APAC surge in agentic AI adoption sparks new cyber risks focus

Organisations across the Asia-Pacific region are accelerating their adoption of autonomous artificial intelligence agents. This rapid digital transformation is introducing new cybersecurity concerns, particularly around the management and protection of digital identities and access privileges for AI systems.

AI-driven disruption

Agentic AI refers to autonomous, persistent systems capable of performing complex business functions without human oversight. Financial institutions, supply chains, and government agencies in major urban centres such as Beijing, Tokyo, Singapore, Mumbai, and Sydney are embedding these agents into core operations.

Each AI agent requires access credentials to function. These credentials, while essential, increase the potential attack surface for cybercriminals. The security challenge is less about protecting the AI models themselves, and more about safeguarding the identities and secrets that power them.

Identity management gaps

Traditional security frameworks, designed around human users, are often inadequate when it comes to managing credentials and permissions for autonomous machine agents. AI agents demand persistent, high-level permissions, such as API keys, service account credentials, and database secrets. Inadequate management of these can introduce risk, potentially turning AI systems themselves into threat vectors.

Risks include credential sprawl, privilege escalation, and unauthorised lateral movement within interconnected networks. These can be difficult to contain using legacy security approaches. The problem is compounded in APAC by diverse regulatory environments and strict privacy laws, meaning even minor breaches can have wide-reaching consequences.

Principles of zero trust

To address these risks, experts recommend the adoption of cloud-first privileged access management (PAM) frameworks built on zero-trust and zero-knowledge security principles. The drive is to secure the pathways and credentials that allow access to both AI platforms and internal resources, rather than focusing only on the AI logic itself.

"An effective Privileged-Access Management (PAM) environment should include secrets management, endpoint privilege management, and connection management. Secrets management dynamically provisions credentials Just-In-Time (JIT), securely injects API keys or tokens into workflows and ensures secrets are never hard-coded or stored in plain text. Endpoint privilege management controls access across endpoints, servers, and cloud instances, granting each AI agent only the minimum permissions required. Limiting privileges reduces the risk of automated lateral movement. Connection management enables secure, auditable human oversight through a Zero-Trust Network Access (ZTNA) model, ensuring security teams retain control over the infrastructure guiding these agents," said Takanori Nishiyama, SVP of APAC and Japan Country Manager, Keeper Security.

AI in defence

Artificial intelligence is playing roles on both sides of the cybersecurity battlefield. While it can be harnessed by attackers, defenders are also employing AI to improve their own capabilities. AI-driven analytics can transform a PAM platform into a dynamic defence tool, monitoring user access and detecting anomalies in real time.

Advanced monitoring tools powered by AI can analyse vast quantities of access data, identifying unusual patterns which may indicate a breach. This can help organisations detect and respond to incidents more quickly than was previously possible.

"When integrated with AI-driven analytics, a modern PAM platform evolves from a passive credential vault into an adaptive, real-time defence layer. AI-based security tools continuously compare access requests against established behavioural baselines. When anomalous behaviour occurs, even with valid credentials, systems can alert security teams and revoke access instantly and autonomously. With automated agents generating vast amounts of data, we need AI-enabled monitoring that can identify unusual activity patterns that precede breaches, significantly reducing detection time and accelerating response," added Takanori Nishiyama, SVP of APAC and Japan Country Manager, Keeper Security.

Future strategies

The pace of Agentic AI adoption will vary across APAC markets, but its widespread impact is anticipated. Experts stress the importance of unified frameworks for identity and access management, rooted in zero-trust principles and enhanced with AI automation, in order to mitigate new threats.

"Without a unified identity and access management strategy rooted in zero-trust and supported by modern PAM with AI automation, organisations remain exposed to next-generation cyber risks. As 2026 approaches, APAC businesses must prepare for a reality where defending against AI-powered cyber threats requires identity-first security. Building proactive, identity-centric frameworks, anchored in zero-trust and zero-knowledge principles, will determine which organisations thrive in the era of autonomous systems," says Takanori Nishiyama, SVP of APAC and Japan Country Manager, Keeper Security.