Live1m agoSingapore-HQ HashMicro Launches AI-Native ERP Platform with HashMicro X and Hashy OS
← Back to stories

Singapore's Shadow AI Blindspot Fuels Rise in AI-Powered Cyberattacks

Source: Fintech News Singapore

Only 48% of Singapore organisations have full visibility into employees' AI tool usage, leaving critical data exposed as AI-powered social engineering and phishing attacks surge, a new Bitdefender survey reveals.

Singapore's Shadow AI Blindspot Fuels Rise in AI-Powered Cyberattacks
SGAI Daily

As employees across Singapore increasingly adopt AI tools for work, cybersecurity is entering a dangerous new phase. A Bitdefender survey of 1,200 IT and cybersecurity professionals across six countries reveals that only 48% of Singapore organisations have full visibility into which AI tools and large language models their staff use — below the global average of 51.8%. Half of Singapore organisations reported only partial visibility, tracking official enterprise LLMs while remaining blind to personal accounts and "shadow AI" subscriptions.

The consequences are already materialising. 59.2% of professionals polled globally said their organisation has experienced social engineering attacks involving AI, 55.7% reported AI-powered malware, and 70.1% reported more sophisticated AI-driven phishing. In Singapore, these incidents manifest primarily as unauthorised cloud access (45%), business email compromise (37%), and ransomware (28%). Just last week, the personal data of about 70,000 people was exposed after attackers gained access to an IBM-managed cloud environment used by the Singapore Land Authority.

The survey also uncovered a troubling governance gap: 53% of Singapore respondents who had a data breach in the last 12 months were told to keep it confidential, even when they believed it should be reported. This directly conflicts with Singapore's Personal Data Protection Act, which requires organisations to notify the PDPC and affected individuals of breaches that could cause significant harm. Legal experts warn that hiding breaches risks financial penalties, enforcement directions, and regulatory action under the PDPA — on top of lost customer trust.

Why it matters for Singapore: Shadow AI is not just a productivity concern — it is becoming a regulatory liability. Singapore's PDPC has intensified enforcement of data breach notification requirements, and organisations found to have inadequate AI governance could face significant fines. The Bitdefender data suggests the gap between AI adoption and AI governance is widening here faster than the global average. For Singapore-based CIOs and compliance officers, the immediate takeaway is clear: inventory your AI tooling, close the visibility gap, and tighten data governance before a shadow AI incident becomes a PDPC notification. The SLA-IBM breach was a warning shot — the next one may not be limited to a development environment.

Your daily AI edge in Singapore: in <5 minutes.

We do the reading so you don't have to. Get the essential TL;DR on local AI moves delivered to your inbox every morning.