By Kunal Jha, Regional Director for Asia at Netskope
A boom in AI adoption is expanding the attack surface for malicious actors.
Across Southeast Asia, AI adoption is accelerating rapidly. The region’s digital economy continues to scale, with businesses increasingly embedding AI into everyday workflows, from customer service to software development and financial operations. The Netskope AI Index shows organizational AI penetration in the Philippines at 70.4% in late March 2026, a figure that is growing at 5.2% month-on-month. This momentum is particularly visible in sectors including business process outsourcing (BPO), fintech, and digital government initiatives.
However, this growth introduces new data security challenges. As organizations adopt AI at speed, security teams are grappling with reduced visibility and control over how sensitive data is accessed, processed, and shared.
Just as with cloud adoption a decade ago, the risks are not confined to a single use case.
The use of shadow AI (unmanaged AI tools) is emerging as a familiar risk vector, with employees trading compliance for convenience. According to the Netskope Cloud and Threat Report 2026, nearly half (47%) of generative AI users are using personal AI applications. In a country like the Philippines, home to one of the world’s largest BPO industries handling vast volumes of sensitive international data, this creates a heightened risk of inadvertent data exposure.
With an eye on these data protection concerns, many organizations are building private AI models in an attempt to ensure control. While well intentioned, this introduces additional responsibilities around securing training data and ensuring safe outputs that organizations are struggling to service with their limited resources. Meanwhile, the rise of agentic AI, autonomous systems acting with minimal human oversight, is adding another layer of complexity. Gartner predicts that by 2028, 25% of enterprise breaches will be linked to AI agent abuse.
As AI adoption accelerates, organizations in the Philippines must address four critical security considerations.
- Use zero trust as the AI security foundation
AI fundamentally changes how data is accessed and processed. Extending a zero trust approach ensures every interaction, whether by a user, application, or AI agent, is continuously verified.
- Improve visibility in an AI-driven environment
Only a small proportion of organizations have full visibility into AI usage, yet this is critical in preventing data leakage.
- Close the AI governance gap
In a regulated environment like the Philippines, this is particularly important. The Philippines Data Privacy Act of 2012 and oversight from the National Privacy Commission place clear responsibilities on organizations to safeguard personal data.
- Invest in both skills and security controls
Organizations must invest in training employees on safe AI usage and deploy tools that enforce security policies and protect data in real time.
As AI adoption accelerates across the Philippines, organizations must move beyond experimentation and address the realities of securing data in increasingly complex environments.
The question is no longer just how quickly AI can be deployed, but whether organizations can maintain visibility, control, and trust in the data that powers it.