and Air Team Theory. Through his research, publications, speaking engagements, media appearances, and industry initiatives, he actively promotes cybersecurity awareness and best practices worldwide.
About SecureClaw
Founded in 2016, SecureClaw is a cybersecurity consulting and technology company with operations in India and the United States. The company specializes in cybersecurity audits, vulnerability assessments and penetration testing (VAPT), secure code reviews, virtual CISO services, cyber threat intelligence, digital forensics, compliance consulting, and cybersecurity awareness programs.
SecureClaw is also the creator of the Business Domain-Specific Least Cybersecurity Controls Implementation (BDSLCCI) framework, designed to help SMEs implement practical, cost-effective cybersecurity controls tailored to their industry and risk profile. Through its innovative approach, SecureClaw helps organizations strengthen cyber resilience, improve compliance, and protect critical digital assets in an increasingly complex threat landscape.