While Agentic AI promises to streamline work processes and increase productivity, it has also created the real spectre of AI-driven data security exposure, where employees can accidentally or maliciously surface data they were never meant to see due to overprivileged access.
A hidden instruction in an email we receive, for example, can trick an AI assistant into silently exfiltrating sensitive company data. There are also the new risks from Shadow AI use - tools we adopt without oversight from IT, which can be unsafe and non-compliant, and which can create openings for attackers.
How should organisations in APAC navigate the risks of Agentic AI in the workplace? What actionable steps can they take to overcome the risks of unauthorised AI being used?
To get a practical how-to-perspective to making the workplace safe, iTNews Asia sits with Jennifer Cheng, Director of Cybersecurity Strategy, APJ, Proofpoint, to find out more.
iTNews Asia: What will the Agentic workspace look like?
Cheng: The Agentic workspace is how we all work with technology today – where people and AI agents work side by side across email, collaboration platforms, SaaS applications, cloud storage and business systems.
Unlike earlier generative AI tools that primarily created content, agentic AI can reason, make decisions, initiate workflows, and act autonomously across multiple systems on behalf of users.
iTNews Asia: How will AI and Agentic AI increase an organisation's exposure?
Cheng: The Agentic workspace creates a new exposure model. Every AI agent assumes an identity, access rights, data permissions, and operational intent, either on its own or inherited from a person. If an agent is misconfigured, over-permissioned, or compromised, it can become a high-speed pathway for data exposure, credential abuse, or lateral movement.
Proofpoint's 2026 AI and Human Risk Report shows that AI assistants and autonomous agents are already moving into mainstream enterprise workflows, with about nine out of 10 of organisations deploying AI assistants beyond pilot. About one in two organisations are also not confident that those controls can successfully detect compromised AI.
iTNews Asia: How are frontier AI models changing this landscape?
Cheng: Frontier AI models intensify the same challenges we face with all AI security – it’s increasingly difficult to mitigate the impact of compromised AI at scale, because they can operate across more complex workflows and connected environments.
For example, an employee may connect an AI scheduling agent to email, calendar, and customer communications. If that agent is compromised, attackers could potentially read sensitive messages, impersonate trusted users, send malicious links, or trigger business processes at machine speed. The risk is not simply that AI introduces a new tool; it introduces a new actor in the enterprise that must be governed, monitored, and constrained.
The security priority is therefore to understand what AI can access, what it is allowed to do, whether its behaviour matches its intended purpose, and how it interacts with people and data.
iTNews Asia What are the potential threats we are seeing in the AI era? What are the threats we must be aware of?
Cheng: We found that 90 percent of successful cyberattacks start with a phishing email. But AI risk has evolved quickly. Between deepfakes, AI-enhanced phishing, newfound unpatched exploits, and hyper-personalised social engineering, AI undoubtedly plays a role in making attacks harder to detect and easier to scale.
Our security controls need to be aware of and protected from these, as AI agents now also consume and act on these interactions.
Not long ago, most organisations were focused on employees using browser-based tools like ChatGPT, where the primary concern was sensitive information being pasted into external AI services. The next phase is now bringing new form factors to consume AI and data, such as desktop-native AI assistants.
AI agents are trained to assume human tasks - to interpret instructions, make decisions, collaborate, and act on behalf of users. As a result, they can also replicate and amplify human risk.
Just as people can be socially engineered, misled, or manipulated into taking risky actions, AI agents can be prompt-injected or instructed into doing things they were never intended to do - only faster, at greater scale and across more connected systems.
- Jennifer Cheng, Director of Cybersecurity Strategy, APJ, Proofpoint,
iTNews Asia: Will shadow AI use make it worse?
Cheng: Shadow and sanctioned AI is moving deeper into enterprise environments through copilots, Model Context Protocol (MCP) connectors, coding assistants, AI co-workers, and autonomous agents that can interact with business systems and take actions on behalf of users.
Our Proofpoint AI Security uncovered at customer sites MCP connectors to Telegram and banking middleware - unapproved connections from approved AI tools. This would be an extremely dangerous setup if computing devices are compromised.
As daunting as some of these challenges sound, CISOs should not treat AI as a completely separate threat category. The risks are familiar - social engineering, insider risk, credential compromise, fraud, and accidental data mishandling - but AI amplifies them through autonomy, speed, and connectivity.
This is why AI security and data security are now inseparable: organisations need to understand not only which AI tools are being used, but also what data they can access, what actions they can take, and whether their behaviour aligns with business intent.
iTNews Asia: Has AI security outgrown traditional security models?
Cheng: Traditional, siloed security models cannot keep up with the operational speed and complexity of the agentic workspace. Organisations need to be able to enforce acceptable use of all collaborative and AI-integrated technologies with unified policies, context, and controls.
Security teams need to understand whether an interaction is legitimate, careless, compromised or malicious - whether it involves a person, an application, or an AI agent. Traditional rule, pattern, or identity-based tools struggle here because they are not built to interpret intent, understand context, or distinguish between normal and risky behaviour across connected workflows.
iTNews Asia: Given that traditional tools no longer work, what approach can we take to govern AI? Where and how can AI governance work best?
Cheng: Cybersecurity always existed so that we can trust our interactions with technology. There are three things that we take should take note of:
• Trust is not inherent with access.
Unlike humans, AI agents do not act with moral or meaningful intentions. Therefore, AI agents should be monitored for potentially harmful activities, such as prompt manipulation and semantic privilege escalation, with intent-based access controls and runtime controls.
Organisations need a unified view of people, data, accounts, and AI agents. They need to understand who or what is accessing sensitive data, whether that access is appropriate, whether the behaviour is expected, and whether the resulting action aligns with business intent.
iTNews Asia: How can a unified AI-powered cybersecurity platform help?
Cheng: A unified AI-powered cybersecurity platform is critical to bringing together the right context to surface risks from new or emerging threats that no one knew to look for. This means bringing together threat protection, data security, identity context, behavioural signals and AI governance into a single risk lens. This is critical because AI-era threats do not stay in one channel.
A compromise may start in email, move into a collaboration platform, touch a SaaS application, and result in data loss from a cloud repository.
If organisations continue to rely on fragmented tools, they risk visibility gaps, slow investigations, duplicated alerts and inconsistent enforcement. Proofpoint’s report shows that in Singapore, for example, 98 percent of organisations see managing multiple security tools as a major challenge, reinforcing the need for a more integrated approach.
Our approach is to secure the agentic workspace with a unified platform that applies threat intelligence, behavioural signals and intent-based analysis to help organisations detect risky interactions, stop AI-scaled attacks, reduce data loss and govern AI agents across modern collaboration and data environments.
For CISOs, the value is clarity. A unified platform helps answer the questions that matter most: who is risky, what data is exposed, which agent or account is acting outside its intended purpose, and where controls need to be applied before an incident becomes a breach.
iTNews Asia: What data security tools do we need to use?
Cheng: Organisations need data security controls that can discover sensitive data, classify it, understand who has access to it, monitor how it moves, and prevent inappropriate sharing or exfiltration. In practice, this means combining capabilities such as Data Loss Prevention, Data Security Posture Management, insider risk management, email and collaboration security, and AI governance in a unified platform.
iTNews Asia: Why is data visibility, governance and control so important?
Cheng: Data visibility is the foundation. Organisations cannot protect data they cannot see, classify or understand. This becomes even more important in the Agentic workspace, where AI assistants and autonomous agents may access files, summarise documents, query internal systems or trigger workflows across multiple applications.
Governance determines what should be allowed. Controls determine what is actually enforced. Without both, organisations risk giving AI agents excessive permissions, allowing sensitive data into unsanctioned tools, or failing to detect when a trusted person or agent is acting beyond their intentio
