As we approach 2026, the promise of artificial intelligence across Southeast Asia and Hong Kong is palpable, driven in part by aspirations for unparalleled efficiency and innovation. Yet, for AI to truly deliver on this promise for business leaders, a critical threshold of trust and security must be crossed. The emergence of agentic AI—autonomous systems that can act, access data, and execute tasks—represents both the pinnacle of this potential and its greatest peril. With the region's rapid digital acceleration and complex regulatory tapestry, securing these agents from large-scale data breaches and operational disruption is no longer a future consideration; it is the definitive security mandate for 2026. The journey from hype to secured value depends on the governance, design, and vigilance we enact today.FutureCISO spoke to Ray Canzanese, director of Netskope Threat Labs, about the approaches the things that need to happen for AI to deliver on its promises in 2026.Questions:   1.       What is the most interesting observation you’ve seen in 2025?2.       As ASEAN releases its AI Guide and regional regulations evolve, what should be the priority for a CISO building a governance framework for agentic AI in 2026?3.       Why does agentic AI fundamentally change the cyber risk profile for an organisation, and how does this exacerbate threats in our interconnected Southeast Asian business landscape?4.       You’ve suggested the first major agentic AI-driven data breach could occur in 2026. What might a typical attack chain look like, targeting a poorly secured agent in a multinational based in Singapore or Hong Kong?5.       The principle of least privilege is challenging with dynamic AI agents. What are the practical steps for security leaders to implement effective permission models without stifling innovation?6.       How can frameworks like the Model Context Protocol (MCP) be leveraged to enforce a 'security-by-design' approach for AI agents, and is the industry in our region adopting them quickly enough?7.       With organisations here often using a mix of global and local AI providers, how should we approach the unique third-party and supply chain risks introduced by agentic AI ecosystems?8.       Beyond technical controls, what changes in day-to-day security operations (SecOps) are needed to monitor and respond to anomalous agent behaviour in real-time?9.       How can CISOs effectively communicate the tangible business risks—and secured value—of agentic AI to boards, CFOs, and COOs who are eager for competitive advantage?10.   Looking ahead to 2026, what one metric will indicate that an organisation in our region has successfully secured its agentic AI initiatives and is ready to scale?

Ver todos los episodios