SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
International Women’s Day
392 opinions Read now

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Rachel
#
Firewalls
#
Digital Transformation
#
Network Security

AI-first firms in Southeast Asia face rising cyber risk

Fri, 27th Feb 2026
Author image
By Catherine Knowles, News Editor

Fastly reports that organisations in Southeast Asia increasingly associate artificial intelligence with recent cybersecurity incidents, as the region expands AI use across business operations.

In its latest Global Security Research Report, 69% of Southeast Asian respondents said AI-including AI tools or models-contributed to their most recent cybersecurity incident. Fastly describes the trend as an "AI speed tax", arguing that faster AI adopters face longer recovery times and higher costs.

The findings are based on a survey of 2,000 IT decision makers who influence cybersecurity decisions across multiple regions and industries. Sapio Research conducted online interviews in the fourth quarter of 2025.

Longer recovery

Globally, organisations that describe themselves as "AI-first" take nearly seven months on average to fully recover from cybersecurity incidents-80 days longer than those that do not identify as AI-first, the report says.

Fastly defines AI-first businesses as organisations that integrate AI into key processes and offerings from the outset, rather than adding it later. It argues that many have not updated security approaches as quickly as AI adoption across their IT infrastructure.

Fastly also links longer recovery times to higher financial impact, reporting that the cost of a cybersecurity incident for AI-first businesses is more than 135% higher than for non-AI-first businesses.

The report attributes part of the gap to the extent to which AI is implicated in incidents. It found that 44% of AI-first organisations said AI was directly exploited in their most recent security incident, compared with 6% of non-AI-first organisations.

Attack surface

The report argues that AI-driven systems reshape the security environment by adding new components and workflows. It points to agentic workflows and decentralised data flows as factors that can complicate defensive controls and increase potential entry points.

It also highlights AI-related activity that is not necessarily tied to a breach, such as automated crawling and scraping of online content for AI training or inference. These activities can increase infrastructure demand and make it harder for teams to distinguish routine traffic from hostile patterns.

Marshall Erwin, Fastly's chief information security officer, said security teams face growing pressure as AI spreads across systems.

"The speed of AI adoption is reshaping security infrastructure almost overnight. For AI-first businesses, the priority isn't to slow down innovation, it's to modernise security at the same rate," Erwin said.

Rachel Ler, Fastly's AVP of Asia, said incident response becomes more complex as AI becomes embedded across business systems.

"AI is no longer a single tool - it's becoming an integral part of business operations. This creates new challenges for security teams, from tracking its deployment to understanding its impact during incident recovery," Ler said.

Scraping costs

Beyond incident recovery, Fastly says AI scraping has become a significant cost issue in Southeast Asia. It reports that 67% of respondents in the region described AI scraping as a material cost centre, with average annual infrastructure impacts exceeding $372,330.

The report lists the most common negative effects linked directly to AI activity in Southeast Asia: 53% cited operational disruption, 51% increased infrastructure expenses, and 50% security incidents or data leakage. It adds that 35% reported issues affecting online visitors, including sluggish load times and broken functionality.

The findings suggest AI-related traffic and activity can create pressure even without a single breach event. Increased load and architectural complexity can also strain teams already managing application security, APIs, and availability risks.

Security spend

Fastly reports that organisations are increasing investment in tools and controls related to web and API exposure. In Southeast Asia, 72% of respondents cited web application firewalls as a leading investment area, followed by API discoverability and security solutions (66%) and agentic discoverability (64%).

The report also captures concerns about attacks that target AI-driven components directly, with 83% of Southeast Asian respondents worried about distributed denial-of-service attacks aimed at AI agents.

Skills and resourcing remain constraints. In Southeast Asia, 61% of respondents reported a need for additional AI-specific security expertise, and 59% said existing teams face increased pressure to manage AI risks.

Erwin said the scope of what organisations must defend is expanding alongside AI adoption.

"There is a major shift happening in terms of what organisations are responsible for defending," Erwin said. "The challenge is no longer confined to malicious actors and isolated security incidents. Instead, it's about managing an infrastructure footprint that is growing rapidly and, often, invisibly."

Related stories
Sweep wins cybersecurity firms for Salesforce control
Xiid secures EV charging, healthcare AI & multi-cloud
AI-fuelled crime drives illicit funds to $4.4 trillion
AI agents drive surge in cyber threats & extortion
Tenable appoints Dino DiMarino to drive AI security growth

Top stories

Manifest tool boosts SBOMs for critical C & C++ code
Stryker probes global cyber attack via MDM systems
Global CISO Council launched to steer AI governance
MIND unveils Autonomous DLP Analyst to cut alert noise
DNSFilter adds DNS PreCheck to protect roaming staff