PodChats for FutureCISO: Use behavioural AI to shields against multi-cloud vulnerabilities

For many years now, Asia's cyber threat landscape has been marked by escalating nation-state attacks and rampant cloud breaches. In 2026, it stands to be transformed by integrating agentic AI for proactive threat detection.

This autonomous technology could pre-empt lateral movements, reduce alert fatigue, and enable real-time breach containment, bolstering defences for organisations amid high cloud saturation and sophisticated adversarial tactics.

The Asia Pacific identity and access management (IAM) market is projected to grow significantly, fuelled by rising cyber threats and AI integration.

Yet, adoption of AI-powered IAM remains uneven, with only about 25% of consumer-facing companies expected to use it by 2027 due to integration and cost barriers. For CISOs across the region, the priority in 2026-2027 is clear: turn behavioural AI from theory into a practical shield for hybrid and multi-cloud environments.

Cyber Cartographers: AI graphs map hybrid cloud complexities

Asian organisations are rapidly adopting hybrid cloud architectures, but this acceleration is driving a surge in nation-state-sponsored advanced persistent threats (APTs).

According to the World Economic Forum's Global Cybersecurity Outlook 2026, only 47% of respondents in East Asia and the Pacific expressed confidence in their country's preparedness to respond to major cyber incidents targeting critical infrastructure.

Andrew Kay, director of systems engineering for APJ at Illumio, explains the shift: "Hybrid cloud adoption is accelerating across Asia Pacific, and with that, the continued rise of APT activity. Unfortunately, it's to be expected that adversaries, whether nation-state sponsored or otherwise, are going to be able to bypass traditional defences."

Unlike static perimeter defences, AI-powered security graphs create dynamic, living models of entire environments. Kay notes: "Security Graphs are becoming vital to combating these attacks, particularly the sophisticated nation-state sponsored ones."

Unlike static perimeter defences, AI-powered security graphs create dynamic, living models of entire environments. "Security Graphs are becoming vital to combating these attacks, particularly the sophisticated nation-state sponsored ones," he adds.

"The key to security graphs is that they're dynamic, a living model of an organisation's entire environment. They map the relationships and dependencies between systems, users, applications, and have the context of threats, vulnerabilities, risk and identity." Andrew Kay

These graphs enable CISOs to act as "cyber cartographers", proactively identifying pathways for lateral movement before exploitation. In 2026, Gartner predicts that 40% of enterprise applications will feature task-specific AI agents (up from less than 5% in 2025), making such contextual mapping essential for multi-cloud resilience.

Mitigating East-West blind spots

High cloud saturation in Asia exacerbates vulnerabilities in multi-cloud setups, particularly overly permissive east-west traffic in flat networks, policy drift, and under-segmented VPCs or Kubernetes clusters.

Illumio's 2025 Global Cloud Detection and Response Report highlights that fragmented observability contributes to nearly half of lateral movement incidents, while alert fatigue—exacerbated by thousands of daily alerts lacking context—remains a top concern.

Kay highlights the challenge: "Many organisations are facing blind spots across their East-West traffic, with overly permissive access through often flat networks across multi-cloud environments. Fragmented observability is contributing to half of lateral movement incidents. Alert fatigue, with a lack of context, is a top issue."

Behavioural AI, powered by agentic systems, uses real-time analytics to baseline normal behaviour and pre-empt exploits. Akamai's 2026 Cloud and Security Outlook for APAC report warns that AI-driven threats will compress attack timelines, enabling autonomous adversaries to breach systems in hours rather than days, particularly in high-value markets like Singapore, Japan, and Korea.

Agentic AI counters this by analysing connection patterns, data transmission rates, and subtle deviations—capabilities humans struggle to maintain at scale.

Security graphs deliver real-time anomaly detection

AI-driven security graphs leveraging entity resolution and anomaly detection provide a living topology of workloads, users, and communications.

Kay observes: "AI security graphs help both security architects and CISOs become 'cyber cartographers', understanding and building protective surfaces in advance. They're observing and analysing all flows and connections and surfacing all the needles within those many haystacks of the cloud environments and applications."

In 2026-2027, this dynamic view is critical as IDC reports surging cloud security investments across Asia/Pacific driven by AI threats and regulatory mandates. CISOs gain high-confidence, actionable context for in-flight attacks, enabling rapid containment and reducing blast radius.

Multi-agent systems accelerate correlation and containment

Agentic AI leverages multi-agent systems for real-time threat correlation, decision-tree acceleration, and automated containment.

"Agentic AI augments and typically replaces lengthy, multi-tool processes that are very challenging for humans. They are always on, always watching, always analysing, and looking for things like – meaningful deviations, unusual connections, East-West movement." Andrew Kay

Nearly 80% of global cybersecurity leaders surveyed by Illumio view AI/ML as essential for faster lateral movement detection. In Asia, where supply chains and partner connections multiply attack surfaces, these agents coordinate responses across SIEMs, CSPMs, and identity systems while prioritising remediation.

Role-tailored AI for SOC efficiency

Agentic AI excels at tailoring outputs to specific roles—threat hunters receive SOAR-integrated workflows, analysts get compliance-aligned reports, and executives see risk dashboards.

Gartner forecasts massive production growth of AI agents, aligning with Kay's view: "A key opportunity with Agentic AI is to create focused agents that operate through the lens of a specific persona. This allows them to be more efficient and effective with the data that they have and the advice that's given."

For Asian CISOs facing talent shortages, this role-aware capability reduces alert fatigue and empowers faster, context-rich decisions.

Governing Agentic AI risks amid Asia's regulations

Agentic AI introduces risks, including prompt injection, model drift, and erroneous autonomous actions. "AI is not infallible," warns Kay. "Agents can act faster and more dangerously than humans ever could. We need to go back to those basic principles of least privilege and Zero Trust, to have oversight of – how connected agents are."

Asia's regulatory environment—marked by data sovereignty demands (Akamai) and guidelines such as Singapore's Agentic AI Security Guidelines—requires private AI infrastructure, feedback loops, and micro-segmentation around agents.

The rise of agentic AI malware that dynamically alters behaviour underscores the need for robust governance.

Agentic AI with EDR/XDR for controlled response

Effective interoperability with EDR or XDR demands governed environments. Kay emphasises: "If agents are going to act on your behalf, the key thing is to have a controlled and governed environment for them."

"You need to govern what systems they can interact with and even limit their opportunity to act within your environment to only those specific pathways that you've identified as being appropriate." Andrew Kay

Dynamic quarantining of anomalous workloads, with human validation for high-impact actions, ensures safe automation. In 2026-2027, Asian CISOs prioritising Zero Trust segmentation will achieve the fastest, most resilient containment.

As nation-state threats and cloud complexity intensify, behavioural and agentic AI—anchored in security graphs and Zero Trust principles—offer Asian organisations a proactive edge. By embracing these technologies with strong governance, CISOs can transform alert overload into actionable intelligence and turn potential breaches into contained incidents.

Click on the PodChats player to hear Kay share his perspective on how organisations can use behavioural AI to mitigate the vulnerabilities that come with multi-cloud use.

1. How are Asian organisations employing machine learning algorithms, such as graph neural networks, within AI frameworks to manage hybrid cloud complexities and mitigate nation-state-sponsored APTs?
2. What specific vulnerabilities in multi-cloud environments, exacerbated by Asia's high cloud saturation, enable east-west lateral movement, and how can agentic AI utilise behavioural analytics to pre-empt such exploits?
3. How do AI-driven security graphs, leveraging real-time entity resolution and anomaly detection via unsupervised learning, offer a dynamic topology of workloads, users, and communications to identify subtle deviations indicative of threats?
4. Amid Asia's exposure to APTs, how can agentic AI leverage multi-agent systems to perform real-time threat correlation, accelerate decision trees, and automate containment protocols such as micro-segmentation?
5. What capabilities might agentic AI provide in tailoring threat intelligence feeds and remediation workflows to specific roles, such as integrating with SOAR platforms for threat hunters or generating compliance-aligned reports for analysts?
6. What technical risks arise from agentic AI deployment, including prompt injection vulnerabilities or model drift leading to erroneous autonomous decisions, and what mitigation strategies, such as human-in-the-loop safeguards, are suitable for Asian regulatory environments?
7. Under which conditions could agentic AI interoperate with existing EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) tools to orchestrate automated responses, such as dynamic access controls, in expansive cloud infrastructures?