Artificial Intelligence (AI) is revolutionizing industries across Asia through generative content, intelligent automation, and rapid decision-making. However, this swift advancement also exposes enterprises to an alarming surge in cyber threats.
In 2024, Akamai recorded a staggering 51 billion web attacks aimed at both traditional and AI-driven applications in the Asia Pacific and Japan region, marking a 73 percent increase compared to the previous year. Within this digital battlefield, the financial services sector faced the brunt with 27 billion attacks, while e-commerce was targeted 18 billion times.
These sectors are pivotal to the region’s digital economy. Financial services contribute over 14 percent of Singapore’s GDP and underpin many facets of APAC’s burgeoning digital landscape. E-commerce is no slouch either, generating nearly half of global sales transactions, amounting to an impressive US$1.8 trillion annually. Their expansive networks, reliance on hybrid infrastructures, APIs, and real-time interactions make them irresistible prey for cybercriminals.
As businesses lean heavily into technologies like large language models (LLMs) and generative AI, securing these sophisticated systems transitions from a mere technical requirement to an essential economic priority.
AI models are fundamentally different from traditional systems. They process dynamic and unstructured data while operating in probabilistic, non-deterministic manners, making them susceptible to a new wave of cyber threats like prompt injection and model extraction. The vulnerabilities within LLMs are being unearthed more frequently and exploited with alarming speed.
Despite these dangers, many organizations still resort to outdated tools such as conventional web application firewalls (WAFs). These relics not only fail to detect contemporary threats but can also create visibility blind spots, erratic model behavior, and significant security gaps.
APIs serve as the backbone of AI ecosystems, facilitating interactions with various data sources, tools, and services. However, numerous enterprises still lack comprehensive, real-time insight into these crucial interfaces. Akamai’s API Security Impact Report revealed a troubling statistic: nine out of ten global organizations encountered an API-related incident in the past year. In the APJ region, each incident is said to cost an enterprise an eye-watering average of US$580,000. Those APIs supporting AI models are particularly perilous; they innovate quickly, often remain undocumented, and fall short on security as their usage grows.
Without continuous discovery, classification, and governance of APIs, organizations leave their critical AI workloads vulnerable. Achieving full visibility into every API endpoint, particularly those that connect AI systems to external applications, should be a paramount concern.
Across Asia, governments are turning up the heat on AI governance, positioning it as both a regulatory priority and a corporate responsibility. Initiatives like Singapore’s AI Verify framework and Australia’s Digital Platform Regulators Forum underscore the fact that the responsible deployment of AI must be accompanied by robust security measures.
Presently, AI security is becoming a matter that reaches boardrooms and shapes compliance agendas. Forward-thinking organizations are aligning their security strategies with emerging regulatory frameworks, embedding risk management, audit preparations, and ethical oversight deeply into the processes of AI development and deployment.
The journey to secure AI systems starts with clarity. Organizations need to identify where their AI models are deployed—be it internally, externally, or through open-source solutions—and understand how they are queried, assessed, and governed.
After mapping their AI landscape, firms should take proactive measures to safeguard their AI environments. This can include cataloging all AI models, implementing continuous API discovery to monitor interactions, and applying zero-trust principles to ensure user access is limited to the least privilege necessary. Furthermore, integrating security governance throughout the development lifecycle is essential to avoid vulnerabilities.
As demand for intelligent security grows, innovative AI-native frameworks are emerging, designed to detect sophisticated threats like prompt injection and adversarial inputs in real time. This shift represents a broader evolution in security, moving from static, rules-based controls to dynamic, intelligent systems tailored for AI environments.
While AI is reshaping the business landscape, its full potential can only be realized if the underlying security measures are robust. The rapidly changing AI threat landscape calls for new frameworks and collaborative approaches that span disciplines.
Organizations that recognize AI security as a strategic necessity will be best positioned to foster responsible innovation. The future will belong to those who devise proactive, adaptive security strategies that evolve alongside the technologies they protect.
What are the major industries targeted by cyber-attacks in Asia?
The financial services and e-commerce sectors are particularly vulnerable, accounting for billions of attacks in 2024, making them prime targets due to their significance in the digital economy.
How can organizations enhance their security measures for AI systems?
Organizations can enhance security by mapping their AI deployments, implementing continuous API monitoring, and adopting zero-trust security principles while integrating governance throughout the development process.
Why is AI security becoming a regulatory concern?
With various governments in Asia prioritizing AI governance, security regulations are evolving to ensure responsible deployment and compliance, compelling organizations to adopt better security practices to avoid legal and reputational risks.
