Keeping pace with AI threats


IMAGINE this. You are a business owner and one day you wake up to find yourself completely locked out of your own company’s website, applications (apps) and all accounts linked to your organisation.

Worse still, even your personal financial accounts, such as your bank and retirement fund accounts, have been compromised, leaving you with little or no access. Short of going berserk, what do you do?

This scenario may not remain just a figment of one’s imagination in the near future, given that the era of of artificial intelligence (AI)-enabled attacks, as warned by some experts, has not only arrived but is becoming increasingly entrenched in society.

American AI company Anthropic said in June that it was ordered to suspend foreign nationals from using its Claude Fable 5, a version of Anthropic’s Claude Mythos AI programme which was set up to challenge its competitors OpenAI’s ChatGPT and Google’s Gemini, amid concerns over the potential misuse of advanced AI systems.

Anthropic says its programme was “too powerful”, and reports indicated that the restrictions were linked to concerns that the technology could be exploited by hackers to prey on weaknesses in global computer systems and infrastructure.

The suspension has since been lifted, with additional safeguards and usage tiers introduced.

However, this highlights how cybersecurity is becoming increasingly difficult to discern, manage, regulate and control, while the risks facing organisations and individuals are likely to grow.

This brings us back to the earlier scenario. In Malaysia, what are the implications of more sophisticated AI tools or even another global ban on foreign AI systems? Are we prepared for the worst? And if not, what should we do now?

Subject matter experts reckon that, above and beyond everything else, Malaysia first needs to focus on building its own AI capabilities instead of relying on external global systems that could either support or eventually “harm” the country.

Azreena Rastom, partner, technology consulting at Ernst & Young Consulting, says the key risk for Malaysia is not losing access to a specific AI model, but falling behind in a world where frontier AI increasingly drives economic growth, innovation and national resilience.

“If access to advanced AI capabilities becomes more restricted, Malaysia could face challenges in terms of economic growth and competitiveness where organisations with access to frontier AI will be able to innovate faster, increase productivity and enhance their products and services more efficiently,” she tells StarBiz 7.

Limited access could also constrain technological development and create capability gaps in cybersecurity and critical national infrastructure protection, she adds.

Azreena believes it is critical for Malaysia to invest in talent, AI capabilities, digital infrastructure, cybersecurity and governance so that “we are not merely consumers of AI, but active participants in shaping and benefitting from the AI economy”.

Likewise, Vishy Narayanan, Asia-Pacific digital and AI leader at PwC, says the biggest risk is becoming dependent on technology that sits beyond Malaysia’s control.

He points out that the emergence of frontier AI models such as Anthropic’s Mythos 5, alongside tighter AI export controls, reinforces a central strategic point: access to the most advanced AI capabilities may become less uniform and more conditional over time.

“Malaysia should, therefore, avoid building its AI strategy around uninterrupted access to any single frontier model or provider,” he says.

He adds that discussions should not be fixated solely on access to the most powerful models.

“Access to trusted and responsible AI is equally, if not more, important than access to the most sophisticated AI models.

“Ultimately, economic value will come from deploying AI responsibly, securely and at scale across businesses and society,” Vishy says.

Drawing from Anthropic’s latest incident, Muhammad Dawud Wilmot, head of AI and executive director of technology risk consulting at KPMG in Malaysia, points out that there is a distinction between a plan on paper and one that has been tested in practice.

“Malaysia has made a substantial financial commitment.

“Budget 2026 allocated RM2bil for a sovereign AI cloud to be developed by the Malaysian Communications and Multimedia Commission, alongside RM5.9bil for research, development, commercialisation and innovation across ministries,” he notes.

“The observation worth making concerns readiness at the operational level. Operators of Malaysia’s critical infrastructure, the sectors designated under the Cybersecurity Act 2024, are increasingly building AI capabilities into their workflows.

“Where those capabilities sit with a single foreign provider, the absence of a tested fallback is a resilience gap rather than a procurement matter. That gap tends to become visible only once access has already changed,” he says.

He notes that Malaysia is, in fact, not starting from an unprepared position.

The Malaysia Cyber Security Strategy 2025-2030, launched last year, succeeds the 2020-2024 strategy and takes into account emerging technologies, including AI.

The National Cyber Security Agency (Nacsa) has also developed a framework aimed at securing AI systems across their full lifecycle, rather than treating AI risks as a late addition, he says.

“Regional cooperation is where the most useful groundwork has already been laid. The Asean Regional CERT, hosted in Singapore, has drawn coordination from member states including Malaysia, whose Nacsa chief executive served as overall coordinator of its task force. Its information-sharing mechanism has been operational across all member states since May 2025.”

Agmo Holdings Bhd chief executive officer (CEO) Tan Aik Keong likens AI to infrastructure, like electricity or the Internet.

“And no country runs its power grid or telecommunications backbone entirely on someone else’s terms. We wouldn’t accept a foreign supplier having a kill switch on our electricity supply; we shouldn’t be comfortable with that dependency for AI either,” he says.

Huge talent gap

Tan, whose company integrates AI into the digital solutions it provides to enterprises, reckons sovereignty does not mean isolation.

“We should absolutely keep using the best frontier models – Claude included, and I say that as one of the biggest advocates for Claude in this country. But ‘use the best tools available’ and ‘having zero fallback if they’re pulled’ are two very different risk postures.”

Tan says he agrees with Nvidia president and CEO Jensen Huang’s framing of AI as a five-layer cake – comprising energy, chips/graphics processing unit infrastructure, models and applications – because it provides a clear way to assess where Malaysia is genuinely strong and where the real gaps lie.

“But for Malaysia, if I had to pick the single most urgent priority, it’s talent,” Tan says.

Citing World Bank data, he says Malaysia currently has only around 3,000 AI professionals, against a projected demand of roughly 30,000 by 2030 – a 10-fold gap.

“Every other layer of the cake – energy, compute, infrastructure, models, applications – is bottlenecked by whether we have enough skilled people to build and operate them.

“This is exactly why I’ve put so much personal energy into things like the Claude Certified Architect programme under our Agmo Academy. Our goal of 1,000 Claude Certified Architects in Malaysia by end-2026 is a direct, practical attempt to close a small slice of that gap,” he adds.

Cybersecurity company Securemetric Bhd CEO Edward Law also believes that if Malaysia’s AI systems, models and critical workloads depend entirely on foreign providers, the country could become dependent on decisions made outside its control.

“I don’t think that is a good long-term position for any country, but I also don’t think Malaysia needs to compete directly with the United States or China when it comes to AI. That would be unrealistic.

“Instead, we should focus on building enough capability so we are not left behind.”

Like Agmo’s Tan, Law also highlights the need for more AI engineers, researchers, data scientists, cybersecurity professionals and business leaders who understand how AI can be applied in the real world.

“Malaysia doesn’t need to build the world’s most powerful AI model. But we do need enough capability to protect our national interests, support our economy and avoid becoming completely dependent on technologies that we may not always have access to.”

He reckons that if the country starts investing today, it still has an opportunity to position itself as one of Asean’s AI leaders rather than simply becoming a consumer of AI developed elsewhere.

“From a technology perspective, we cannot continue relying entirely on foreign AI platforms. If access changes because of politics, export controls or commercial decisions, we have very little control over our own future,” Law says.

From a cybersecurity perspective, defenders need access to AI capabilities comparable to those available to attackers.

“If cybercriminals or hostile actors have access to more advanced AI than our own security teams, Malaysia will always be reacting instead of staying ahead. It will put our entire nation at risk,” Law adds.

Underspending on cybersecurity?

Clearly, a proper understanding of AI requires peeling back the layers of many different issues and considerations.

However, one of the more pertinent questions goes back to the early scenario described at the start of this article: are our finances safe in local instructions? The same question applies to situations involving data privacy and other critical areas.

There is no simple answer to this, but if one were to consider the number of data breaches in Malaysia over the past few years, the answer could well be no. And that is a scary thought.

This brings us to another important question: are Malaysian organisations and companies underinvesting in cybersecurity systems, given that AI-enabled attacks are increasing risks by the day?

Ernst & Young’s Azreena says she would avoid characterising the issue as underinvestment.

“The real challenge is whether cyber investments are keeping pace with a rapidly evolving threat landscape, particularly as AI lowers the barriers for increasingly sophisticated attacks. Financial institutions and other national critical information infrastructure (NCII) organisations will naturally remain high-value targets.

“As we know, these NCII entities are required to adhere to strict codes of practice, undergo independent audits and establish rigorous risk management and incident response frameworks.

“The focus today should be on cyber resilience – not just preventing attacks, but also detecting, responding to and recovering from them effectively,” she says.

KPMG’s Muhammad Dawud reckons the answer varies by segment.

He points out that in November 2025, Anthropic disclosed a campaign attributed to a state-sponsored group in which an AI agent performed between 80% and 90% of the work across roughly 30 targets.

“The attackers did not rely on novel malware. They used freely available testing tools and succeeded by exploiting familiar weaknesses such as unpatched systems and weak password controls. AI did not defeat good security. It found existing gaps much faster,” he says.

He believes that for regulated sectors, spending is generally not the primary constraint.

“Cybersecurity budgets have increased in response to growing regulatory expectations, but much of that investment appears to be compliance-driven.

“Spending to satisfy a rule produces documented controls and successful audits, yet it does not necessarily ensure those controls are working continuously against attackers operating at machine speed,” he says.

In other words, an audit shows what was working at the specific time it was carried out, not whether those controls will remain effective against evolving threats.

The picture is different for small and medium enterprises, he says, where underinvestment remains a more significant issue.

“The government’s proposed additional tax incentive for AI and cybersecurity training for micro, small and medium enterprises reflects that gap. This matters because larger organisations are only as resilient as their supply chains, and attackers will typically exploit the weakest link,” adds Muhammad Dawud.

On a broader scale, he notes that organisations holding large volumes of personal or financial data, or those operating critical services, will continue to face increasing cyber threats as AI lowers the cost of attacks and increases their speed.

“The priority is not simply spending more, but investing in continuously tested and monitored controls instead of periodic assessments.

“Malaysia’s own figures point to a growing challenge rather than a crisis: the National Cyber Coordination and Command Centre recorded 4,626 cybersecurity incidents in 2024, a 43% increase from the previous year.”

Securemetric’s Law says Malaysians should not panic or fear that their bank savings or Employees Provident Fund (EPF) money will “disappear” because of AI.

“But with AI, the risk certainly increases. The most immediate danger is AI-enabled fraud where scammers can now create very convincing phishing messages, fake bank websites or apps, fake EPF notices, and deepfake voices or videos.

“They can impersonate officials, family members and CEOs. This makes financial scams much harder for ordinary people to detect.”

Law says that if cybercriminals use advanced AI to launch attacks against financial institutions while those institutions lack comparable AI-enabled defence tools, the risks to the banking sector will increase significantly.

Bank Negara Malaysia (BNM) tells StarBiz 7 that it recognises that advancements in AI are reshaping the cyber threat landscape globally.

“To ensure effective management of such risks, BNM continues to work closely with the financial industry through active supervisory engagement, threat intelligence sharing, and sector-wide resilience initiatives.”

It says it expects financial institutions to uphold high standards in managing risks emanating from such threats.

This includes maintaining strong cybersecurity and cyber hygiene practices, having robust governance and access controls in place, and continuously strengthening their response capability towards such evolving threats.

“Therefore, financial institutions are expected to make ongoing investments to strengthen their cybersecurity capabilities and infrastructure.

“As AI-enabled cyber threats can emanate from within or outside the financial sector, BNM works closely with Nacsa, relevant government agencies and other financial regulators to strengthen collective cyber resilience,” the central bank adds.

This is conducted through ongoing information sharing and coordinated preparedness efforts, it says.

With this holistic approach, financial institutions are well-positioned to leverage opportunities arising from the adoption of emerging technologies, including AI, while safeguarding the security and stability of Malaysia’s financial system, it adds.

In the end, it boils down to this. The concern should not be fixated on whether AI threatens the safety of our money and data, but whether we have adequate and up-to-date defence capabilities to keep pace with AI-enabled attacks.

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Business News

Vend, brew, repeat
Who watches the regulator?
Economists hold 2026 inflation forecasts at 1.8-2%
Sorento Capital gets SC nod for Main Market listing
CPE Tech unit acquires advanced machinery valued at RM34.52mil
Lotus Circular to exit retail business via RM38mil disposal
Gentari advances KLIA2 decarbonisastion with 3.1MWp solar PV system
Ringgit closes lower as West Asia developments weigh on sentiment
Bursa Malaysia higher at close on foreign fund inflows, second quarter GDP
Stratus Global posts RM9.55mil net profit in 1Q

Others Also Read