Inside the Mind of One of India's Youngest Cyber Intelligence Founders

Ayush Singh talks about cyber threats the way others talk about weather: constantly shifting, global and impossible to ignore. "The threats we track do not start in one place and end in another," he says. "They move across borders, platforms and digital infrastructure. If you are not watching the whole map, you are already behind."

At 24, Singh is the founder and chief executive of a fast-growing cyber intelligence company based in Varanasi, India. A.R.P. Syndicate operates at the intersection of national security, data engineering and AI driven threat prediction. When he speaks about the global threat landscape, it is with the confidence of someone who has been in the field for more than a decade.

And he has.

Singh leveraged his first exploit at age 12 after finding an SQL injection flaw in his school website. By 14 he was exploring hacktivist communities, and by 16 he was experimenting with entrepreneurship. At Lovely Professional University he practiced bug bounty hunting and CTF competitions and became one of the top one hundred hackers on HackTheBox in 2019. He reported critical vulnerabilities to more than thirty major companies including Amazon, Comcast, Telenet and Yahoo. At 19 he entered the professional cybersecurity world.

His early career accelerated quickly. After a role at HackerEarth, he helped build CVEBase in Phoenix during the Covid shutdown, since then developed passion for predicting threats. Alongside commercial work, he moved deeper into national security. He supported counter cyberterrorism operations, worked with intelligence teams and helped create non cyber datasets, including a global terrorism database dating back to 1968. He later advised parliamentary committees in India on information discovery systems for strategic objectives, including identifying insecure critical infrastructure and shaping national vulnerability intelligence standards.

Those experiences led to A.R.P. Syndicate, founded in 2022 and built in Varanasi. The company specializes in large-scale intelligence datasets and the AI systems that interpret them. These include datasets on Subdomains and Shadow IT infrastructure, Vulnerabilities & their exploits, satellite derived observations and real-time internet telemetry. These systems power information discovery and threat prediction tools used across multiple national security contexts such as defending critical infrastructure and securing supply chain of critical minerals.

"We gather and interpret portions of the internet that remain unknown unknowns to most intelligence analysts," Singh says. "Shadow IT assets, unmonitored infrastructure, hidden subdomains, vulnerabilities not yet cataloged in mainstream databases, and adversary activity invisible to traditional cyber intelligence aggregation systems. AI can understand this vast landscape in ways humans simply can't on their own."

Two of the company's best-known tools, Subdomain Center and Exploit Observer, have grown into what Singh describes as the largest datasets of their kind, freely available to researchers and security teams. These datasets power VEDAS, an acronym for Vulnerability & Exploit Data Aggregation System, an AI driven automated vulnerability advisory generation platform that identifies exploitable vulnerabilities before they appear in feeds like CISA KEV or FIRST EPSS. "By the time a vulnerability enters KEV & EPSS it is usually a little late," Singh says.

A recent case shows illustrates his point. A.R.P. Syndicate identified and tracked The 3xx Cartel, a threat group that targeted organizations worldwide through a chain of web application vulnerabilities. After gaining initial access, the group launched malvertising campaigns, escalated privileges and deployed destructive ransomware through different RaaS platforms. When victims refused to pay, systems were wiped entirely. Known targets included the State Government of Uttarakhand and the Indian Council of Agricultural Research.
"This is why proactive intelligence matters," Singh says. "We see the threat as it emerges."

Much of the company's position in India's cyber intelligence ecosystem comes from its participation in consortiums such as the National Cyber Security Association of India, a multi stakeholder organization that unites corporations, government bodies, defense organizations, intelligence units and academic institutions. Singh sees these networks as essential for aligning domestic cybersecurity policy with global realities. He also supports the development of a sovereign Indian platform for zero-day acquisition and advocates for India's participation in the Pall Mall Process.
Singh discusses intelligence pipelines with a strategic clarity that reflects his work with government agencies and research partners. His current focus is on scaling the company's datasets, strengthening real-time threat prediction and expanding the use of AI for national security.

Looking ahead, he is planning beyond India. A.R.P. Syndicate intends to expand into Israel in 2026, a market Singh sees as uniquely aligned with his company's capabilities. "Israel has one of the strongest cybersecurity communities in the world," he says. "What we are building, which includes large-scale datasets, AI driven threat prediction and national security oriented intelligence, is a natural complement. There is a lot we can build together."

Partnered with ARPSyndicate