COMMENTARY: Artificial intelligence (AI) is becoming a central force in both physical and digital conflict, changing how attackers and defenders operate. Across the Asia-Pacific region, AI is now a major driver of cyber risk.The rise of AI-enabled deepfake attacks has helped push social engineering incidents up by 53% year over year, while fraud and social engineering-related claims have increased by 233%. The speed and scale of AI’s impact invite comparisons to the early days of nuclear technology.Unlike nuclear tools, however, AI is widely available and easily misused. As a result, organizations can no longer treat AI-related threats as theoretical. These technologies are already changing how conflicts play out and how outcomes are decided.
The growing pressure from generative AI
Generative AI has lowered the barriers to cybercrime, making attacks easier to launch and harder to contain. Threats are becoming more frequent, more automated, and more disruptive, putting pressure on business operations, public services, and trust in digital systems.Research from Fortinet and IDC shows how widespread the issue has become. In 2025, AI-driven cyber threats affected 56% of organisations. Among those hit, more than half reported that threat volumes had doubled, while over four in ten said they had tripled.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts.Read more Perspectives here.]The damage is not limited to system outages. An analysis of 1,414 cyber incidents worldwide found that 56 turned into reputation risk events, meaning they drew major public attention. Companies affected by these incidents saw an average drop of 27% in shareholder value.At the same time, security teams are struggling to keep up with the number of new attack paths. Fortinet’s Cyberthreat Predictions for 2026 suggest that offensive AI tools are already finding and exploiting weaknesses faster than human analysts can respond.Malware and ransomware pose the greatest reputational risk. Together, they account for 60% of reputation-related incidents, even though they make up less than half of all recorded attacks.Generative AI is also shrinking response windows. Where organizations once had days or weeks to apply patches, exploits can now appear within hours or minutes. Attackers can also study new fixes and quickly create variants designed to bypass them.
Organizations struggle to keep up
AI’s ability to generate convincing text, audio, video, and code at speed has made cyberattacks more agile and harder to detect. Phishing campaigns are more believable, exploits are created more quickly, and defenses are tested continuously.As a result, the gap between a vulnerability being disclosed and it being exploited is getting smaller, sometimes measured in minutes rather than days.
Many organizations are not well prepared for this shift. In Singapore, fewer than 1 in 6 organizations have a dedicated chief information security officer, and only 6% run dedicated threat-hunting or security operations teams.To close this gap, some organizations are turning to predictive AI to spot threats earlier and reduce reliance on manual response. AI-based tools are also being used to connect signals from different systems, helping teams see patterns that might otherwise be missed.Still, staffing remains a major constraint. Security teams are under pressure due to a lack of skilled professionals. As of November 2025, the World Economic Forum estimates a global shortage of between 2.8 million and 4.8 million cybersecurity workers. In Singapore, only about 13% of IT staff work in cybersecurity roles.While AI has supported threat detection for years, its role is becoming more critical as systems grow more complex and experienced personnel remain limited.
Why AI on its own is not enough
Adding predictive or generative AI tools to a security setup does not solve the problem by itself, however. Many organizations still fail to apply patches or fix known weaknesses, leaving systems open to attacks that require little effort. AI can help flag risks and automate parts of the process, but uneven use allows attackers to stay a step ahead of defenders.Predictive AI remains an important part of modern security, especially as attack volumes rise. However, when both attackers and defenders rely on AI, technology alone does not create an advantage.Human involvement remains essential. Teams need the ability to comprehend AI output, question anomalies, and act on context rather than automation alone. Training staff to work alongside AI tools helps ensure that threats are identified early and responses are correct.Without this balance, even advanced systems risk reacting too late.As AI continues to speed up both attacks and defenses, the key issue is not whether it will influence cybersecurity, but how it is used and governed.The scale of AI-driven threats calls for cooperation across businesses, industries, and governments. Clear standards, shared responsibility, and proactive risk planning all play a role.Equally important, security needs to be built into systems and AI deployments from the beginning, rather than added after problems arise. Without this strategy, the risks associated with AI may outweigh the benefits it offers.
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
The updated policy states that in certain circumstances, users may be asked to provide a scan of a government-issued passport or driver's license, along with a selfie and a facial geometry template.
Per TechCrunch, Signal President Meredith Whittaker has voiced significant concerns regarding the privacy implications of widely used AI chatbots, emphasizing that these tools should not be perceived as sentient or trustworthy entities.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
