Recent research from Ping Identity highlights a troubling trend in cybersecurity: as enterprises in the Asia-Pacific (APAC) region adopt autonomous AI systems, they become more vulnerable to attacks from rogue AI agents. Alarmingly, only 9 percent of companies are adequately prepared for the identity threats posed by these advanced technologies, according to a March 2026 study by IDC.
The rise of AI autonomy has complicated traditional security frameworks, creating a significant accountability gap. Jasie Fon, regional vice president at Ping Identity, notes that as firms deploy autonomous AI, they struggle to determine who is responsible for the actions taken by these systems. This issue is especially critical in regulated industries, where compliance and audit trails are mandatory.
Attackers are increasingly targeting AI agents with legitimate access to enterprise systems, rather than focusing solely on human users. Fon explains that malicious actors exploit vulnerabilities in these autonomous agents, which operate independently and can be easily manipulated. For example, by hijacking an existing AI agent, attackers can leverage its legitimate access to execute harmful actions across multiple systems simultaneously, significantly increasing the speed and scale of potential damage.
Traditional identity models, which rely on session-based trust, do not effectively mitigate these threats. Once an agent is authenticated and granted access, it is assumed that its status will remain unchanged. However, this static approach allows attackers to exploit the access without real-time oversight. Fon illustrates this with an example: if an AI agent with broad administrative rights is compromised, a malicious actor could use it to delete databases or expose sensitive user information without triggering immediate alarms.
The implications are significant, particularly in sectors that require stringent security measures. As enterprises continue to adopt more autonomous AI systems, they must rethink their security protocols and governance frameworks. The challenge lies in evolving from outdated identity and access management strategies to more dynamic approaches that address the unique risks posed by AI agents.
In light of these findings, organizations must take proactive steps to protect against agentic AI threats. This includes enhancing real-time monitoring and establishing clear accountability for AI actions. As the landscape of cyber threats continues to evolve, APAC enterprises will need to fundamentally shift how they manage identity and access in relation to autonomous AI technologies.
The stories that move AI & crypto markets — before the market reacts.
Free. 7am ET. Five stories. 62,400 readers.
