Why we cannot do without AI in cyber defense, in a multi-cloud business environment and an AI-driven threat landscape.

Gartner has shared that the top cybersecurity trends for 2025 are shaped by generative AI (GenAI) evolution, digital decentralization, supply chain interdependencies, regulatory change, endemic talent shortages, and a constantly evolving threat landscape.

As organizations in Asia Pacific (APAC) digitize to scale their businesses, and increasingly adopt multi-cloud environments, the demand for AI-driven security solutions has become hard to ignore. While many have already embraced data analytics for security insights, what’s needed are actionable real-time insights – next to impossible without AI today.

We find out more about the challenges and opportunities in cybersecurity in the era of cloud and AI, in this Q&A with Kris Day, Senior Vice President and General Manager, Asia Pacific & Japan, SentinelOne.

What are the latest and biggest cybersecurity threats that enterprises across APAC face today?

Day: According to IDC’s 2024 Asia/Pacific Security Study, 76.5% of enterprises in the region lack confidence in detecting and responding to AI-powered threats. These include AI-enhanced vulnerability scans, sophisticated zero-day exploits, adaptive ransomware tactics, and deeply personalized social engineering campaigns. Sectors like healthcare, financial services, and telecom are especially vulnerable due to their regulatory exposure and sensitive data.

Attackers are leveraging AI in increasingly diverse ways. From crafting more realistic phishing campaigns and adjusting malware to evade detection, to scanning for vulnerabilities at scale. There is also a growing trend of adversaries targeting AI applications themselves by manipulating training data or attempting to extract sensitive information from models.

We anticipate that AI will continue to expand attackers’ capabilities, enabling faster, more precise, and more scalable intrusions. The use of AI in misinformation and disinformation campaigns further complicates the picture, creating new challenges for organizations already struggling to keep pace with sophisticated threat actors.

Why is cloud security paramount in countering the proliferation of AI attacks?

Day: Cloud environments are now a central battleground in cybersecurity, particularly in the age of AI-powered threats. As organizations increasingly migrate workloads and data to the cloud, securing these environments becomes critical to maintaining resilience.

And it presents challenges. An expanding cloud attack surface and new threats lead to the need for cloud security technologies, which often leads IT security groups to deploy more point solutions. But these solutions generate too much data and too many alerts that overwhelm security teams and hinder their efforts.

To overcome these challenges, organizations need to move toward unified platforms – such as SentinelOne’s Cloud Native Application Protection Platform (CNAPP) – that provide visibility into security data across cloud platforms and services, filter out false positive alerts, eliminate integration headaches, simplify deployment and administration, manage automated workflows and enable agentless and agent-based scanning across all cloud workloads.

CNAPP leverages AI-driven automation to detect and respond to threats in real-time and prioritize risks with evidence of exploitability, ensuring a robust defense against both known and unknown vulnerabilities, enabling security operations to improve their resilience and stay ahead of fast-moving adversaries and ever-evolving threats.

How can AI be the unifying force to provide holistic protection? What is the role of AI in transforming cybersecurity (e.g. from alert overload to actionable intelligence)?

Day: AI is transforming cybersecurity from reactive defense to proactive intelligence. By analyzing behaviors and detecting anomalies across vast datasets, AI helps organizations identify threats like malware, phishing, and insider risks and prevent them before they escalate.

Generative AI is redefining automation in areas like threat hunting and detection, incident reporting, and remediation. These capabilities reduce alert fatigue and manual effort, allowing SOC teams to prioritize the most critical tasks.

AI is a path to autonomous security operations. By clustering and analysing alerts across devices, AI can alleviate SOC fatigue and improve detection speed. It can also verify policy compliance at scale and identify regulatory gaps, ensuring that infrastructure remains secure and aligned to business needs.

However, with great power comes the need for trust. Organizations should demand transparency from security vendors about how AI models are built, how customer data is handled, and how performance is validated. Explainability is not optional, it is fundamental.

AI’s promise lies in unifying security intelligence across endpoints, users, and cloud assets so that faster, smarter, and more scalable defenses in an increasingly complex threat landscape can be delivered.

What are the benefits of embedding governance directly into how data operates across the enterprise?

Day: As AI models depend on vast volumes of data, embedding governance into how that data operates is a necessity. Large datasets increase both the attack surface and the regulatory complexity. From securing data inputs to meeting compliance standards like GDPR and PCI, governance must be built into the fabric of enterprise data flows.

Poorly governed data environments present two major risks: the exposure of sensitive information to attackers and the failure to meet regulatory obligations. As organizations scale their AI usage, they must ensure datasets are not only protected from manipulation or theft but are also compliant at a technical level.

Embedding governance helps mitigate insider risk, prevents unintentional policy violations, and ensures AI models are fed clean, reliable data. It also positions organizations to adapt quickly to evolving regulatory requirements without slowing down innovation.

In short, securing the data that powers AI means securing the AI itself. Governance must be embedded, not bolted on.

What else can organizations do to navigate and be future-ready for the increasingly complex cyberthreat landscape?

Day: To stay ahead of tomorrow’s threats, organizations must embrace AI-driven security strategies that go beyond automation. Agentic AI will soon take on not just triage and investigation, but also complex remediation tasks — freeing security teams to focus on proactive defense and compliance.

Generative AI is already enhancing threat detection by generating synthetic data for training models, enabling deception techniques, and improving analysis of unstructured data like chat logs and threat reports. These capabilities allow organizations to act on intelligence faster and with more accuracy.

To be future-ready, security operations centers must evolve into hybrid models where AI agents handle the bulk of operational tasks, while human analysts provide oversight, strategic thinking, and policy enforcement.

With this shift underway, there’s growing demand for tools that apply Agentic AI across diverse data sources to support faster, compliant decision-making. For example, SentinelOne is addressing this with recent developments like Purple AI, which enable SOCs to manage growing complexity without compromising on visibility or control. This shift helps organizations move toward more scalable and autonomous security operations in the face of increasingly sophisticated threats.