Ping Identity's latest research warns that attackers are using agentic AI to deploy rogue agents, steal credentials, spread malware, and disrupt organisations, all while staying undetected. In similar vein, a March 2026 IDC study found only 9 percent of companies are prepared for ongoing AI-driven identity threats.
As APAC enterprises roll out autonomous AI systems, they’re increasingly vulnerable to exploitation, with attackers bypassing governance and triggering complex workflows. The rise of AI autonomy creates a widening accountability gap: when bots misbehave or are compromised, many firms struggle to pinpoint who approved actions or who’s responsible, turning identity into a pressing security, compliance, and liability issue, especially in regulated sectors demanding rigorous audits.
iTNews Asia spoke to Jasie Fon, regional vice president, Asia, Ping Identity, on what firms need to do to think about when teams start deploying agentic AI.
iTNews Asia: How are malicious actors exploiting agentic AI with rogue agents to disrupt operations and cripple organisations?
Jasie: Instead of focusing primarily on human users, attackers are increasingly targeting AI agents that already sit inside the enterprise with legitimate access to systems, data, and workflows. These agents are designed to operate autonomously, which makes them highly efficient but also introduces a new layer of exposure.
For example, attackers are shifting their focus away from forcing entry through the 'front door' of human logins and are instead targeting 'weak doors' like account recovery call centres or exploiting AI agents that already sit inside the enterprise.
A prime example is how rogue AI agents can be manipulated. Because AI agents are non-deterministic and act independently, attackers can compromise an existing agent and weaponise its legitimate access to execute malicious actions in parallel across multiple systems. If an autonomous AI agent is given broad administrative access, a malicious actor could hijack it to execute destructive actions, such as deleting a firm's database or exposing sensitive user records, simply because the agent technically had the valid credentials to do so.
This happens because traditional identity models rely on session-based trust. They authenticate the agent once at login and issue a static token, assuming nothing will change. Attackers exploit this because access grants permission, but it does not enforce control. Once the agent is compromised, there are no real-time guardrails to stop it from making unauthorised decisions.
The impact is also amplified by scale and speed. Once compromised, an agent can execute actions across multiple systems in parallel, from accessing sensitive data to triggering workflows that have downstream operational consequences. What might have taken significant effort through human compromise can now be executed far more quickly through an exploited agent.
iTNews Asia: Why do AI agents create an accountability gap that traditional IAM and zero trust models were not designed to handle?
Jasie: Traditional identity models are built around a clear chain of intent. A user is authenticated, granted access, and then operates within a defined session. That model assumes actions are directly tied to a human decision at a specific point in time.
AI agents do not follow that pattern. They operate continuously, make decisions based on changing inputs, and interact across multiple systems without requiring repeated authentication. As a result, verifying identity at the start of a session is no longer sufficient to ensure control over what happens next.
An accountability gap emerges at this point. When an AI agent takes an action, organisations often struggle to determine who authorised it, whether it aligned with policy, or how that decision was reached. This lack of clarity reflects a broader trust gap.
Zero trust frameworks have strengthened access control, but they are still largely focused on authentication and authorisation at entry points. They are not inherently designed to provide continuous visibility into behaviour or enforce control at the moment each action is taken.
iTNews Asia: What are the real-world risks of autonomous systems driving unauthorised access, data exposure, and compliance failures?
Jasie: The risks are already emerging in operational environments, particularly as AI agents become more embedded in business workflows. An AI agent with access to sensitive data or critical workflows can retrieve information, initiate transactions, or modify system states without immediate human intervention.
Because these actions are automated, they can propagate before being detected, increasing the scale of potential impact. This risk is compounded by the rapid growth of non-human identities. Industry data shows machine identities already outnumber human identities by a significant margin in many enterprises, expanding the potential attack surface.
The more significant challenge, particularly in regulated sectors, is traceability. It is not enough to identify that something went wrong. Organisations must be able to explain how and why an action occurred, what data was involved, and whether controls were applied appropriately.
Without that level of transparency, incidents quickly become compliance and audit issues, not just security events. As AI agents take on more responsibility within enterprise environments, that distinction becomes increasingly important.
iTNews Asia: Why is APAC particularly exposed as AI adoption outpaces governance frameworks?
Jasie: As noted in a Standford University 2026 AI Index Report, governance frameworks, evaluation methods, and education systems are struggling to match the pace of adoption, with its responsible AI survey placing APAC at only 2.5 out of 4 — still in the ‘integrating’ stage. Organisations are integrating AI into production environments at pace in order to remain competitive and drive efficiency.
That speed creates an imbalance. Governance models, operational controls, and regulatory frameworks are still evolving, while deployment is accelerating. In many cases, AI capabilities are being layered onto existing systems that were not designed to manage autonomous actors.
The issue is not a lack of awareness. Organisations recognise the risks, but adoption is moving faster than the mechanisms required to manage those risks at scale. That creates a period where exposure increases before governance fully catches up.
- Jasie Fon, regional vice president, Asia, Ping Identity,
iTNews Asia: How does “runtime identity” extend identity from login-time verification to continuous control over actions, including rogue agent detection?
Jasie: Runtime identity reflects a shift in how identity is applied within modern systems. Instead of focusing primarily on authentication at the point of access, it introduces continuous evaluation of behaviour throughout the lifecycle of an interaction.
This approach is particularly relevant for AI agents, where risk is not confined to entry into a system but extends to what the agent does once inside. An agent may be authenticated correctly, but its actions can still deviate from expected patterns or exceed intended boundaries.
By applying identity controls at runtime, organisations can assess each action in context, enforce policies dynamically, and detect anomalies as they occur. This creates the ability to intervene in real time, rather than relying solely on post-event analysis.
It also strengthens accountability. When every action is evaluated and recorded against defined policies and identities, organisations gain clearer visibility into how decisions are made and executed. This is essential in environments where auditability and traceability are required.
In effect, identity moves from a static checkpoint to an active control layer. That shift is necessary to manage systems where both humans and machines are continuously interacting and making decisions.
iTNews Asia: What are outline practical steps organisations can take to close this gap without overhauling existing identity infrastructure?
Jasie: Most organisations in Singapore already have a solid identity foundation in place. The challenge is not replacement, but extension. Existing IAM frameworks were designed around human users, while today’s environments increasingly include AI agents, service accounts, and automated workflows operating at scale.
A critical starting point is visibility. Organisations need a clear and complete view of non-human identities across their environment, including what access these entities have and how they interact with systems and data. These identities often exist without being governed with the same level of rigour as human users.
This needs joint ownership across IAM, security architecture, cloud and application owners, plus risk and compliance. At the working level, the people who build and run the systems need to map the identities, confirm what they are for, and remove unnecessary access. At the management level, control owners need to approve exceptions and make sure reviews happen consistently.
At the executive level, you need CISO or CIO sponsorship, because non-human identity governance cuts across multiple teams and only senior leadership can force standardisation and accountability at scale. It is a cross-functional business transformation. We are seeing identity discussions at major enterprise clients elevate beyond the CISO and CIO to include VPs of Transformation company-wide. Because every single AI gateway decision must go through an identity layer, establishing governance for AI agents requires senior executive alignment across the entire business.
Control must also extend beyond the point of access. As AI agents operate continuously, identity decisions cannot be confined to a single login event. Runtime evaluation of behaviour allows organisations to enforce policies dynamically, detect anomalies, and intervene when activity deviates from expected patterns.
Traceability is essential, particularly in Singapore’s regulatory environment. Every action taken by an AI agent should be observable and attributable. Organisations need the ability to explain how a decision was made, what data was used, and whether it aligned with defined policies. Without that, both compliance and accountability are compromised.
Governance completes the picture. As AI becomes more embedded in operations, organisations need clear accountability models that define responsibility for agent-driven actions, along with processes to manage exceptions and evolving risk.
However, there is a knowledge and skills gap to account for, because governance councils are rarely made up entirely of technical experts. We can’t expect every member to become a specialist, but we can design the council so it has the right mix of expertise, structured education, and escalation paths. That means providing mandatory briefing sessions, scenario-based training, clear policy playbooks, and access to legal, risk, security, and data specialists who can advise before decisions are made. It also means defining who must be in the room for different types of decisions, so the council can challenge assumptions without needing to know every technical detail themselves.
By defining precise boundaries for what an agent can and cannot do on behalf of a user, governance councils do not need to understand every technical detail. The identity control plane automatically evaluates every action at the exact moment of execution, ensuring the agent cannot operate outside of its approved scope.
None of these steps require a wholesale overhaul of identity infrastructure. They reflect a shift in how identity is applied. As AI systems become more autonomous, identity must function as a continuous control layer that ensures actions remain visible, enforceable, and aligned with organisational risk expectations.
