"Instead of focusing primarily on human users, attackers are increasingly targeting AI agents that already sit inside the enterprise with legitimate access to systems, data, and workflows," Jasie Fon, regional vice president, Asia, Ping Identity, told iTNews Asia.
How attackers are weaponising agentic AI inside enterprises
Ping Identity's research, as summarised in an interview with Jasie Fon, warns that malicious actors are shifting their focus from human logins to non‑human identities already embedded in corporate systems. Attackers are exploiting "weak doors" such as account recovery call centres and the AI agents that sit inside the enterprise. Because AI agents can operate autonomously and are non‑deterministic, a compromised agent with legitimate credentials can be hijacked to execute destructive actions in parallel across multiple systems — from deleting a firm's database to exposing sensitive user records. The result is an attack surface amplified by scale and speed: actions that once required protracted human intrusion can now be executed quickly and broadly via an exploited agent.
The accountability gap: why traditional IAM and zero trust fall short
Fon outlines a fundamental mismatch between legacy identity models and autonomous agents. Traditional models rely on session‑based trust — authenticate once at login, issue a static token, and assume no change during the session. Attackers exploit that assumption because "access grants permission, but it does not enforce control." Zero trust frameworks, while strengthening entry‑point controls, remain focused on authentication and authorisation at entry and are "not inherently designed to provide continuous visibility into behaviour or enforce control at the moment each action is taken." That combination — continuous agent behaviour plus static access grants — creates an accountability gap: organisations struggle to determine who approved an agent action, whether it complied with policy, or how a decision was reached.
Concrete operational and compliance risks in APAC
The risks are already visible in operational environments, particularly in sectors subject to audits and regulation. Industry data cited by Fon indicates "machine identities already outnumber human identities by a significant margin in many enterprises," expanding the potential attack surface. A March 2026 IDC study noted only 9 percent of companies are prepared for ongoing AI‑driven identity threats. Meanwhile, the Stanford University 2026 AI Index Report places APAC at 2.5 out of 4 on responsible AI integration — the 'integrating' stage — underscoring that governance frameworks, evaluation methods, and education systems are struggling to keep pace with rapid deployment. In regulated jurisdictions, Fon emphasises that "traceability is essential, particularly in Singapore’s regulatory environment," because organisations must be able to explain how and why an action occurred, what data was involved, and whether controls were applied appropriately.
Runtime identity: extending control from login to continuous enforcement
To address these dynamics, Fon advocates for "runtime identity" — shifting identity from a one‑time authentication event to continuous evaluation of behaviour throughout the lifecycle of an interaction. At runtime, identity controls assess each action in context, enforce policies dynamically, detect anomalies as they occur, and enable real‑time intervention rather than relying solely on post‑event forensics. In this model, "identity moves from a static checkpoint to an active control layer," strengthening traceability by recording actions against defined policies and identities so organisations can better explain decision provenance and compliance posture.
What this means for CISOs, cloud and application owners, and executive leadership
- CISOs and security/IAM teams: gain "a clear and complete view of non‑human identities," map what access those entities have, and remove unnecessary privileges. Joint ownership is required across IAM, security architecture, cloud and application owners, plus risk and compliance to manage identities at scale.
- Cloud and application owners: participate in working‑level identity mapping to confirm purpose and remove unnecessary access; ensure control owners approve exceptions and conduct consistent reviews.
- Executive leadership (CISO, CIO and transformation VPs): provide sponsorship and standardise accountability. Fon says "CISO or CIO sponsorship" is necessary because non‑human identity governance cuts across multiple teams and only senior leadership can force standardisation and accountability at scale.
Fon stresses these are extensions, not wholesale replacements: organisations "do not need a wholesale overhaul of identity infrastructure" but must shift how identity is applied, adding runtime evaluation, clearer governance, traceability, and structured governance councils with mixed expertise and scenario‑based training.
Ping Identity's warnings, paired with IDC and Stanford findings, present a clear motif: as agentic AI proliferates inside APAC enterprises, identity controls that stop at login are becoming inadequate. The practical remedy offered in the interview is neither purely technical nor purely organisational — it is an operational reframing that places identity at runtime as the control plane for autonomous actors, backed by executive sponsorship and cross‑functional governance.
Read the original iTNews Asia interview: https://www.itnews.asia/news/malicious-ai-agents-can-severely-disrupt-apac-enterprises-625981?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+Asia+Security+feed




