Guarding Asia's agentic AI transformation

As Asian enterprises accelerate their adoption of agentic AI into core workflows in 2026, CISOs are confronting a stark new reality.

Traditional cybersecurity models, built for human-centric systems, are fundamentally inadequate for autonomous agents that operate at machine speed, adapt dynamically, and exhibit unpredictable emergent behaviours.

This isn't a future challenge; it is present and urgent.

Forrester's response to this paradigm shift is the AEGIS framework (Agentic AI Enterprise Guardrails for Information Security).

Introduced in 2025, the AEGIS framework marks a transformative leap for CISOs across Asia, who are tasked with securing rapidly evolving digital enterprises powered by autonomous AI agents.

Jeff Pollard, VP and principal analyst, clarifies that agentic AI is more than just another emerging tech trend. It represents a fundamental shift in how enterprises operate.

He explains that these systems are distributed, autonomous, scalable, and designed to exhibit emergent behaviour. They don't just follow instructions; they adapt, plan, and act.

He posits that traditional cybersecurity models, built for human-centric systems, are ill-equipped to handle this. He notes that agentic AI introduces:

• Emergent behaviour that can bypass entitlements and escalate privileges.
• Cascading failures triggered by hallucinated or corrupted data.
• Obscured causal provenance, making post-incident forensics nearly impossible.
• Decision fatigue for humans in the loop, overwhelmed by agentic scale.

He insists that CISOs must now secure intent, not just infrastructure.

AEGIS for Asia

In the fast-evolving digital landscape of Asia in 2025, where economies such as Singapore, India, and China are accelerating AI adoption amid stringent regulations, including Singapore's PDPA and China's Cybersecurity Law, CISOs face an unprecedented challenge: securing not just data and systems, but also the very intent behind autonomous AI agents.

Forrester's AEGIS framework is emerging as a timely beacon, providing guardrails for this era of agentic enterprise.

In an exclusive interview with FutureCISO, Cody Scott, senior analyst at Forrester, provides clarity on addressing agentic risk and accountability, ensuring Asian organisations remain both innovative and compliant amid new regulatory pressures and operational realities.

Accountability in agentic workflows

In complex, multi-agent environments—where decisions cascade through autonomous interactions—Scott asserts that "Accountability requires a shared approach between humans and agents."

He highlights the need for extending security functions beyond protecting systems to safeguarding agent intent:

"AEGIS's core design principle is 'continuous assurance'—recognition that periodic snapshots and audits won't suffice when software acts autonomously." Cody Scott

The framework supports practical oversight via human-in-the-loop controls, exhaustive interaction logging, and robust agent identity management.

This resonates strongly with the Asian regulatory context, as authorities in Singapore and China increasingly demand traceability and operator-specific accountability under regulations like Singapore's PDPA and China's Cybersecurity Law.

Enterprises must ensure forensic traceability to rapidly address incidents, especially where AI autonomously handles personal or sensitive data.

Measuring guardrails: Metrics and key risk indicators

Scott describes effectiveness as moving beyond simple system uptime to evaluating "safe and correct operation time." He cautions that, "metrics and key risk indicators (KRIs) are not universally prescriptive; what constitutes effectiveness depends on use case and agent design."

In practical terms, AEGIS offers continuous control monitoring, allowing organisations to test controls in real-time and tailor key risk indicators to both business outcome and regulatory context.

Asian CISOs, facing stringent audit cycles, will find value in this shift, as local standards—such as Singapore's MAS TRM guidelines or regional ambitions under the ASEAN Digital Masterplan—demand real-time, context-aware assurance rather than static compliance checks.

Scott confirms, "Organisations will be able to measure the maturity of their controls with our upcoming AEGIS maturity assessment, which informs how effectively these controls have been deployed."

Seamless integration with GRC frameworks

Rather than creating parallel requirements, AEGIS is designed to "integrate and map agentic AI risks to the organisation's enterprise risk framework and taxonomies," according to Scott.

The framework maps its controls to global and local standards—NIST AI RMF, ISO 42001, and the EU AI Act—while ensuring that Asia-specific mandates (like Japan's AI guidelines or the DPDP Act in India) can be operationalised without duplication.

Scott makes it clear that "AEGIS's GRC domain begins with governance and oversight, helping organisations right-size compliance requirements for cost-effective, secure AI use."

For Asian enterprises that balance speed and compliance, this provides both a risk-aligned and resource-conscious path to agile security.

"AEGIS does not create a separate, parallel set of requirements. It helps organisations meet the intent of broader security process frameworks while dealing with the unique challenges posed by autonomous agents." Cody Scott

Addressing shared responsibility with AI vendors

Asian CISOs often deploy AI agents sourced from global vendors, such as OpenAI, Anthropic, or Microsoft, which requires clarity on the shared responsibility model.

AEGIS "directly requires organisations to align agentic AI controls to GRC and third-party risk activities, including AI agents from third-party models and platforms," says Scott.

He advises that, "Vendor contracts become an important risk mitigation tool up front and must include language around acceptable use; data management; model provenance, training and validation; observability; incident response; regulatory compliance commitments; and exit clauses when vendors fail to meet obligations."

This approach is especially pertinent given Asia's rapid adoption of platforms and international partnerships, where regional CISOs need assurance that global products enforce robust agent guardrails compatible with local requirements.

Auditable agentic actions

Scott emphasises that, "governance and audit go hand-in-hand—you can't have one without the other."

AEGIS supports comprehensive audit trails through controls covering interaction logging, privilege escalation tracking, data flow monitoring, API call analysis, and validation of agent reasoning processes.

"AEGIS doesn't mandate a specific logging schema but should integrate with an organisation's existing audit documentation and logging processes. It augments these with the ability to collect forensic snapshots of agent memory for post-incident analysis." Cody Scott

In Asian regulatory environments where post-incident reporting and forensics are critical (as required by the PDPA in Singapore or China's network security audits), such architectural flexibility—paired with forensic depth—forms a vital component of trust-building across multi-cloud, multi-agent deployments.

Key takeaways for Asia's CISOs

Forrester's AEGIS offers Asian CISOs both structure and adaptability, mapping the urgent needs of digital governance, compliance, and resilience to actionable controls. The framework's phased roadmap, prioritising governance and risk management before technical uplift, aligns with the tightening regulatory timelines in the region.

As Scott notes, "We use AI agents for their autonomous orchestration capabilities, but our role as security leaders must pivot to ensuring not just secure systems, but secure agent intent—by design, by oversight, and by continuous assurance."