Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Most organisations know they need disaster recovery. Far fewer know what a well-designed DR architecture actually looks like. The gap between “we have backups” and “we can recover our business in under an hour” is architectural. It’s the difference between storing copies of your data somewhere offsite and building a recovery environment that’s been pre-configured, tested, and ready to take over when your production systems fail.

Imagine a customer service representative at your organization uploads sensitive customer data into an AI tool to draft emails more quickly. When an employee uses an AI tool without IT approval, it is known as shadow AI, and such scenarios are becoming increasingly common. Among employees who use AI at work, 78% report using tools that have not been formally approved by their organization, according to Microsoft’s 2024 Work Trend Index.

In conversations with CISOs about their agentic environments, the question I ask first is not whether they have agents deployed. Most do. It is not whether those agents are creating value. Most are. The question I ask is whether they have mapped their Agentic Security Graph. Almost none of them have. And that gap, between the agentic infrastructure that exists inside their organizations and the visibility they have into it, is where the most serious AI security risk in the enterprise lives right now.

In July 2025, an AI agent reviewed a support ticket, queried a production database, and leaked integration tokens directly to the attacker watching the thread. Months earlier, another AI followed "hidden instructions" in a public repository, exfiltrating private code into a visible pull request. In both cases, the AI wasn't broken; it simply obeyed the attacker instead of the developer.

The Philippines, like many other nations, is witnessing a dramatic increase in cyber threats, fueled by the rapid adoption of digital technologies and the proliferation of sophisticated cybercriminals. This article examines the evolution of cyber threats in the Philippines, with a focus on phishing, email security and the risks posed by agentic AI.

The Asia-Pacific and Japan (APJ) region, with its dynamic economic growth and technological advancements, presents unique challenges and opportunities in the realm of human risk management and agentic risk management, particularly within the financial services sector. As financial institutions strive to protect themselves from increasing cyber threats, they must align their security practices with the regulations set forth by central banks across the countries.

An EU AI Act compliance checklist is a structured framework that helps organisations systematically identify, classify, and govern all AI systems within scope of Regulation (EU) 2024/1689. It covers AI system inventory, risk classification (unacceptable, high-risk, limited, and minimal), conformity assessment requirements, technical documentation (Annex IV), human oversight obligations, GPAI model obligations, and post-market monitoring.