Cybersecurity News in Asia

Features
- Featured
  
  Editor's pick: Cybersecurity trends in 2026
  
  Wednesday, January 7, 2026, 10:36 AM Asia/Singapore | Cyberthreat Landscape, Features
- Featured
  
  Exploding identity fraud and deepfakes challenge manual oversight of autonomous AI
  
  Tuesday, December 30, 2025, 9:27 AM Asia/Singapore | Features, Newsletter
- Featured
  
  Amid rapid digitalization and lagging cybersecurity oversight, India buckles up
  
  Monday, December 22, 2025, 4:50 AM Asia/Singapore | Features
Opinions
Tips
Whitepapers
Awards 2025
Directory
E-Learning

CISOs can navigate emerging risks from autonomous AI with a new security framework

By CybersecAsia editors | Tuesday, August 26, 2025, 5:38 PM Asia/Singapore

See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage emerging risks of agentic AI systems.

By now, security leaders responsible for protecting their enterprises should have faced, or will be facing a sharp turning point. The adoption of autonomous AI agents is exposing organizations to risks that traditional cybersecurity models would likely no longer contain.

For chief information security officers (CISOs), the question is not whether to prepare for this inflexion point, but how to begin governing a technology that behaves less like a predictable tool and more like an independent actor.

The challenge is stark:

Conventional controls built around human users and infrastructure could not anticipate emergent agent behavior such as privilege escalation, corrupted decision-making, or cascading failures caused by unreliable data.
Forensic traceability is becoming more challenging than ever, forcing CISOs to confront a new paradigm: intent — not infrastructure — is now the object of protection.

To chart a practical path forward, enterprises with the resources and means had begun testing security frameworks built around six domains:

Governance and risk management as the foundation for oversight
Identity and access principles reshaped to constrain “agency” rather than just privilege
Data security controls tailored to prevent cognitive corruption and systemic collapse
Application security grounded in continuous behavioral monitoring
Threat management capable of recognizing emergent machine-led attacks
A reimagined Zero Trust model that validates agent behaviour in real time

As one CISO of a major enterprise has observed: “These agents don’t tire, negotiate, or compromise — they adapt rapidly. We need a way to keep up that is not just about blocking access, but about questioning intention.”

According to Jeff Pollard, Vice President and Principal Analyst, Forrester, a firm that has used the six domains as the basis for creating a security framework for Agentic AI: “As enterprises race to deploy agentic AI, CISOs must pivot from securing systems to securing intent.”

Organizations adopting this framework will go through a phased implementation roadmap because these challenges cannot be fixed overnight. The firms will first address governance and risk management for maximum impact with minimal technology investment, then progressively build identity and access management capabilities, advance to DevSecOps and threat management, and finally optimize with zero trust principles specifically designed for agentic environments.

This initiative is a good case study of a comprehensive new security framework can be essential, as long as it is part of a greater whole involving: organizational adaptation, continuous risk management, and human oversight to effectively govern autonomous AI agents.