With AI-driven attacks like deepfakes, agentic AI, and evolving machine identities, cyberthreats are now faster, smarter, and more deceptive than ever.

According to McKinsey, there is a 1200% surge in phishing attacks since the rise of generative AI in late 2022. 

Social engineering techniques using technologies such as deepfakes, agentic AI, and evolving machine identities raise a troubling question: If AI can out-think your defenses, can your enterprise outlast AI-driven cyber-attacks?

CybersecAsia finds out more about the conflict between good and bad AI in a digital business world of invisible assets from Vaibhav Dutta, Vice President and Global Head of Cybersecurity, Tata Communications:

There’s growing concern about the “invisible conflict” between Good AI and Bad AI. In practical terms, what should enterprises in APAC prioritize to ensure their AI is agile enough to out-think adversarial AI?

Vaibhav: We’re already seeing this invisible conflict between Good AI and Bad AI unfold in real time — a battle of intelligence, not brute force. Most traditional Security Operations Centers, relying heavily on manual processes, siloed threat monitoring and static playbooks, are no longer enough.  Across Asia Pacific (APAC), malicious actors are leveraging AI to automate research, craft personalized phishing, and deploy malware that can rewrite its own code to evade detection.

In Singapore alone, phishing and impersonation scams accounted for over 15,000 cases in 2024, costing victims more than S$200 million. Many of these scams now use AI-generated voices, cloned profiles, and deepfake messages to appear more authentic, which underscores how adversarial AI is making attacks more targeted and believable than ever before.

To out-think these threats, enterprises must prioritize agility, visibility, and continuous learning. That means using AI not in silos, but across the entire digital fabric — from cloud to network to endpoint. Architectures such as Hosted SASE exemplify this shift, using integrated analytics to spot anomalies and automate response before attackers can act.

Finally, explainability and human oversight remain key. Responsible, transparent AI builds the trust and resilience needed to stay ahead in this new era of intelligent cyber warfare. In this era, the strongest defense won’t come from using AI but from training it to think like an adversary – evolving as quickly as the threats do.

Deepfakes and agentic AI are creating a crisis of trust. Beyond technical countermeasures, how can organizations strengthen the human layer — from employee awareness to culture — so that trust isn’t the weakest link?

Vaibhav: Deepfakes and agentic AI are creating a crisis of trust among employees. Attackers are using AI to mimic executives, clone voices, and operate social engineering schemes on a large scale. In Singapore, impersonation-related scams exceeded 6,000 cases in 2024. This is evidence that AI-generated deception is amplifying both reach and realism.

60% of organizations believe GenAI could enable major cyberattacks within this year, according to PwC’s report, but technology alone can’t close the trust gap and culture must catch up. As deepfakes and generative AI blur the line between real and synthetic, the human layer becomes the ultimate firewall.

To strengthen the human layer, organizations should build awareness programs that go beyond phishing recognition and include AI-driven deepfake simulations and scenario-based training, encouraging employees to verify before they trust.

Leadership also plays an equal role in fostering transparency and accountability. Drawing on Tata Communications’ ADR (Anticipate–Defend–Respond) cyber-resilience framework, organizations should align governance, real-time visibility, and Zero Trust design to strengthen both systems and mindsets.

Ultimately, cyber resilience isn’t just about detecting threats but sustaining trust.

As APIs, automated processes, and non-human digital assets multiply, what risks do they pose, and how can enterprises secure these “invisible assets” before they become vulnerabilities?

Vaibhav: As APIs, bots, and automated systems multiply, these “invisible assets” can become hidden entry points for attackers. They often hold access to sensitive data, workflows, and privileges that aren’t always visible to security teams, making them high-risk targets.

A Zero Trust approach directly addresses this challenge. By moving away from traditional perimeter-based security and continuously verifying all users, devices, and processes, organizations can ensure that every non-human asset is authenticated and monitored before it accesses resources.

Traditional solutions, however, tend to be siloed and rely on multiple vendors with complex integrations. Tata Communications helps enterprises overcome this challenge through a single platform that manages security and performance across the entire application estate — spanning customers, employees, bots, APIs, applications, and IPs.

This approach helps minimize the risk of unauthorized activity across cloud, network, and endpoint environments, which are increasingly targeted in APAC due to rising cloud adoption and sophisticated attack methods.

Data sovereignty has become a boardroom issue, with laws tightening across APAC and beyond. How should leaders balance compliance, sovereignty, and resilience without sacrificing innovation or business continuity?

Vaibhav: Data sovereignty is becoming one of the biggest balancing acts for enterprises across APAC. Sovereignty laws are tightening in over 70 jurisdictions worldwide, from Singapore’s updated PDPA and Cybersecurity Act, to the EU’s Data Act, China’s Personal Information Protection Law, the U.S. CLOUD Act, and Australia’s localization mandates. As countries tighten cross-border data laws, organizations must localize storage and processing while still ensuring agility and innovation.

IDC reported that over 60% of enterprises across APAC are already experiencing moderate to significant disruptions to their IT operations because of evolving data privacy and AI regulations.

Balancing compliance, sovereignty, and resilience requires a deliberate approach. Leaders should classify data based on sensitivity and regulatory requirements, anchor critical workloads locally, and implement operational and technical controls that continuously enforce access policies. Disaster recovery and failover strategies must also be sovereign-aware, ensuring continuity even in the face of cross-border disruptions.

Ultimately, sovereignty shouldn’t slow transformation but strengthen it. By integrating compliance with security and resilience, enterprises can innovate confidently, even in an era of tightening digital borders.