Artificial intelligence and cybersecurity - The promise and the peril

Artificial intelligence (AI) promises to be a transformative force that reshapes Southeast Asia's economic landscape. From streamlining manufacturing operations to revolutionising customer service and supercharging medical research, AI is driving efficiencies, boosting competitiveness and accelerating innovation. No wonder the region's AI market is projected to grow annually by 27.71% to reach $30.3 billion in value by 2030.

However, while AI offers immense economic promise, it also introduces unprecedented cybersecurity challenges, such as dangerous new vulnerabilities and increasingly sophisticated, AI-assisted cyber-attacks.

Encouraged by Singapore's Smart Nation initiative, accelerating adoption of AI across various sectors makes addressing these challenges crucial to securing digital ecosystems and establishing a resilient foundation for innovation across the region. 

As the AI revolution gathers pace, how can organizations in Southeast Asia mitigate the peril of AI as well as exploiting its rich promise?

Double-Edged Sword

According to EY, generative AI (GenAI) and other AI systems act as a double-edged sword: enabling businesses to counter cyber threats more effectively, while simultaneously introducing attack vectors that dramatically amplify the impact and escalate the scope of cyber-attacks.

AI increases the efficiency of all kinds of cyber-attacks. Consider for instance how AI-generated phishing emails had "better flow and reasoning" than human-authored text, while their tonal flexibility equipped threat actors to readily exploit a variety of psychological vulnerabilities in victims, according to a Cyber Security Agency of Singapore (CSA) report.  

A white paper by Indonesian digital identity platform VIDA, meanwhile, revealed that 100% of surveyed businesses expressed concerns about AI-powered fraud enabled by deepfakes, account takeovers and document forgery. More alarming still, 46% of these businesses admitted to having only a limited understanding of these threats.

A Continuous, Scalable, Agile Solution

Southeast Asia's rapid adoption of AI has made its digital infrastructure a prime target for cyberattacks. Governments and businesses must therefore ensure that their rollout of AI tools does not outpace their ability to secure critical systems. 

One proven mechanism for mitigating AI-related cybersecurity risks is bug bounty, which incentivises ethical hackers to identify vulnerabilities so they can be fixed before they are maliciously exploited. As AI-driven systems become more complex, integrating models, data pipelines, and APIs, traditional time-bound testing often misses new, adaptive vulnerabilities such as data poisoning or model manipulation. 

This is where crowdsourced security testing becomes vital. By tapping a diverse, global pool of ethical hackers, organisations gain continuous, scalable, and real-world testing that evolves alongside AI technologies.

It's standard practice in Silicon Valley: Apple, Google, Meta, Microsoft, Amazon, OpenAI and Anthropic all have bug bounty programs. Fundamentally, the inherent benefits of this security testing approach are particularly potent in securing an unpredictable and fast-evolving technology. In particular, bug bounty programs offer continuous testing, scalability and a way to harden digital assets without disrupting rapid release cycles. Moreover, the crowdsourcing of skills from among tens of thousands of diversely skilled hackers is invaluable amid an acute shortage of cyber skills around emerging technologies. 

Singapore's Government Bug Bounty Programmemes (GBBP), in collaboration with the Government Technology Agency of Singapore (GovTech) and YesWeHack, demonstrates this approach in action. Over the past year, four runs engaged around 250 vetted cybersecurity researchers per round, testing the systems of more than 20 government agencies and awarding over US$250,000 in bounty rewards for valid vulnerabilities. The diversity of these researchers' skillsets and perspectives allows them to uncover risks automated tools often overlook - an essential strength in an era when AI introduces both opportunity and unpredictability.

GovTech which has created several AI-enabled services, continues to expand its collaboration with YesWeHack through structured vulnerability disclosure and crowdsourced testing programmes. These include time-bound Bug Bounty runs and a year-round Vulnerability Disclosure Policy (VDP) that encourages the responsible reporting of suspected vulnerabilities across any internet-facing government systems.

This model shows how structured collaboration with the global cybersecurity community strengthens digital resilience. By embedding crowdsourced testing into its national cybersecurity framework, Singapore has made ethical hacking a core pillar of defence by setting a benchmark for how governments and enterprises can evolve security alongside innovation.

Embracing a Secure, Sustainable Digital Future

Southeast Asia's digital transformation is accelerating, with AI at its core. To safeguard AI-driven innovation, Southeast Asia must adopt a multi-pronged approach to cybersecurity and foster public-private collaboration, where governments partner with organizations like YesWeHack to implement scalable, adaptive and cost-effective security solutions. 

Equally important is providing organizations - particularly SMEs - with training and resources to help them understand and mitigate AI-related risks. Bug bounty programs can help here too, whereby vulnerability reports and remediation solutions teach security and software development teams how to prevent and mitigate vulnerabilities. 

For industry leaders, CIOs and cybersecurity professionals, adopting adaptive, continuous testing models is now imperative. Balancing AI innovation with strong security measures will not only enhance resilience against emerging threats, but also build trust with customers and other stakeholders - paving the way for a secure, sustainable digital future in Southeast Asia.