eCommerceNews Asia - Technology news for digital commerce decision-makers
Asia
Bitdefender report flags AI blind spots in Singapore

Bitdefender report flags AI blind spots in Singapore

Wed, 1st Jul 2026 (Today)
Mark Tarre
MARK TARRE News Chief

Bitdefender has released its 2026 Cybersecurity Assessment Report, based on a survey of more than 1,200 IT and security professionals across six markets, including Singapore.

The findings highlight persistent blind spots around employee use of artificial intelligence tools, continued pressure on some security staff to keep breaches confidential, and growing concern over where corporate data is stored and who can access it.

In Singapore, only 48% of organisations said they had full visibility into the artificial intelligence tools and chatbots employees use for work. Another 50% said they tracked approved enterprise tools but lacked visibility into personal accounts and other forms of so-called Shadow AI introduced by staff.

Across all markets, 51.8% of respondents said they had full visibility into both sanctioned and unsanctioned artificial intelligence use, while 47.4% said they had only partial visibility or none at all. The results also pointed to a divide between leadership and frontline teams: 57.8% of managers said they had full visibility, compared with 45.9% of practitioners.

AI exposure

Internal artificial intelligence systems and large language models were the top area of concern, cited by 45% of respondents. Cloud infrastructure and application environments followed at 44%, while identity and access management systems ranked third at 33.3%.

Even so, respondents did not always view employee behaviour around public artificial intelligence tools as a major risk. Some 20.4% classed the leaking of sensitive data into public large language models as a low or extremely low risk, despite ranking artificial intelligence systems as their main security concern.

Bitdefender's data also showed that artificial intelligence-driven attacks are now widely reported by corporate security teams. Almost six in 10 respondents, or 59.2%, said they had experienced artificial intelligence-driven social engineering attacks in the past year.

Several artificial intelligence-related threats were seen as high or extreme risks. Attackers using artificial intelligence to generate self-mutating malware topped the list at 55.9%, followed by employees leaking sensitive data into public large language models at 53.5%, artificial intelligence-driven evasion techniques bypassing traditional endpoint detection and response signatures at 52.5%, and deepfakes or voice cloning used in fraud or business email compromise at 51.9%.

Concern over agentic artificial intelligence widening the attack surface was especially pronounced in Singapore, where 64% of respondents identified it as a serious issue. That put Singapore ahead of the United States on this measure.

Breach pressure

The report also highlighted how incidents are handled after they occur. More than half of global respondents who had experienced a security incident or breach in the previous 12 months, or 55.2%, said they were told to keep it confidential even though they believed it should have been reported to authorities.

In Singapore, 53% said they had faced the same pressure. That was slightly below the 57.6% recorded the previous year, but well above the 42% reported in 2023.

Among individual markets, the United States recorded the highest level at 68.6%. Germany and the United Kingdom were both at 57.2%.

The survey suggested this was not confined to one layer of an organisation. Managers and practitioners reported similar levels of pressure to stay silent, at 56.8% and 53.5% respectively.

Asked about the types of incidents they had faced, respondents most often pointed to cloud infrastructure or application breaches, cited by 41.8%. Business email compromise resulting in financial or data loss came next at 35.9%, followed by ransomware at 25.6%.

Singapore followed the same pattern, but at higher rates in each category. Unauthorised cloud access was cited by 45% of respondents, business email compromise by 37%, and ransomware by 28%.

Operational strain

The data indicated that many organisations believe they know where their exposure lies but struggle to act because of operational constraints. Globally, the main barriers to reducing the attack surface were the overhead of maintaining hardening rules and exceptions, cited by 38% of respondents, fear of business disruption at 35.4%, and resource constraints at 34.6%.

That tension was sharper in Singapore than in any other market surveyed. Some 76.6% of respondents said they would like to disable legitimate tools that attackers exploit but feared doing so would disrupt operations.

Another 43.5% in Singapore said they struggled to balance security restrictions with employee productivity. Legacy systems and limited understanding of which legitimate tools each user actually needs were also cited as obstacles.

Vendor choice

Questions around data sovereignty also emerged as a mainstream issue in buying decisions. Globally, 76.1% of respondents said they would likely switch cybersecurity vendors because of concerns over data sovereignty, jurisdiction, or foreign government access to their data.

Singapore was nearly identical at 76.5%. The United States was highest at 87%, followed by the United Kingdom at 85% and Germany at 77%.

Managers were more likely than practitioners to say they would switch vendors over sovereignty concerns, at 79.4% versus 72.8%. The findings suggest that data location and access are no longer niche compliance questions, but part of mainstream procurement criteria for security products.

Andrei Florescu, President and General Manager of Bitdefender Business Solutions Group, commented on the results.

"The expanding attack surface, the rapid proliferation of AI-powered threats, and persistent operational pressures are forcing organisations to rethink how they approach security from the ground up," said Andrei Florescu, President and General Manager of Bitdefender Business Solutions Group. "The findings in this report make clear that modern security strategies must go beyond reactive defences to continuously reduce risk, govern AI adoption, and ensure compliance across an environment where adversaries are faster, more adaptive, and increasingly automated."