In the rapidly evolving commercial landscape of the Asia-Pacific (APAC) region, businesses are making significant investments in agentic AI in a bid to maintain their competitive edge. According to IDC, a striking 70 percent of APAC companies anticipate that agentic AI will revolutionize business models within the next 18 months. By 2025, nearly 40 percent of these organizations are expected to integrate AI agents into their operations, with over half planning implementation by 2026.
While the adoption of AI agents presents vast opportunities, it comes with an array of risks attributable to their high degree of autonomy. Each data source, static AI model, and agent—whether internal or external—acts as an additional potential point of failure, prompting increased vigilance at the board level. Recent research from Lenovo indicated a lack of confidence among IT leaders; only 48 percent felt equipped to manage the risks associated with AI development and deployment, with more than 60 percent acknowledging the emergence of AI agents as a new form of insider threat that they are ill-prepared to handle.
The surge of AI agents has transformed not only the methods of software creation but also how it is governed and managed, introducing a host of new challenges. IDC estimates that one-third of organizations in APAC are apprehensive about vulnerabilities tied to security and data privacy associated with AI agents—yet these concerns extend far beyond those parameters.
Failing to appropriately score common vulnerabilities and exposures (CVEs) could allow threats to slip through, while overly strict thresholds may inundate developers with false positives, draining time and resources that could be better spent addressing genuine incidents. The entanglements in the software supply chain compound these challenges, as many agentic systems leverage open-source software and pretrained models, making them vulnerable to exploitation. Just one compromised package or even a mere leaked token in a public repository can unleash failures that propagate far beyond their initial source.
The risks associated with governance and compliance cannot be overlooked. The inherent autonomy of agentic systems raises unique challenges, including opaque decision-making that impairs accountability, potentially unsafe or rogue behaviors that defy human intent, and biases embedded in training data that can lead to unjust outcomes. Adding to this complexity are shadow AI/ML agents operating outside institutional oversight, creating an environment rife with undetectable risks.
With stakeholders demanding full transparency—right down to the binary level of machine learning models—policymakers are moving swiftly to address these risks through stricter regulations. In India, for instance, lawmakers are advocating for mandatory AI bills of materials. This intensifies the pressure on businesses across APAC to demonstrate compliance and provide clarity on the actions of their AI agents, adding a colossal compliance burden across development teams. The focus is shifting from merely accelerating the rollout of AI agents to ensuring the security, explainability, and compliance of every component in real time.
Today’s developers are expected to juggle roles as compliance officers, AI custodians, and security experts. However, simply adding more tools will likely result in greater silos and blind spots. To effectively manage these risks while fostering a culture of trust, enterprises must pivot their approach. Here are some actionable strategies:
Create a Trusted AI Agent System of Record: Position agents as pivotal assets in the software supply chain by maintaining comprehensive tracking of code, configurations, prompts, and credentials. By ensuring cryptographic audit trails and contextual metadata, enterprises can streamline agentic innovation while satisfying regulatory demands.
Embrace a Human-Agent Hybrid Development Model: Automatic oversights alone cannot safeguard compliance. Developers should focus on overarching architecture, governance, and intent, while agents take on tasks such as coding and testing. Automating vulnerability remediation is a practical step toward freeing developers to focus on secure innovation.
Nurture the Next Generation of Agentic Engineers: A new hybrid role is emerging—combining programming skills with machine learning expertise and compliance knowledge. These agentic engineers will design systems that foresee risks, embed governance into workflows, and facilitate real-time monitoring of agent behaviors, thus paving the way for more secure and compliant software delivery.
The seismic shifts in software development are undeniable, compelling organizations to adapt or risk obsolescence. Much like how the rise of open source necessitated a focus on secure software supply chains, the emergence of agentic AI demands an evolved approach to audit and trust infrastructure. APAC organizations that embrace this holistic strategy stand to not only mitigate risks but also equip their teams for swift innovation using AI agents and other transformative technologies on the horizon.
What is agentic AI, and why is it significant for APAC businesses?
Agentic AI refers to autonomous AI systems that can independently perform tasks and make decisions. Its significance lies in its potential to disrupt business models and operations, prompting companies in APAC to adopt it to stay competitive.
What primary concerns do IT leaders have regarding AI agents?
IT leaders are primarily concerned about managing the risks of AI agents, with many feeling inadequately prepared to handle issues like insider threats and compliance challenges that arise from increased autonomy in these systems.
How can organizations improve their approach to AI governance?
Organizations can enhance their governance strategies by creating comprehensive systems to track AI assets, adopting a hybrid development model that incorporates both human oversight and automation, and investing in training for a new breed of engineer skilled in AI, compliance, and risk management.
