In Asia Pacific, CISOs are navigating a pivotal shift as organisations operationalise AI across complex, hybrid, and sovereign environments. AI has evolved from an innovative layer into a source of profound operational and security complexity—where failures in autonomous systems now trigger systemic business risks.
Building digital resilience at scale demands robust governance, continuous monitoring and sovereign compliant architectures.
For the CISO in Singapore, Jakarta, or Sydney, 2026 is the year the abstract promise of AI collided with the concrete reality of risk. No longer just a tool for back-office automation, artificial intelligence—specifically agentic AI—is now the engine running critical supply chains, fraud detection, and customer operations.
Yet, as organisations across Southeast Asia race to capture a projected US$1 trillion GDP uplift from AI by 2030– a dangerous blind spot has emerged.
According to John Morgan, senior vice president and general manager of Security at Splunk, the very technology designed to protect enterprises is becoming the "weak link" if governance fails to keep pace.
" The real power of AI is in changing AI-native workflows—not as bolted-on supplements, which is how it started," Morgan explains. "As enterprises embed AI into revenue or business-critical workflows, it introduces new attack surfaces and unpredictable model behaviours."
Below are how CISOs can turn that weak link into a competitive advantage:
The "invisible agent" epidemic
The first major challenge CISOs cannot ignore is visibility—or the lack thereof. In the rush to adopt Large Language Models (LLMs) and autonomous agents, organisations have lost count of what is operating on their networks.
Morgan warns that the inventory problem is more severe than most leaders realise. "One of the biggest issues we’re seeing today is that organisations have countless agents in their environment they didn’t even know about," he states. "You can’t protect something if you don’t know it exists."
This lack of visibility is compounded by the rise of AI-driven fraud syndicates. Research from the FutureCFO Conference Malaysia 2025 reveals only 9% of security leaders attending the conference were very confident in their current AI-powered security tools to provide accurate and reliable threat intelligence.
FutureCISO discussions with security practitioners concludes that digital scams have evolved into a "structured industry" utilising deepfakes and automated device farms.
In the Asia-Pacific, deepfake cases surged by over 1,500% in a single year, with Vietnam experiencing the highest jump in fraud incidents.
To combat this, Morgan advises CISOs to treat agentic AI like a new, highly privileged employee. "Assign identity and governance—authentication, authorisation, and access control," he says. "You need to break up what one human used to do into several agents doing one job. That’s called separation of duty, and it’s really important from a security perspective."
The cybersecurity skills gap in Asia is well-documented, but AI is changing the nature of the deficit. It is no longer just about finding analysts; it is about finding leaders who understand the intersection of data science, regulatory fluency, and security.
"Despite talent consolidation efforts, significant gaps persist in AI governance," Morgan admits. "Few professionals can combine deep security expertise with data science and regulatory fluency."
The solution lies in the Agentic Security Operations Centre (SOC). Rather than replacing humans, Splunk advocates for a "human-in-the-loop" model where AI handles the drudgery so humans can handle the strategy.
Morgan describes a workflow where detection, investigation, and response are augmented by machines. "The detection side is continuously correlating signals across massive data volumes," he says. "Agentic AI operates at the intersection of automation and human judgment, autonomously investigating and recommending actions while escalating to humans on defined thresholds."
Industry analysts note that by 2026, leading SOC platforms are moving toward "Mesh Agentic Architectures," where AI agents handle Tier-2 and Tier-3 investigations, cutting false positives by up to 80%. This allows exhausted analysts to focus on high-stakes decisions rather than alert fatigue.
Morgan points to federated architectures as the solution. "CISOs are deploying federated architectures, keeping data resident within jurisdictional boundaries while aggregating anonymised metadata into centralised analytics layers," he explains. This allows for unified threat visibility without violating sovereignty mandates.
This trend is accelerating due to "platform lock-in" risks. Research suggests that sovereign cloud frameworks will jump from 5% to 35% adoption by 2027. Morgan reinforces the need for "explainability" in this context. "Often, AI implementations are very opaque," he notes. "Making sure that the AI can explain how it came to the verdict it did—that’s something we put a lot of energy into."
The speed of attack vs. machine speed defence
Perhaps the most compelling argument for agentic AI is the sheer speed of the modern attacker. The days of waiting weeks to exploit a vulnerability are over.
"We’re seeing attackers translating zero-day vulnerabilities within hours, when it used to take 25 to 30 days," Morgan reveals. "Humans won’t be able to keep up."
John Morgan
“CISOs must ensure their security operations leverage automation and machine speed, with human-in-the-loop guardrails, to operate at the pace of modern threats." John Morgan
Cisco’s 2025 Talos report corroborates this, noting that vulnerabilities like "React2Shell" saw near-instant automated exploitation, likely fuelled by agentic AI building exploit kits. To survive 2026 and 2027, CISOs must ensure their defence operates at the same machine speed as the offense.
Morgan advises focusing on "runtime security" and "access control." He emphasises that the SOC must evolve to secure the agents themselves. "We like to think of it as protecting agents from the world and protecting the world from agents," he says. "You need prevention controls with resilient incident response. That resilient piece is a SOC capability, along with automated failover and AI-aware incident management."
Trust, uptime, and the path forward
As CISOs look toward 2027, the "weak link" is not the technology itself, but the governance framework surrounding it. John Morgan leaves security leaders with a final, urgent checklist.
"When you look at a SOC using AI, bear in mind it is a high-risk environment," he concludes. "It is your last line of defence watching your other AI agents."
To build sustainable, AI-driven growth, CISOs in Asia must prioritise three pillars: Trust (observability of inputs/outputs), Uptime (resilient, AI-driven response), and Compliance (explainable decisions). As Morgan succinctly puts it: "You really shouldn’t trust what you can’t see." In the age of agentic AI, observability is the only currency that matters.
Click on the PodChats player to hear Morgan elaborate on many of the weak link CISOs can't ignore in 2026.
Questions covered in the discussion:
Why has AI transitioned from a supplementary technology to a core driver of operational and security complexity across Asian enterprises?
How are AI-related failures increasingly manifesting as systemic business risks rather than isolated technical incidents?
What machine data strategies have organisations in Asia implemented to create a definitive, auditable record of system, user, and autonomous agent behaviour across hybrid environments?
How are organisations in Asia embedding real-time observability into security architectures to detect anomalies before AI-driven failures cascade across interconnected systems?
Given the regional investment in security talent consolidation, what expertise gaps remain in organisations’ ability to govern where AI and operational decisions converge?
How does the convergence of automation, human judgement, and unified data enable agentic AI to transform security operations capabilities?
In what specific ways can agentic AI accelerate detection, deepen investigations, and support controlled, proportionate responses to incidents?
What practical strategies allow organisations to operationalise AI at enterprise scale across hybrid infrastructures while sustaining resilience?
How are regional CISOs adapting to sovereignty requirements across Asia—from Singapore’s MAS guidelines to Australia’s data locality rules—while maintaining unified security visibility?
How can trust, uptime, and regulatory compliance be maintained as AI adoption accelerates in sovereign, multi-cloud Asia-Pacific contexts?
Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events.
Previous Roles
He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role.
He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications.
He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer.
He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific.
He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific.
He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.
