Latest news with #TomScully
Bangkok Post
30-06-2025
- Business
- Bangkok Post
New security risks emerge as GenAI traffic surges 890%
A staggering 890% surge in Generative AI (GenAI) traffic was recorded in 2024, driven by the rapid adoption of GenAI tools in enterprise environments. This raises new security challenges for enterprises in Japan and across the Asia-Pacific region. While AI growth offers significant productivity benefits, the unsanctioned usage, emerging threats and lack of governance have rapidly expanded the attack surface for organisations, particularly across the Asia-Pacific and Japan region, according to The 2025 State of GenAI report produced by AI cybersecurity company Palo Alto Networks. On average, organisations are now managing 66 GenAI applications, with 10% classified as high-risk. As Thailand is projected to invest at least 500 billion baht on digital infrastructure to position itself as a regional AI hub, this underscores the urgent need for robust oversight frameworks to ensure GenAI technologies are deployed safely, securely and ethically. "AI adoption offers transformative opportunities across both commercial and government sectors in the region. But as this report highlights, we are also seeing an expanding attack surface, particularly with the use of high-risk GenAI applications in critical infrastructure sectors," said Tom Scully, director and principal architect for Government and Critical Industries, Asia Pacific & Japan, at Palo Alto Networks. Organisations must balance innovation with strong governance, adopting security architectures that account for AI's unique risks. Proactive oversight and adaptive security controls are essential to ensuring that the benefits of AI are fully realised without compromising national security, public trust or operational integrity, he added. The 2025 State of GenAI report is based on traffic analysis from 7,051 global enterprise customers. According to the report, GenAI traffic increased more than 890% in 2024. Following the release of DeepSeek-R1 in January 2025, DeepSeek-related traffic alone spiked by 1,800% within two months. Another key finding is rising data loss incidents. GenAI-related data loss prevention incidents more than doubled, now accounting for 14% of all data security incidents. Shadow AI has emerged as a major risk. Unauthorised, unsanctioned GenAI use, dubbed "Shadow AI", has created blind spots for IT and security teams, making it difficult to control sensitive data flows. The top three apps used in Thailand are Grammarly (36.56%), Microsoft PowerApps (30.99%) and OpenAI ChatGPT (23.41%). Piya Jitnimit, country manager for Thailand at Palo Alto Networks, said Thailand's public and private sectors are increasingly integrating AI to enhance operational efficiency and service innovation. "As adoption accelerates, it is imperative that we proactively address the emerging risks associated with these technologies," he said. Establishing a robust governance framework, ensuring ethical and secure implementation and cultivating a digitally-skilled workforce are critical to advancing Thailand's vision of becoming a regional leader in AI, he added. The report also recommended businesses seek to safely harness the potential of GenAI. They should establish visibility and control to gain comprehensive oversight of GenAI app usage, implementing conditional access policies and managing permission at the user and group levels. It also suggests they safeguard sensitive data by deploying real-time content inspection with centralised policy enforcement to prevent unauthorised data exfiltration.
Entrepreneur
26-06-2025
- Business
- Entrepreneur
Shadow AI: Why Indian Firms Must 'Fight AI with AI'
You're reading Entrepreneur India, an international franchise of Entrepreneur Media. As generative AI (GenAI) adoption accelerates across India and the Asia-Pacific region, organisations are increasingly caught between the promise of innovation and the peril of growing security threats. A recent report by Palo Alto Networks "State of Generative AI 2025", highlights that on average 10 per cent of an enterprise's 66 GenAI applications are classified as high-risk. In India, the top three most-used GenAI applications by volume were Grammarly (32.56 per cent), Microsoft Power Apps (19.98 per cent)), and Microsoft Copilot (16.37 per cent). While these tools are enabling a new wave of productivity, the report warns that unsanctioned use and poor oversight have significantly widened the cybersecurity attack surface. "Organisations must balance innovation with strong governance, adopting security architectures that account for AI's unique risks from shadow AI and data leakage to the more complex threats posed by agentic AI models," said Tom Scully, Director and Principal Architect for Government and Critical Industries, Asia Pacific & Japan, at Palo Alto Networks. One of the most alarming concerns is the rise of "Shadow AI" — the unauthorised or unsanctioned use of GenAI tools by employees. These tools, often outside the purview of IT and security teams, create blind spots in data visibility and increase the likelihood of breaches. Amit Jaju, Senior Managing Director at Ankura Consulting, noted that the global cybersecurity community ranks shadow AI among the top five emerging risks, assigning it a severity rating of 7.8 out of 10. "With 36 per cent of employees using unapproved AI tools and nearly half of organisations unable to fully secure them, industries face critical threats such as data leaks like Samsung's source code incident or unauthorised processing of personal data," he warned. He further emphasised that sectors like financial services and healthcare are especially vulnerable due to stringent regulatory mandates such as India's Digital Personal Data Protection (DPDP) Act and the EU's AI Act. Fight AI with AI India's ambition to lead the global AI race is clearly reflected in its 2025 Union Budget, which earmarks INR 500 crore to set up a Centre of Excellence in AI for education. But even as policy and investment pave the way forward, the digital threat landscape is also shifting rapidly. Cyber attackers are increasingly turning to AI to launch faster, more targeted, and more complex cyberattacks. In this new reality, the consensus is clear: the only effective way to counter AI-fuelled threats is with AI-powered defences. "It's like hacking, you have ethical and unethical versions. Similarly, AI can be used for both good and bad. The tech itself is not the problem," said Tushar Dhawan, Partner at Plus91Labs. Swapna Bapat, Vice President & Managing Director, India and SAARC at Palo Alto Networks, added, "India is one of GenAI's biggest adopters. In a country where work happens in multiple languages and at massive scale, it's no surprise that writing, coding, and conversational AI are leading use cases. But the pace of adoption has outstripped governance. Many organisations don't realise how deeply GenAI is already embedded in their workflows. The priority now isn't whether to use these tools, but how to secure them without slowing people down."
