Speed is the new competitive currency, but unprotected velocity is a liability. Nowhere is this more apparent than in the race to adopt agentic AI — AI capable of autonomous decision-making based on real-time data.
Across Asia, organisations are racing to deploy AI to drive efficiency and gain competitive advantage. But in the pursuit of speed, one area is falling dangerously behind: security. As AI systems become more autonomous and embedded in decision-making processes, security cannot be treated as an afterthought; it must be a foundational requirement from the outset.
Security struggles to keep up with AI advancements
The problem isn’t just speed, it’s complexity. Unlike traditional software, agentic AI isn’t static; it can evolve as the model learns and adapts. It can interact with external APIs, access internal datasets, or even collaborate with other models, often in ways its developers may not fully anticipate.
Once deployed, agentic AI systems may amplify risks through unsupervised actions, unexpected data access, or interactions that legacy security frameworks aren’t equipped to assess. What makes AI powerful is also what makes it unpredictable.
The real-world consequences of insecure AI
AI failures don’t just cause technical disruptions. They erode trust, attract regulatory scrutiny, and damage reputation. As agentic AI powers more customer-facing services and national infrastructure, the stakes rise. In Singapore, GovTech developed a multi-agent system prototype to extract deeper insights from customer relationship management data. This set-up allowed the team to glean contextualised and human-validated insights, which typically involved human intervention. While such deployments have the potential to improve service delivery and operational efficiency, a single oversight could still lead to regulatory complications or reputational risks.
Adding to the pressure is the growing attention on AI from governments and regulatory bodies, which are tightening expectations around privacy, safety, and accountability. When companies fall behind on security, it may lead to more breaches, fines, and sanctions.
Ironically, lax security can also stifle innovation. Teams preoccupied with patching issues often lack the capacity to develop new capabilities. Over time, a reactive posture widens the gap between innovation and security, leaving organisations perpetually playing catch-up.
Prioritising security for agentic AI
Security should not be an afterthought addressed late in the development cycle. It must be a core principle, integrated into every stage of the AI lifecycle. To deploy secure agentic AI systems, organisations need to rethink how systems are built, governed, and maintained. Key priorities include:
- Making security a core requirement. Security considerations must be integrated from the initial planning and design phases of agentic AI projects. This includes new architectural norms, such as adversarial testing and defined trust boundaries, to prevent unauthorised interactions.
- Keeping humans in the loop. While agentic AI can process and analyse data at scale, it still requires human judgment for ambiguous or exceptional cases. Critical decisions, especially in sectors like finance, healthcare, and national infrastructure, must involve human oversight to identify edge cases and ensure ethical outcomes.
- Developing tailored defences for agentic AI. Traditional security tools often overlook the distinct threats facing agentic AI. For instance, in a model inversion attack, bad actors can reverse-engineer an AI model to uncover the private data it was trained on. In data poisoning, they tamper with training data to subtly corrupt the model’s future behaviour without detection. To address such risks, organisations should adopt safeguards such as improving visibility into AI system components, maintaining detailed operational logs, and monitoring models for unexpected or anomalous outputs.
- Evolving security with technology. As AI models and threats evolve, so must security protocols. Organisations need adaptive frameworks, regular reviews, and the agility to respond to emerging vulnerabilities.
Thankfully, industry bodies are stepping up to shape the future of responsible agentic AI. In Singapore, GovTech’s AI Practice Group recently released an Agentic AI Primer that outlines practical governance principles for securing and overseeing autonomous systems. It emphasises auditable autonomy, human oversight, and adaptive safeguards — all critical foundations for building trust in agentic AI from the outset.
As AI becomes more autonomous, trust must be a deliberate outcome of design, not an afterthought. Organisations that embed resilience, accountability, and security into their AI initiatives from day one will not only stay compliant, but they’ll earn the confidence needed to innovate at scale and remain competitive.
