In modern defence ecosystems, data is no longer scarce. Instead, it is overflowing; often from the very institutions tasked with securing national interests. This deluge is not accidental. It stems from well-meaning practices of transparency, competition, and public accountability. But these open systems are now creating unintentional vulnerabilities, particularly as artificial intelligence becomes capable of analysing, correlating, and weaponising open-source data with alarming efficiency.
Today, adversaries no longer need spies in the shadows. A skilled analyst; or worse, an AI bot with access to defence procurement websites, government e-marketplaces, and corporate press releases can draw detailed inferences about a nation’s operational needs, technological gaps, deployment areas, and even future doctrines.
The Visible Trail: Where the Leaks Begin
Let us start with the obvious. Defence procurement in India is largely centralised and digitised which is a necessary evolution. Platforms such as the Defence Procurement Portal, GeM, and individual PSU and MoD portals publish thousands of tenders, RFQs, corrigenda, and QRs every year. While this promotes efficiency and fairness, it also means that anyone can access it, including foreign intelligence operatives, bots, or analysts. No login, clearance, or tracking is required.
Procurement patterns such as repeat tenders from a specific depot, or sudden requests for specific counter-drone systems or winter clothing may reveal regional security scenarios, troop build-ups, or ongoing operations. Uploaded QRs often contain enough detail to give away operational tactics, performance limitations, and even technology roadmaps.
Testing and evaluation notices by government-approved labs or institutions are often accessible, providing insight into current trials or focus areas.
Even the GeM portal, while robust and user-friendly, lumps defence-use products alongside civilian products. If a state police unit or paramilitary force begins ordering specific tactical gear, surveillance equipment, or ballistic solutions, it inadvertently signals capability development to anyone watching.
AI Doesn’t Sleep – Or Miss Patterns
Unlike traditional intelligence work, AI systems can crawl thousands of such open data points across different websites, correlate them with global trade data, satellite imagery, social media chatter, and news reports and extract meaningful intelligence. For example: Multiple tenders for anti-drone technology across northern Indian states, combined with procurement of jamming equipment and soldier-mounted radar units, could signal preparations for specific aerial threats in a particular terrain.
Delivery timelines and urgency clauses may hint at contingency planning or stock shortages. Changes in specifications over time could indicate lessons learned from previous engagements or operational feedback.
The Defence Procurement Portal, GeM, and individual PSU and MoD portals publish thousands of tenders, RFQs, corrigenda, and QRs. While it promotes efficiency and fairness, it also means that anyone can access it, including foreign intelligence operatives, bots, or analysts. No login, clearance, or tracking is required
Commercial Disclosures: A Loud Whisper
The private sector is a key engine in modern defence capability building and rightly so. However, there’s a growing tendency among companies to make loud announcements upon winning government contracts. These disclosures are designed to boost shareholder confidence and elevate stock prices, but in the process, they may expose critical details like the exact nature and scope of the contract, delivery timelines and testing schedules, names of user formations or end-use applications, technological specifics or unique features of the product.
For an adversary, this is a goldmine. A well-crafted press release or a jubilant LinkedIn post can reveal more than a reconnaissance drone.
Visibility for Innovation and Export
Ironically, while silence is key in some areas, visibility is equally crucial in others. India’s growing private defence ecosystem from young startups to major OEMs must take their innovations global. To enable exports, reach foreign markets, and build strategic partnerships, a robust marketing presence on social media and mainstream platforms is essential.
Unlike open procurement disclosures, such outward-facing marketing does not compromise national security, as it highlights product capabilities without revealing end users, delivery details, or operational context. In fact, strategic promotion is a hallmark of mature defence industries across the globe and is vital for positioning India as a trusted supplier on the world stage.
Defence procurement websites should be moved behind login-based access limited to verified companies and individuals. A dedicated Defence GeM portal for strategic procurements, accessible only to registered defence vendors and with delayed public disclosures, can reduce open-source vulnerability
Solutions Worth Considering
This challenge isn’t insurmountable. Several layered solutions can mitigate the risk without stifling the private sector or derailing procurement reform.
Restrict Access to Defence Procurement Portals: Defence procurement websites should be moved behind login-based access, limited to verified companies and individuals, with access logs maintained and monitored. This would instantly reduce anonymous scraping and passive surveillance.
Create a Separate Defence Only Version of GeM: The current GeM portal serves a vast user base from ministries to municipalities. A dedicated Defence GeM portal for strategic procurements, accessible only to registered defence vendors and with delayed public disclosures, can reduce open-source vulnerability.
QRs and Technical Documents should Go Offline: Agencies like the DRDO and some frontline commands have already moved to the physical, hard-copy distribution of QRs to shortlisted vendors. This model should be standardised, especially for sensitive categories.
Sensitise Defence Startups and Companies: Training modules on Operational Security should be part of defence vendor onboarding. Startups and listed firms alike must be taught the fine line between visibility and vulnerability. Regulatory frameworks can enforce redaction or delay in public announcements of certain contract details.
Use of AI Defensively: Just as AI can be used to analyse external threats, it can be used in-house to simulate adversarial intelligence gathering. Regular audits using AI tools on open data sources can help identify and fix unintentional leak points before they are exploited.
Securing our procurement ecosystem does not mean returning to opacity. It means applying modern safeguards for modern threats protecting not just classified files, but also the breadcrumbs left in the open while supporting the growth of an export-ready, globally respected Indian defence industry
Transparency with Guardrails
India’s push for Aatmanirbharta in defence and its vibrant private defence ecosystem are commendable. However, in the digital era, transparency must be balanced with discretion. Procurement data, in isolation, may seem harmless but in combination and with the power of AI, it can paint a dangerously accurate picture.
Securing our procurement ecosystem does not mean returning to opacity. It means applying modern safeguards for modern threats protecting not just classified files, but also the breadcrumbs left in the open, all while supporting the growth of an export-ready, globally respected Indian defence industry.
The writer is the CEO and Director of Lodestar Strategic Pvt Ltd, a company focused on demil technologies and specialised munitions. A veteran with over two decades of experience in ammunition management and explosive safety, he now drives innovation in clean disposal technologies. He is a strong advocate for secure, responsible defence industrialisation aligned with national objectives
