The rise of artificial intelligence (AI) is creating both opportunities and challenges for cybersecurity professionals, according to experts at the Stack 2025 x Cybersecurity conference organised by Singapore’s Government Technology Agency.
Ann Johnson, Microsoft’s corporate vice-president and deputy chief information security officer (CISO), highlighted the persistent threat of well-funded nation-state actors that remain undetected in their victims’ environments for extended periods. “And they continue to come back,” she warned, emphasising the importance of zero trust, multi-factor authentication, and employee education to mitigate these threats.
Daryl Pereira, Asia-Pacific head of office of the CISO at Google Cloud, noted AI’s dual nature as both an enabler and a threat, particularly when misused. To counter AI-driven attacks, he advocated for cyber defenders to leverage AI in processing logs at scale and identifying vulnerabilities. Pereira also stressed the need for investment in “best-of-class” processes, backups, and AI-driven security products.
Jerome Walter, HashiCorp’s field chief technology officer for Asia-Pacific and Japan, pointed out that the AI hype is affecting organisational priorities. “Everyone is talking about AI… but who will address the existing challenges?” he asked, emphasising the need for security teams to balance AI-driven innovation with securing existing systems.
Chua Ai Qi, director for cybersecurity at the Centre for Strategic Infocomm Technologies, underscored the importance of prioritising core assets and maintaining strong network visibility. “How much do we understand what’s in our network?” she questioned, urging organisations to improve their understanding of normal behaviour to detect anomalies effectively.
Luukas Ilves, a non-resident fellow at the International Centre for Defence and Security, noted that fear can be a powerful motivator for security investment but warned CISOs against overusing it. “From my own experience, fear works very well in difficult budget conversations, but if you overuse it, you could lose credibility,” he cautioned. Ilves also highlighted government’s role in defining public interests and coordinating collective action against cyber threats.
The panel discussed striking a balance between cybersecurity regulation and innovation. Chua advocated for government-industry collaboration, citing Singapore’s regulatory sandboxes as a positive example. Ilves called for a “light-touch approach” to regulation, acknowledging the need for regulatory responses to adapt to the rapidly changing technology landscape.
Regarding public-private partnerships, Ilves emphasised government’s role in setting national priorities and fostering collaboration. The experts also stressed the need for proactive intelligence sharing and industry collaboration, with Johnson urging organisations to develop predictive capabilities rather than merely reacting to threats. “When you put smart minds together and add technology like AI, you can get really predictive,” she said.
Looking ahead, the panellists shared their predictions. Johnson anticipated accelerated development in quantum computing and its impact on encryption. Chua foresaw greater emphasis on incident response and threat mitigation, while Ilves predicted more sophisticated AI-powered attacks that will blur the lines between human-mediated and automated threats.
