Stay ahead and turn AI adoption into a sustainable advantage with Darktrace
The race to adopt AI underscores the need for boards to balance innovation, visibility, and governance without sacrificing security and oversight.
The race to embed AI in enterprises is underway. Boards and executive teams are pushing their organisations to deploy at scale and grab the productivity gains the technology offers. At the same time, boardroom debate has evolved from whether to adopt to how that adoption is directed and governed at the leadership level.
Early movers may unlock efficiency gains, but speed alone won’t create winners. As AI adoption accelerates, so too do the risks, particularly if poorly understood systems, agents and projects are introduced with little centralised oversight or coordination. The organisations best positioned to succeed are those that build clear leadership, visibility and oversight of AI risks, enabling them to foster adoption and innovation instead of blocking it.
“AI adoption must be tightly aligned with the broader company goals and vision, not treated as an operational add-on,” said Germaine Tan Shu Ting, VP & Field CISO, Security & AI Strategy of Darktrace, in an interview with Singapore Business Review.
“The Board must champion this alignment to ensure that the technology isn't just ‘running’ but is actively driving the organisation’s specific business outcomes. A significant part of that strategic planning is to view AI not just as an opportunity but as a business-wide risk if processes and security protocols are not clear and in place.”
Balancing between innovation and safety
Traditional security approaches were not designed for AI-driven environments. Many existing tools rely on static rules, predefined signatures, and manual oversight – assumptions that break down in the new AI paradigm.
The explosion of AI assistants and AI agents has changed the risk landscape, introducing “insider” AI operatives that can act autonomously, adapt in real time, drift in behaviour and interact across systems at machine speed. When static rules meet AI agents, they create blind spots in practice, leaving leaders without a clear understanding of how AI is behaving across the enterprise. An AI agent might not, for example, require any malicious code or break set rules to go rifling through folders and exfiltrating files. Anomalous natural language instructions, obscured from human view, can be enough to send an agent into risky territory.
Tan Shu Ting says the risk landscape stretches across the entire AI lifecycle: from enterprise AI assistants and embedded SaaS tools to low-code and high-code platforms where teams build and deploy AI.
“AI risk emerges from behaviour, not just inputs,” she said.
“Risk unfolds across conversations, actions, and decisions over time rather than from a single malicious prompt or event. Because AI tools and agents often operate with valid credentials and broad permissions, it can make misuse hard to distinguish from normal activity. This puts detection out of reach for many traditional tools. An action might look normal in isolation, but individually benign prompts, API calls, or data accesses can combine into high-risk behaviour that rule-based tools can’t correlate.”
Tan Shu Ting says the answer doesn’t lie in stifling innovation, but in gaining greater visibility and oversight over what is happening within an organisation.
Without clear direction, individual teams often innovate or experiment in isolation, and this can create hidden risk. For example, an agent empowered to manage a leader’s email inbox could be fooled into following instructions that arrive in an email’s metadata or with white-on-white text. Those instructions could see data exfiltrated or emails sent without the leader’s oversight or knowledge.
“Agents don’t have the judgement, ethics, or fear of consequences that humans do, and they can be easily manipulated by cyber criminals,” Tan Shu Ting said.
“This isn’t a future problem; it’s a risk today with direct implications for revenue, reputation, and regulatory compliance.”
Building AI oversight
To help organisations to achieve real oversight and to properly enable AI, Darktrace points to three areas every AI agent deployment strategy must prioritise.
The first is behavioural visibility.
“You cannot secure what you cannot see,” Tan Shu Ting said. “AI agents present a unique challenge because of their autonomy and speed.”
Companies need to be able to see what their agents are doing and what they have access to in order to set guardrails and enable their use in confidence. An employee can be enabled to build an agent that constructs their reports for them, but the systems in place need to ensure security teams are alerted the moment that agent tries to access confidential financial records or move beyond its scope.
Secondly, organisations need to build context. The norms and requirements of each organisation are unique and continually changing. Leadership teams need to build oversight that allows agents and their usage to evolve with the organisation, and doesn’t stifle innovation.
That adaptability needs to be balanced with the ability to ensure agents aren’t operating maliciously or drifting from their purpose, a delicate balance to achieve.
Finally, organisations need to build guardrails that will act in real-time, not after the fact. That means having systems in place that can recognise suspicious, unusual or unsanctioned AI-driven behaviour early and act instantly.
“You cannot wait for evidence of data exposure or operational impact before you start to act,” Tan Shu Ting said.
Scaling AI with confidence
Achieving behavioural visibility, context that adapts with your organisation and real-time guardrails isn’t a task that can be achieved manually or with most organisations’ established tooling. An AI-based oversight approach is needed for the agentic AI era.
Darktrace built its cybersecurity platform to protect organisations in the AI era and is now supporting them as they scale AI across their operations.
The Self-Learning AI approach it pioneered focuses on understanding the unique context and normal patterns of life of each organisation in order to spot anomalies, investigate their source and take action in real-time.
Darktrace / SECURE AI brings that unique capability to agentic AI oversight. By understanding how AI tools and agents behave across enterprise assistants, high-code, low-code, and SaaS environments, Darktrace helps organisations identify emerging risks, detect potential misuse and manipulation, and respond as behaviour evolves.
Darktrace’s Self-Learning AI’s continuous learning allows it to understand how the organisation is evolving and adjust its understanding of AI agents’ behaviour accordingly. Where set rules and triggers need regularly resetting as the organisation and need change, Darktrace / SECURE AI will enable agents to continue to operate even as their context changes, while still ensuring the agent is acting as it should.
With this level of visibility, context, and real-time response, leadership teams can maintain oversight as AI adoption accelerates and enable innovation with confidence.
“At the end of the day, it’s always about people,” Tan Shu Ting said “Security needs to be embedded in every organisation from development, IT, training/enablement of the use of AI, operations/productivity adoption, all the way up to the board. When you bring together the right governance framework, the visibility, speed and controls required, you can give an organisation the confidence to scale and innovate with AI safely.”
To learn more about Darktrace and its cybersecurity services, visit them at https://www.darktrace.com/.