The establishment of the National AI Council and Singapore’s targeted National AI Missions signal a government intent on moving beyond experimental pilots, embedding AI into business operations at scale and securing the city-state’s reputation as a regional leader in the technology.
The Thales Data Threat Report 2026 recognises that local organisations in Singapore are following through, with 41% now maintaining a dedicated budget for AI security, a figure that significantly outpaces the 30% global average. That investment reflects genuine intent, but the assumptions behind it deserve scrutiny. The dominant framing treats AI security as a matter of defending against external threats, managed with a dedicated budget line.
Yet, the data from the report points to a different risk profile. AI has already transitioned from a productivity tool to a trusted insider across Asia Pacific (Apac) markets, embedded in workflows, granted broad access to sensitive data, and operating with a degree of autonomy that governance frameworks have not kept pace with. As a result, it is not surprising that 76% of Singaporean organisations now rank AI as their top data security concern.
Taken together, these insights point to a challenge that is less about what AI might do from the outside, and more about how the AI already operates inside its environments and is being governed.
AI systems as privileged users
AI integration has accelerated significantly across Apac enterprises, now embedded in development pipelines, finance functions, and customer operations, with access to sensitive data that would ordinarily require careful governance controls for any human user. In many organisations, those controls have not been extended to AI.
See also: Musk loses case against Altman over OpenAI's overhaul
A notable incident in early 2026 illustrated the practical consequences. Attackers manipulated an enterprise AI coding assistant to automate the theft of 150GB of data from 10 government agencies. By framing their instructions as authorised testing, they led the AI to bypass its own guardrails and surface internal credentials. The attack succeeded because the AI system had been granted significant trust without the governance structures needed to validate how that trust was being exercised.
This leads to questions that organisations should be actively working through, whether AI systems have been provisioned with appropriate access controls, whether those controls are monitored, and whether the same lifecycle governance applied to human accounts extends to AI identities.
Foundational weaknesses amplified
See also: Singapore moves to certify AI testers as companies struggle to judge them
AI deployment also interacts with existing security gaps in ways that are easy to underestimate. Much attention goes to newer threat categories such as deepfakes, which 53% of Singapore organisations have already encountered. These are genuine risks worth addressing. The less visible concern is how AI amplifies the foundational weaknesses that many organisations have not yet resolved.
What’s more, human error accounts for 28% of data breaches globally. When AI is integrated into environments where identity governance or access controls are incomplete, errors that would previously have had limited scope can propagate more quickly and across a wider surface. Where governance foundations are weak, AI scales those weaknesses rather than compensating for them. Organisations that invest in AI-specific security tooling without first addressing those foundations are unlikely to achieve the level of protection they are seeking.
The data visibility problem
Data visibility is one of the clearest indicators of where governance is falling short. The Thales Data Threat Report 2026 finds that only 28% of organisations in Singapore know exactly where all their data resides. Without that baseline, applying meaningful controls to AI systems accessing that data is exceedingly difficult.
AI systems do not inherently distinguish between sensitive and non-sensitive information. Where data classification is incomplete, AI tools operating across cloud and SaaS environments may manage confidential material without appropriate safeguards. Given the speed at which AI can process large document volumes, the window between a credential compromise and significant data exposure is shorter than in a manual environment. Data visibility and classification should be treated as a prerequisite for AI deployment in sensitive environments, not a parallel workstream.
Four priorities for AI-era security
For organisations looking to align their security posture with the realities of AI deployment, four areas are worth prioritising.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
First, apply least-privilege principles to AI systems. AI tools should be granted access only to the data and systems necessary for their specific function. A marketing automation tool does not require access to financial records. Limiting AI access by design reduces the potential impact of any compromise and provides more durable control than monitoring alone.
Second, treat data classification as a foundation for AI deployment. Before expanding AI access to data environments, organisations need to ensure that data is identified and labelled, separating public information from confidential or regulated material, so that appropriate access and handling rules can be applied consistently.
Second, treat data classification as a foundation for AI deployment. Before expanding AI access to data environments, organisations need to ensure that data is identified and labelled, separating public information from confidential or regulated material, so that appropriate access and handling rules can be applied consistently. That should include encrypting sensitive data at rest and in transit, particularly where AI systems are interacting with confidential, regulated, or high-value information. Encryption will not remove governance risk on its own, but it does reduce the likelihood that a compromised account, model, or workflow results in immediately usable data exposure.
Third, maintain human oversight for high-impact decisions. AI systems can process and act on information faster than any manual review cycle. Defining clearly where human approval is required, particularly for financial transactions, data sharing, or decisions with regulatory exposure, means those thresholds are set before an incident rather than after.
Fourth, extend identity governance to non-human identities. AI agents, automated pipelines, and service accounts now represent a significant share of the identities operating within enterprise environments, and in many organisations, they are managed less rigorously than human accounts. Provisioning, access reviews, and deprovisioning processes should apply to AI systems as they do to staff. Credentials used by these systems should be subject to the same standards applied to privileged human accounts.
Aligning spending with the actual risk
Singapore’s ambition in AI is well-supported by both policy and private investment. The security question is whether governance foundations are being built at a pace that supports that ambition responsibly.
Organisations that manage AI risk effectively will tend to be those that apply consistent governance principles to AI systems, treating them as a class of privileged users rather than a category of software tools. Data visibility, identity management, access controls, and human oversight are the foundations that determine how confidently organisations can pursue their AI objectives. Getting those right matters more than the size of the dedicated AI security budget.
Garen Ling is the area vice president for Application Security & Data Security (ASEAN) at Thales
