APAC AI adoption outpaces identity security controls

Organisations across Asia Pacific are accelerating AI adoption, but gaps remain in identity controls, according to new regional data from Okta's Businesses at Work 2026 report.

The report found that non-human identities such as AI agents, bots and service accounts are spreading quickly across enterprise systems as companies embed AI into workflows, customer interactions and core operations. In some environments, these identities outnumber human users by as much as 45 to 1.

Security readiness is not keeping pace. Only about 10% of organisations said their identity systems were fully equipped to manage and secure non-human identities.

The figures point to a widening gap between adoption and control as businesses push AI and automation deeper into day-to-day operations. Governance and accountability are emerging as major concerns, with many organisations still at an early stage in deciding who owns AI security.

That lack of ownership can increase the risk of unmanaged or shadow AI activity, particularly as businesses deploy more automated tools outside traditional oversight structures. The report also found that identity and access management is becoming more important as AI use expands.

Security focus

Security applications are among the fastest-growing categories in many organisations' technology stacks across APAC. The trend reflects a broader shift in priorities as businesses look for ways to oversee both human and non-human access across increasingly complex systems.

The findings suggest identity management is moving from a back-office technical function to a more central role in corporate risk control. As AI systems take on more tasks, companies face the challenge of ensuring automated actors are visible, governed and subject to appropriate access rules.

Dan Mountstephen, Senior Vice President and General Manager, APJ, at Okta, said the issue is becoming more pronounced as AI scales across organisations.

"As organisations scale AI across the enterprise, we are seeing a fundamental shift in how identity needs to operate," Mountstephen said.

He said the regional picture showed rapid uptake alongside incomplete governance structures.

"We are seeing this play out very clearly across APAC, where organisations are moving quickly to adopt AI, but are still building the governance models needed to support it. This isn't just about managing more users; it's about managing entirely new classes of identity that don't behave like humans and operate at a completely different scale.

"If you automate anything at scale, the risk scales with it. The organisations that will lead in this next phase won't be the ones that move fastest, but the ones that can demonstrate control, accountability and governance as they deploy AI.

"That's why identity is becoming the control plane for the modern enterprise. It's what enables organisations to manage access, enforce policy and maintain trust as environments become more complex," Mountstephen said.

Governance gaps

The report argues that the spread of AI is creating a new class of security challenge. Traditional identity systems were designed mainly around employees, contractors and customers, but AI agents and service accounts can operate at far greater scale and speed, creating a different burden for oversight teams.

Many organisations are still working out how to assign responsibility for those systems, especially when AI tools are adopted by business units outside central technology teams. Without clear accountability, monitoring and policy enforcement can become inconsistent.

Across the region, companies are trying to balance faster AI deployment with tighter security expectations from boards, regulators and customers. The data suggests this balancing act is turning identity into a key point of control as businesses expand automation.

Extending visibility, access controls and governance across both human and non-human identities will be critical as adoption continues, the report found. In some enterprise environments, non-human identities now outnumber human users by as much as 45 to 1.