Organisations across Asia Pacific are deploying AI agents faster than they can govern or recover them, according to new research from Rubrik Zero Labs — with the gap most acute in Singapore, where more than half of respondents expect agentic attacks to be harder to recover from than conventional cyberattacks.

The report, The State of the Agent: Understanding Adoption, Risk, and Mitigation, is based on a survey of 500 IT and security leaders across Asia Pacific.

The Governance Gap

Only 30% of APAC IT and security leaders report full visibility into the AI agents operating in their environments — a figure Rubrik notes is likely an overestimate. Meanwhile, 82% of respondents expect AI agents to outpace their organisation’s security guardrails within the next 12 months.

The report points to identity sprawl as a compounding factor. Non-human identities tied to agents are proliferating faster than enterprises can track or govern them, forming what researchers describe as a “shadow workforce” — systems operating with persistent access and limited oversight, creating new pathways for compromise and lateral movement.

Singapore-Specific Findings

Singapore respondents reported heightened concern around recovery. Some 51% expect recovery from an agentic cyberattack to be slower than from other attack types, compared to 39% across APAC broadly — signalling that local organisations are grappling with a distinct operational risk as agentic systems become more embedded in daily workflows.

Efficiency Gains Under Strain

The promise of AI agents is also showing cracks on the operational side:

• More than 83% of APAC respondents say agents require more manual oversight than the efficiency they save.
• 99% say they cannot roll back agent actions without causing system disruption.
• Nearly 9 in 10 are concerned about meeting recovery objectives as agent-driven threats increase.

What Rubrik Is Saying

“Across Asia Pacific, organisations are moving quickly to operationalise AI, but many are finding that adoption is outpacing their ability to fully observe, govern, and restore these environments,” said Ananth Nag, General Manager and Vice President, Asia Pacific, Rubrik. “As decision-making shifts from human to machine, the priority is no longer just securing AI deployments, but maintaining operational safety, minimising disruption, and recovering quickly when incidents occur.”

Rubrik (NYSE: RBRK) frames the findings as an urgent call for boards and executive teams to treat AI strategy and resilience strategy as inseparable. The full report is available via Rubrik Zero Labs.