The growing reliance on artificial intelligence in cybersecurity has significantly altered how digital threats are monitored, assessed, and addressed. In India, both public and private actors increasingly deploy AI-enabled cybersecurity systems capable of continuous data monitoring, automated threat detection, and real-time response. While these technologies promise enhanced security and efficiency, their operation raises serious concerns regarding privacy protection, accountability, and legal responsibility. Existing Indian legal frameworks, particularly the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000, were developed on the assumption of human-controlled decision-making and offer limited guidance on the governance of autonomous or semi-autonomous AI systems used in cybersecurity contexts. This paper critically examines whether India’s current privacy and data protection regime is equipped to regulate AI-driven cybersecurity systems without undermining fundamental rights. Using a doctrinal research methodology supplemented by comparative legal analysis, the study evaluates the Indian regulatory framework alongside the European Union’s General Data Protection Regulation and the EU Artificial Intelligence Act. The comparative analysis demonstrates that while the EU has adopted a risk-based approach that explicitly addresses high-risk AI systems and accountability obligations, Indian law remains largely technology-neutral and silent on questions of AI autonomy and liability. The paper argues that AI-enabled cybersecurity challenges traditional legal concepts of consent, proportionality, and fault, particularly where continuous surveillance and automated decision-making affect individuals without meaningful human intervention. It further highlights emerging governance gaps relating to liability attribution between system developers, deployers, and state authorities. The study concludes by proposing targeted regulatory and policy reforms aimed at strengthening accountability mechanisms, embedding privacy-by-design principles, and aligning India’s cybersecurity governance with evolving global standards, while remaining sensitive to domestic constitutional and institutional realities..