AI agents and insider risks across the APJ region

In 2026, the increasing adoption of AI agents across the Asia Pacific and Japan region, organizations will require renewed attention to insider risk management. AI agents, operating autonomously with diverse privileges, can create new categories of insider threats by potentially bypassing traditional security controls. Challenges include malfunctioning or misaligned agents as well as the risk of compromised agents being exploited by malicious actors.

Security teams will need to develop frameworks to monitor AI agent behavior and detect anomalies, adapting existing insider risk programs to cover this evolving threat landscape. Greater visibility into AI agents’ decision-making processes will be essential to differentiate between legitimate automation and potential misuse.

Gareth Cox, Vice President (APJ), Exabeam

Cyber resilience and cyber insurance trends

Cyber resilience is expected to become an increasingly significant factor for consumer-facing brands in 2026. Customers’ growing awareness of data protection and service availability may lead firms running financial services, telecommunications, and retail to emphasize capabilities such as uptime and recovery speed as part of their value proposition.

Concurrently, cyber insurance underwriting is evolving towards requiring more rigorous proof of security measures such as multi-factor authentication, backup testing and privileged access controls. While macroeconomic pressures may reduce some security budgets, rising geopolitical risks will likely maintain overall investment levels in cybersecurity.

Matt Rider, Global VP, Customer Technical Support, Exabeam

The risks of shadow AI and vibe hacking in 2026e trends

The unmonitored use of AI tools within organizations, often referred to as shadow AI, could become a significant source of sensitive data exposure in 2026. Similar to previous risks posed by removable storage devices, employees using unauthorized AI chatbots to enhance productivity without understanding data security implications represent a growing blind spot.

Addressing this risk may involve implementing AI-specific data loss prevention tools and adopting governance models that enable responsible and safe AI usage rather than outright bans.

Additionally, social engineering attacks are anticipated to evolve with AI, enabling more sophisticated psychological manipulation. Techniques may include AI-generated messages that mimic trusted individuals’ communication tones to deceive employees, thereby increasing the effectiveness of phishing and related scams. Organizations will need to enhance employee education and promote transparency around the role of AI in communication to counteract such threats.

Findlay Whitelaw, Security Researcher and Strategist, Exabeam