Agentic AI to transform APJ businesses & security by 2026

Agentic artificial intelligence (AI) is set to reshape the enterprise landscape in the Asia-Pacific and Japan (APJ) region in 2026, according to industry executives. Organisations are expected to embrace increasingly autonomous software agents, raising both productivity and new categories of risk across business domains.

Insider risk

Gareth Cox, Vice President, APJ, Exabeam, highlighted accelerated adoption rates for AI agents. "IDC research shows that 40% of Asia Pacific and Japan (APJ) organisations already use AI agents, with over 50% planning to implement them within the next year. As organisations embrace this shift, they will need to rethink how they manage insider risk. Increasingly, insider risk isn't just emerging from rogue employees or compromised accounts, but also AI agents that operate autonomously with diverse privileges, allowing them to bypass security oversight and amplify data exposure. These synthetic identities are creating entirely new categories of insider threats, whether it is malfunctioning agents that behave unpredictably, misaligned agents that follow flawed prompts into compliance or privacy issues, or subverted agents that can be weaponised by bad actors against the business," said Cox.

He referenced research among APJ cybersecurity professionals, indicating significant concern for rising incidents. "According to Exabeam's research, 75% of APJ cybersecurity professionals report that AI is making insider threats more effective, and 69% expect insider incidents to rise in the next year, signalling that the region is entering a phase where insider threats are accelerating faster than traditional controls can keep up. Yet, most organisations aren't properly equipped to tackle the growing insider risk. Not only do they lack a clear framework for managing AI agents, but many are also using security tools that are unable to capture the behaviour patterns and decision-making of autonomous systems, which creates blind spots where AI agents can act outside their purpose without detection."

He advised that baselining both human and AI agent activity, with real-time monitoring and explainable insights, would be essential to provide "clarity, context, and control needed to secure a new class of insider threats."

Security frameworks

Security architecture is under scrutiny from several perspectives. Michael Hubbard, Chief Customer Officer, Ping Identity, suggested that 2026 would mark a pivotal moment for identity management. "As enterprises accelerate their AI strategies, 2026 will reveal a divide in how organisations approach the rise of non-human and agentic identities. On one side are teams managing today's human identity infrastructure, planning carefully for a future where Non-Human Identities (NHIs) and agents become an extension of that framework. On the other are teams deploying agents at speed, often without linking them to the enterprise's trusted identity fabric."

"The most forward-looking organisations will embrace these two camps, enabling a new identity type (NHI) in the security team. This collaboration will allow enterprises to scale securely while empowering AI agents to act, decide, and transact on behalf of humans within clearly defined trust boundaries," said Hubbard.

David Haber, Vice President AI Agent Security, Check Point Software Technologies, commented on the emergence of new governance needs. "The year 2026 marks the mainstreaming of agentic AI, autonomous systems able to reason, plan, and act with minimal human input. We are moving from assistants that draft content to agents that execute strategy. These systems will allocate budgets, monitor production lines, or reroute logistics, all in real time. Factories will self-diagnose faults and order parts automatically through blockchain-verified networks. Marketing, finance, and security functions will rely on agents that learn continuously from contextual data and act at machine speed."

"Autonomy without accountability is a liability. As agents gain operational authority, new governance gaps emerge: who validates their actions, audits their logic, or intervenes when intent diverges from outcome? Enterprises will need AI governance councils, strong policy guardrails, and immutable audit trails that record every autonomous decision," said Haber.

Morey Haber, Chief Security Advisor, BeyondTrust, cautioned that the rapidity of AI adoption outpaces that of earlier technology waves. He stated that increased attack surfaces and security problems, including excessive privileges and poor security design, could be direct consequences.

Operational impact

Sunitha Rao, GM of Hybrid Cloud Storage at Hitachi Vantara, sees automation extending into data management. "Intelligent, policy-driven automation agents will increasingly take over repetitive operational tasks. These AI-driven agents will manage tiering, compaction, snapshot hygiene, and cost controls-while ensuring auditability, reversibility, and compliance. Guardrails and human oversight will remain in place through 'explainable automation' logs that provide transparency and accountability."

Kurt Semba, Senior Principal Software Systems Engineer, Extreme Networks, stressed the movement towards agents that initiate and track actions, not just observe. Closed-loop processes could see 80% of repetitive IT operational tasks automated, with escalation protocols enabling safe and auditable interventions for exceptions.

Darryl Jones, Vice President of Consumer Segment Strategy at Ping Identity, noted changes for consumers too, as agentic AI alters eCommerce. "The rise of AI agents will continue to disrupt traditional eCommerce. This new channel will make consumers' lives easier by eliminating the friction of working across organisations and multiple channels to complete customer journeys, like brainstorming a trip, booking that trip, traveling, and then returning and remembering that trip."

"The agentic channel will also change the role humans play in the digital economy. As agents are increasingly empowered to make payments on behalf of users, organizations need to be prepared to take advantage and compete for agent customers within this new channel, and understand that the omnichannel experience has now truly evolved," said Jones.

Supply chain and code risk

Jayant Dave, Field CISO, APAC, Check Point Software Technologies, pointed toward new risk patterns enabled by hyper-connectivity. As enterprises integrate with vendors and third parties, agentic AI may enable autonomous risk management. However, compromised components could propagate risks across entire ecosystems before incidents are detected.

Matias Madou, Co-Founder and Chief Technology Officer, Secure Code Warrior, raised concerns over the readiness of agentic AI for secure software development at scale. "Agentic AI, coupled with MCP technology, will provide exciting new software development possibilities, but it won't be safe to deploy in enterprise environments without security-proficient developers. Comprehensive data from the likes of BaxBench has proved, at least to date, that LLMs and agentic agents cannot yet generate enterprise-ready code, with 62% of the solutions offered by even the best-performing model containing an error or security vulnerability."

"2026 is sure to provide further advancement in this area, with fascinating developments in MCP-powered scanning tools, access control tools and other security weapons to add to the arsenal, but it will inevitably be quite a while before true, safe, trusted autonomy can be realized. These will all need careful monitoring by skilled security personnel and developers, the latter of which should be assessed and verified as security-proficient before using such potent tools," said Madou.