CYBX’s Neehar Pathare on AI-powered cybersecurity for India’s smartphone users

Most Indians don’t realise it, but their smartphone has quietly become their primary bank branch, identity document, and panic button. Several UPI handles, OTT login, KYC’d accounts and OTP messages sit on a device that was never originally designed to be at the centre of your digital and financial life. And smartphones are attracting almost all of the personalised cybercrimes and scams in recent times. 

Unlike hackers of the PC era, today’s cybercriminals don’t just want to create nuisance value for bragging rights – they want to copy your data, weaponise your emotions, and drain your accounts in ways that never make the front page. Especially when the victim is a teenager or a senior citizen too ashamed to talk.

That’s the world CYBX is walking into. Spun out of the 63 Moons Technologies group – the same engineering culture that has spent decades hardening major exchanges against millions of attacks with zero downtime – CYBX is an attempt to bring “exchange-grade” security to the common person’s phone. It sits quietly on your device like a sniper, watching only for threats, not your personal data, and backing its alerts with built-in cyber-fraud insurance that’s almost unheard of in consumer security apps. 

From digital arrest scams and remote-access fraud to spyware-ridden second-hand phones and QR code tampering, CYBX is trying to solve a very Indian problem with a very Indian solution. At the recently concluded Digit Zero1 Awards 2025, I sat down with CYBX’s Neehar Pathare, MD, CEO & CIO, 63SATS Cybertech to unpack why they built the app, how it works, and why he believes it should be as default on Indian phones as UPI itself. Following is the edited Q&A transcript below:

Why did 63SATS launch a cybersecurity app called CYBX?

Neehar: We belong to the 63 Moons Technologies group, and our legacy has been protecting exchanges. MCX, IEX, the Dubai Gold Commodity Exchange, the Singapore Market Exchange. Over the last 15–20 years, these exchanges have faced millions of attacks. It was my team that blocked those attacks, and we had zero downtime on any of these exchanges.

With that legacy, and the vision of our founder, mentor and coach, Shri Jignesh Shah, there was always a desire to protect the common man. Post-COVID, we saw the entire threat landscape explode onto people’s cell phones – nonstop fraud, so much so that Netflix even made a series on it.

We looked around for a solution, but there was nothing available globally that really solved it. That’s when we rolled up our sleeves and said, “We need to make a product again.” Being a true IP company, we started from scratch – studying what is required, what kinds of fraud exist, meeting police personnel, looking at their case records – and then we came up with this idea of how to actually do it.

What’s the single biggest problem CYBX solves right now?

Neehar: Phishing links. Actually, we take care of five risks: Your identity risk, confidentiality risk, money risk, and related device / communication risks that flow from these. CYBX is predominantly like a sniper. It sits silently, lying low on your phone. It doesn’t do much activity, it doesn’t need to – it’s not a gaming app.

What CYBX does is keep looking at the links a user clicks that go through CYBX. We do not monitor any of your data; we only monitor threats that are coming in. The moment you click on a suspicious link – whether it comes via SMS, WhatsApp, email, wherever – as soon as that click passes through CYBX, it checks the link and gives you an alert: “Wait. This is a fraudulent link.”

So we’re not spying on you. We’re watching the bad stuff coming at you and warning you in time.

How does CYBX’s built-in insurance component work?

Neehar: We provide what is essentially complete first-party digital insurance. Because this is a digital world, a user can still make a mistake. CYBX protects you and alerts you, but it’s still up to the user – we don’t block anything. We warn you, but you can still proceed and fall prey to a fraud.

We see this with senior citizens, children – many of them fall prey to social engineering. Once a crime happens and the money is gone, you need a backup. The insurance was again a brilliant idea from Shri Jignesh Shah. It took quite some time for the underwriters to understand the amount of protection we already provide, so that the actual insurance risk – and therefore the insurance rates – could come down. That’s what makes CYBX’s insurance very affordable for the common man.

Every paid CYBX subscriber gets an insurance backing. We start with the lowest slab of ₹10,000 – that’s for light UPI-level users – and that package is ₹999. As we go up, we protect the middle segment with coverage of around ₹1 lakh, and that package is about ₹2,999. The highest slab is ₹10 lakh of coverage, which is ₹4,999. Getting ₹10 lakh of cyber-fraud insurance for ₹4,999 is frankly unheard-of in this space.

Biggest cybersecurity misconception of most users?

Neehar: The biggest misconception is “I won’t be hacked. I’m too small.”

Attackers do not care about your size. Every mobile phone today is a financial gateway. Everyone has UPI, everyone has some kind of payment app, everyone uses their phone for banking. So you automatically become a target. And everyone’s bank balance is different – so the attackers are also different.

You have large-scale attackers doing “digital arrest” scams from places like Cambodia and wiping out people’s wealth. Then you have local guys who are perfectly happy with scams of ₹3,000–₹5,000 per call. The entire threat landscape has changed. That’s what we work on every day.

Which groups are most at risk and how does CYBX protect them?

Neehar: We see a lot of attacks on senior citizens. Senior citizens are usually financially stable – not like teenagers whose bank balance fluctuates. At the same time, they’re socially easy to convince and digitally quite naïve. So it’s easy for predators to scare them with threats like, “Your son will be arrested,” and so on.

I met a very senior IT professional whose father-in-law was digitally arrested for 45 days. The family lost ₹1.23 crore. He would get calls through the night, then go to the bank and transfer the money himself, again and again.

The second demographic is Tier-2 cities – first-time UPI users who are not very tech-savvy. They’re tricked into installing remote-access apps; as soon as they grant access, the scammers wipe out everything.

The third group is the digitally overconfident – people who say, “I know everything; nothing can happen to me.” They disable security for convenience, and that’s when they fall prey.

These three segments – senior citizens, new-to-digital users, and overconfident users – are where CYBX can make a huge difference.

Rise of teenage sextortion cases in India?

Neehar: We saw a couple of such cases in Pune and one in Mumbai while talking to the Maharashtra Police. These were tagged as suicide cases. When we investigated, we found they had bought second-hand phones. India is one of the largest markets for second-hand smartphones, and scammers install spyware on these devices. Nobody formats a phone that arrives by courier.

This spyware silently starts clicking photos from the front and rear cameras, listens to your conversations, and keeps sending everything to the attacker. The attacker just waits for that one compromising moment – and then starts the extortion. If they’re local, it can even become physical extortion.

Teenagers are unable to cope with this because of shame and fear, and this leads to suicide. That’s one of the most important segments where we believe CYBX can make a real difference.

Because our core engine is AI, we’re constantly adapting. Many features are still under wraps until we launch, but we’re working on some very exciting solutions specifically for senior citizens and for vulnerable users like teenagers and women.

CYBX’s non-negotiables on user privacy?

Neehar: Privacy is absolutely non-negotiable; we live and breathe it. The CYBX app only monitors the links you click – just to check if they’re malicious – and the QR codes you scan. We do not look at user identity. We do not look at user data.

To prove this, we had ourselves tested by an STQC lab. It’s a rigorous audit, and they certified that all the features work exactly as we claim – no hidden backdoors.

On top of that, we also address confidentiality risk with our secure dialer:

• CYBX-to-CYBX calls are encrypted.
  
• We don’t allow any local resources to record the call.
  
• If you enable speakerphone, the person on the other side gets both a visual and an audio notification.
  
• We even detect if you’re connected to a car Bluetooth system or AirPods and warn you.

So privacy and confidentiality are built into the design, not bolted on.

How does CYBX stay ahead when attackers are using AI too?

Neehar: When it comes to AI, the answer is simple: We use better AI than what they use.

We have access to stronger AI capabilities. Their focus is on quick scams; our focus is on sustained, corporate-grade research. A lot more money goes into our R&D than into the tools scammers typically use.

We run a 24×7×365 cloud backend that monitors real-time risk globally, sees what’s happening around the world, and prepares for those threats before they hit India. Staying ahead of the curve is all about using AI proactively – and backing it up with that insurance layer for when humans inevitably make mistakes.

What’s next for mobile threats – and defenders?

Neehar: India is going to explode digitally. With AI coming in, everyone is using it – and the bad actors are using AI extensively.

Earlier, if I had to do a customised phishing simulation for, say, Digit’s domain, it would take me 5–6 hours: booking a lookalike domain, creating a customised campaign, profiling users. Now with AI, I can feed in a list of users, their designations and companies, and in seconds it generates highly targeted campaigns. So that’s the difficult part – the scale and sophistication.

Looking forward, we think most apps will start disappearing from user view. The future is app-less: You’ll just say to your AI, “Please order the same pizza as last time.” The AI goes back into the cloud, hits the app’s API (Zomato, Swiggy, whoever), places the order, and shows you the tracking.

Apps originally came in because the API ecosystem wasn’t mature. Now, as that matures, India is already a global leader in digitisation and UPI. What we do here – at India’s volume and scale – will be replicated globally. CYBX wants to stay ahead of that curve.

Also read: India’s Draft Cybersecurity Rules for Telecom 2025 explained: How they impact us all