Getting your Trinity Audio player ready...
Artificial Intelligence (AI) has surged into the spotlight, ushering in a pivotal shift for cybersecurity. In the Philippines, where digital transformation is accelerating across sectors, organisations are harnessing AI to bolster defences, safeguard critical data and counter sophisticated threats. This aligns with the National Cybersecurity Plan 2023-2028, which champions AI’s role in enhancing data protection and fortifying national resilience against an evolving threat landscape.
Yet, AI’s integration into cybersecurity remains a work in progress. Many organisations are still exploring AI’s potential, with some piloting real-time threat detection while others craft long-term strategies.
Challenges loom large – data governance, ethical concerns and legacy system integration demand careful navigation to unlock AI’s full promise. The stakes are high: over 2,000 cyber incidents were reported in 2024, signalling an urgent need for robust solutions.
Responsible AI adoption is critical. The national plan stresses ethical frameworks, compliance with data privacy laws and equitable access to AI-driven security tools. Organisations must establish policies that balance innovation with accountability, ensuring AI strengthens defences without compromising trust or security.
OpenGov Asia’s OpenGov Breakfast Insight, held on 11 April 2025 at Shangri-La The Fort, Manila, gathered security leaders to explore AI’s role in fortifying the Philippines against next-gen threats. The session delved into strategies for leveraging AI in cybersecurity, tackling adoption barriers and fostering public-private collaboration.
The event showcased practical approaches to enhancing data protection and offered actionable insights for overcoming hurdles, setting the stage for a resilient digital future.
Opening Remarks
Mohit Sagar, CEO and Editor-in-Chief of OpenGov Asia, opened the session with a compelling analogy about the role of data in modern organisations, describing it as “blood” rather than oil.
“Oil has substitutes – hydro, solar, wind – but blood? There’s no substitute,” he explained. “Data is your organisation’s blood and protecting it is crucial. But, remarkably, we often treat it like a personal asset to hold onto, rather than a vital resource to fortify and protect.”
The rapid evolution of AI, especially since the rise of Gen AI in 2022, has fundamentally changed how we interpret and handle data.
“Before that, we relied on data scientists to interpret data. Now, everyone can do it,” Mohit noted, highlighting AI’s power to democratise data analysis.
Framing the current cybersecurity landscape as a modern-day “World War III”, he described a shift from traditional geopolitical conflict to a global “tariff war” – one waged not with weapons, but through economic disruption and cyberattacks.
“The real threat is not just tariffs, but the vulnerabilities we face in a world where anyone can come after you for your data,” he believes.
He warned of the growing sophistication of bad actors and an expanded attack surface. “Everyone has access to the same technological tools and that makes the playing field more dangerous.” Southeast Asia, in particular, has seen a significant rise in cyberattacks. “Pre-COVID, Singapore was 40th on the list of cyberattack targets; today, it’s 4th. The Philippines is not far behind,” he pointed out.
On AI’s defensive capabilities, he made it clear that the technology is no longer a buzzword but a critical asset. “AI is a game changer and it can help us defend against sophisticated threats like AI-driven phishing and deepfakes. But the key is to counter these threats in real-time, just as quickly as they evolve.”
Broader challenges remain, including global skills shortages and privacy issues. The skills gap is a worldwide concern, not limited to the Philippines. As technology progresses, both infrastructure and workforce capabilities are lagging. There’s a pressing need to establish robust protective measures, as frameworks by themselves are insufficient.’
Addressing the importance of collaboration, he underscored the value of trusted partners. “Zscaler, for example, can help keep your glass full with the right expertise, so you can focus on your core operations. It’s not just about protecting yourself locally, but about global collaboration to stay ahead of emerging threats.”
Organisations that strategically adopt AI, invest in continuous workforce training and develop resilient, adaptive systems are best positioned to drive and define the next era of cybersecurity leadership.
“AI is no longer the future – it’s now,” he closes with a call to action. “The cost of waiting? Breaches that erode trust and impact your bottom line. Let’s lead, not lag.”
Welcome Address
Sheikh Manzoor Ghani, Regional Director for Malaysia and Emerging Markets at Zscaler, began his address with a warm welcome and insightful observations, notably highlighting the Philippines’ impressive progress in cybersecurity. He pointed out the country’s rise in the United Nations Global Cybersecurity Index, moving from 61st in 2020 to 53rd in 2024.
“That’s a significant improvement and a testament to the progress the country has made in securing its cyberspace,” he said. “In fact, the Philippines is just a few steps away from reaching tier one in the global cybersecurity index. That’s a fantastic milestone.”
However, Sheikh noted that while enhanced cybersecurity measures are crucial, they often attract more sophisticated and targeted attacks, as cybercriminals continuously evolve their tactics to exploit emerging vulnerabilities.
“The more you improve your cybersecurity, the more vulnerable you become to attacks,” he observed. “As you climb higher on the global index, threat actors are more likely to target you and try to breach your defences.”
Reflecting on Zscaler’s role in digital transformation, Sheikh discussed how the company emerged as a key player during the global lockdowns of 2019-2020. With offices shutting down, Zscaler’s technologies became essential in ensuring the secure operation of users, applications and entire ecosystems.
Building on Mohit’s earlier point, Sheikh furthered the data as “the blood” of an organisation analogy, cautioning, “The minute a threat actor gets into your data veins, things can quickly spiral out of control.”
Sheikh continued, outlining how Zscaler helps organisations not only with cybersecurity but also by securing platforms and operational technologies. “At the end of the day, we’re here to help you protect your blood – your data.”
Sheikh went on to highlight the rapid pace of digital transformation, pointing out how even border control has gone digital. He no longer needs to fill out customs forms when arriving in the Philippines, as the process is all managed through an app. When leaving Malaysia, he simply scans a QR code on his phone to complete the process – everything is now digital and mobile.
While acknowledging the convenience of these advancements, Sheikh also recognised the inherent risks. “It’s wonderful, but it’s also a little scary. My data may be on my phone, but where is it really? If that gets compromised, it’s a serious issue.”
He concluded with a reflection on the broader landscape in the Philippines, noting that as the country advances with initiatives like digital payments and government services, the potential for cyber threats grows. Threat actors are constantly seeking ways to exploit systems and compromise data.
Sheikh wrapped up by expressing gratitude for the opportunity to speak and wishing the attendees a productive day. “I’m thrilled to be here and I’m sure you’re in great hands with Mohit and the OpenGov team. Let’s make the most of today’s discussions and insights,” he said.
In Conversation With
As the Philippines races towards digital transformation, AI is reshaping the cybersecurity landscape, offering both a shield against next-gen threats and a challenge to traditional defences. With AI-driven attacks growing more sophisticated, organisations must harness AI-powered solutions to protect sensitive data and build resilience.
Yet, this shift raises critical questions: How can AI fortify defences without compromising compliance, ethics, or trust?
This panel, moderated by Mohit Sagar, CEO & Editor-in-Chief of OpenGov Asia, explored AI’s dual role as a protector and a puzzle, delivering actionable insights for a secure digital future.
Charmaine Valmonte, Chief Information Security Officer at Aboitiz Equity Ventures and Aboitiz Foods, offered a grounded and pragmatic take on staying ahead of AI-driven cyber threats. She emphasised that resilience starts with ensuring that the tools and services organisations rely on are continuously innovating and adding value.
“If your provider can’t keep pace, be ready to let them go,” she advises.
Charmaine emphasised the importance of understanding one’s environment and data collection processes, highlighting that relying solely on external services can be risky. She pointed out that it’s crucial to know how systems collect and use data internally, as, in the event of power outages or system failures, employees must still be able to take action.
On navigating regulatory landscapes, she highlighted the importance of staying closely aligned with evolving mandates from local regulators like Bangko Sentral ng Pilipinas and the National Privacy Commission. She noted that regulations are maturing beyond ethical guidelines into AI development and operational governance.
“Automation of regulatory requirements – what we used to call RegTech – needs to be baked into your stack,” she believes, adding that monitoring global standards such as GDPR helps build a strong compliance foundation. “What’s happening in Europe or the US will soon cascade to us.”
When asked about barriers to integrating AI into existing security frameworks, Charmaine pointed directly to human culture, noting that we’ve traditionally been trained to protect systems rather than focus on following the data.
She urged a mindset shift towards data-centric security, pointing out that siloed tools often fail to communicate. “More toys don’t mean better protection.”
Her team reduced their tools from 30 to 15 by simplifying and aligning technology with threat models – an approach she recommended for others building roadmaps to AI-powered cybersecurity.
Addressing the ethics of AI in cybersecurity, Charmaine called for greater transparency from security partners – especially in how models are built and the limitations of data sets.
“There’s nothing wrong with being open about a model’s limitations,” she said.
She also urged organisations to scrutinise how providers handle privacy commitments. Most critically, she advocated for collaborative, cross-functional teams in AI model development: “Data privacy shouldn’t happen in a vacuum. Bringing in diverse voices early helps mitigate risks down the line.”
Heng Mok, Chief Information Security Officer in Residence at Zscaler, anchored his insights in the data-driven core of AI-powered security, emphasising that this is fundamentally a data conversation and the need for partnerships with vendors who operate at scale.
He pointed to Zscaler’s processing of over 500 billion transactions daily as a foundation for high-fidelity threat detection. However, he stressed that effective security requires contextualising global signals within an organisation’s unique environment, considering industry specifics, internal controls and adversary behaviours.
To maximise AI’s effectiveness, Heng underlined the importance of data integrity, governance and change control – especially when building automation into the pipeline.
“Preventing model poisoning and ensuring compliant, valuable outputs is essential,” he noted, advocating for a secure-by-design approach to AI systems.
Speaking about the rise of AI-driven attackers, Heng points out that adversaries are increasingly using automation, reconnaissance and ethics-free models to launch advanced threats.
“They only need to find one gap,” he said, stressing that modern AI security solutions must mirror and protect each step of the attack chain.
This includes continual environment scanning, intelligent policy recommendations and data-layer detection and response, as well as insights gleaned from dark web monitoring. He championed a collective defence approach, urging collaboration and intelligence-sharing across sectors.
When asked about zero trust, Heng reframed it as “modern defensible architecture”, explaining that while the core principles – assumed breach, least privilege and data protection – remain sound, AI enhances their execution.
He explained how AI now facilitates real-time policy tuning, data classification and insider threat detection, seamlessly integrating into a framework that strikes a balance between enabling progress and maintaining control.
“As organisations shift beyond the buzzwords, this defensible architecture becomes the foundation of a resilient security strategy,” he explained.
Looking ahead, Heng identified data integrity, insider threats and fraud as key risks, particularly in the Philippines’ fast-digitising, geopolitically sensitive context. With the country becoming a target-rich environment amid global tensions, he stressed the need for autonomous and agentic AI systems that can secure evolving business models.
“As data drives every function – revenue, customer experience, innovation – organisations must prepare for exfiltration risks and AI model compromise,” he is strongly convinced. “Security must evolve in tandem with transformation.”
Together, Heng and Charmaine underscored the duality of AI: a powerful defence mechanism and a potential threat vector. Their message to the audience was clear – secure your data, adopt resilient architectures and act with urgency.
Interactive Discussion
Exploring AI-Driven Cybersecurity and Overcoming Adoption Challenges
The interactive discussion delved into the varied stages of AI adoption among Philippine organisations, with delegates candidly sharing their journeys in embracing this transformative technology. The diversity of responses underscored the need for a tailored, step-by-step approach to ensure AI aligns with organisational goals and cybersecurity demands.
Some organisations are still in the early stages, carefully exploring AI’s potential and evaluating how it can enhance their cybersecurity efforts, streamline processes, improve efficiency and better manage associated risks.
“We’re currently setting up a robust data platform and assessing security solutions that best fit our organisation,” one delegate explained.
Others were conducting research and running small-scale pilots to test AI’s effectiveness in threat detection, response times, system integration, scalability and overall security performance before wider implementation.
“We’re just beginning to explore AI for cybersecurity, trying to see where it fits but ensuring we don’t rely on it too much,” noted an executive.
Meanwhile, some organisations were actively implementing AI-driven security measures to enhance threat detection, automate responses, improve system resilience, streamline operations and stay ahead of evolving risks.
“We already have AI-powered data protection tools in place and are now evaluating how they can scale,” shared a participant.
The range of responses highlighted a cautious yet steadily growing commitment to AI-driven solutions, as organisations recognise their potential, address challenges, optimise operations and carefully evaluate risks and benefits.
Delegates pinpointed key priorities for AI in data protection, with preventing breaches, automating compliance and enhancing threat detection emerging as focal points. Many viewed AI as a critical shield against cyber threats, with one stating, “Preventing data breaches and unauthorised access is our top concern – AI’s speed could be a game-changer.”
Others prioritised regulatory compliance, especially in highly regulated sectors. “With laws like the Data Privacy Act, AI could streamline audits and improve how we classify sensitive data,” a delegate remarked.
Some emphasised the importance of secure storage and encryption. “Ensuring sensitive data is encrypted and stored securely is non-negotiable,” another noted.
This discussion reinforced the idea that AI’s success hinges on its ability to address sector-specific challenges, adapt to unique requirements, drive innovation and deliver tailored solutions that meet industry needs.
Challenges surfaced as a central theme, with legacy systems, ethical concerns and leadership buy-in topping the list. Delegates frequently cited outdated infrastructure as a barrier.
“We’re struggling with legacy systems that don’t integrate well with modern AI solutions,” one participant admitted.
Privacy and ethics also loomed large, with another adding, “We need to balance AI’s capabilities with trust – stakeholders are wary of how AI manages sensitive data.” Securing budget and executive support was another struggle.
“Leadership buy-in is there, but justifying AI investment remains a hurdle,” a delegate explained.
These insights emphasised the need for a strategic approach that addresses technical, ethical, financial, organisational, regulatory and cultural obstacles to AI adoption, ensuring long-term success, scalability and sustainability.
When considering how to measure AI’s success, delegates highlighted enhanced visibility, reduced breaches and improved compliance as key benchmarks. Many saw AI’s ability to provide better oversight as crucial.
“Enhancing data visibility and control is our top priority – it helps us build trust and secure stakeholder buy-in,” one participant said.
Reduced breaches were another common measure of success. “If we see fewer incidents, we know AI is working,” another noted.
Compliance improvements also ranked highly, particularly for organisations operating under strict regulatory frameworks. “AI should not just improve security but also help us maintain regulatory compliance more efficiently,” a delegate emphasised.
AI holds immense promise for strengthening cybersecurity in the Philippines, but its full potential requires careful planning. Organisations that tackle infrastructure gaps, establish clear policies, and strategically approach AI will be best equipped to harness its power for robust data protection and resilience against next-gen threats.
Closing Remarks
Felix Lam, Head of Sales Engineering, ASEAN Emerging Markets at Zscaler, offered final reflections – grounded not just in technology, but in practical steps and real challenges faced by organisations today.
“We’ve talked about a lot today – cybersecurity, AI, visibility. But at the core, it starts with one thing: data classification,” he recapped.
Felix highlighted a common oversight he’d encountered during recent meetings with organisations in the Philippines: many had yet to implement basic data classification policies, leaving their data management practices vulnerable and unstructured.
“You can’t protect what you don’t see,” he stressed. “Without knowing what data exists, who’s using it and how, securing it – especially in the era of Gen AI – is nearly impossible.”
He walked delegates through how Zscaler offers visibility into AI application usage across departments – be it HR, R&D, or Sales. Through dashboards and prompt-level monitoring, organisations can see who is using which Gen AI apps, what they’re entering and what kind of data is potentially at risk.
“You’ll know if someone is putting immigration data or corporate financials into ChatGPT – and who that someone is,” he explained.
But visibility was only the beginning. Felix spoke about the ability to control and secure these interactions through granular policies – allowing the use of public AI tools like ChatGPT for general queries but blocking uploads of sensitive documents or code.
“It’s not just about allowing or denying – it’s about shaping how AI is used, safely,” he said.
Browser isolation adds an additional layer of defence by creating secure cloud-based browsers that contain potential threats while still enabling productive access. The flexible options were appreciated, allowing control over actions such as uploads, downloads, or even full access, including screenshots.
Felix highlighted that even enterprise AI deployments carry risks, unintentionally impacting AI accuracy and decision-making. He emphasised that, while AI offers tremendous potential, it must be carefully managed to avoid these unintended consequences.
“Just because it’s private doesn’t mean it’s safe,” he warned. “You still need oversight – what if someone types in HR data and suddenly others start querying salaries?”
His closing message was one of encouragement: “Start with classification. Build visibility. Use that insight to empower – not block – your teams. Be on the offensive. Help your company be secure and productive. Help your career rise with it.”
Mohit Sagar took the stage to deliver the closing remarks, reflecting on the key insights shared throughout the session and emphasising the importance of adapting to the rapidly evolving landscape of technology and cybersecurity.
“Don’t wait for regulation or compliance to dictate your path. Legacy systems, geopolitical shocks – these vulnerabilities are real and growing,” he says, advocating for a proactive approach.
He reminded the audience that the real question isn’t about tools or policies – it’s about readiness. “The money’s already flowing. Are you ready to act before the breach happens?”
The session concluded with a sense of urgency, leaving delegates to reflect more critically on their Gen AI readiness and how platforms like Zscaler could transform visibility into actionable strategies.
