As AI Expands Attack Surface, Malaysian Companies Need a Strategic, Proactive Response

Artificial Intelligence (AI) is rapidly transforming the way organisations operate, offering new efficiencies, insights, and capabilities. In Malaysia, AI could boost the country’s productive capacity by approximately USD $115 billion by 2030, according to Ministry of Digital.

Amid this momentum, our recent research reveals that many Malaysian organisations are also turning to AI to strengthen their cyber defences, recognising its potential not just as a driver of innovation, but as a critical tool in managing evolving digital risks. Approximately 83% of Malaysian businesses are already using AI-driven tools as part of their cybersecurity strategy, with a further 15% actively exploring implementation.

Despite steps being taken to be more proactive, organisations are facing numerous challenges in identifying and managing cyber risk, with IT and rogue applications including unauthorised use of AI (73%) and concerns over a rapidly evolving threat landscape (61%) being faced the most.

The reality is AI is expanding the cyber attack surface in ways that many businesses are only beginning to fully understand.

In the past, the risks were more contained, focused on things like email scams, stolen passwords, or outdated software. As organisations adopt AI to streamline operations, automate tasks, and personalise customer experiences, they are also introducing new digital entry points, more data pipelines, more connected devices, more complex systems. Each innovation, while valuable, opens up new doors for cybercriminals to exploit.

What was once limited to email phishing or compromised passwords now includes AI-generated deepfakes, voice cloning, and automated probing of systems, making it harder to detect, defend, and respond. The challenge is not just about more attacks; it is about more ways to be attacked.

This evolving threat landscape is especially concerning given the visibility gaps many organisations still face. Our recent also show that 80% of Malaysian companies have experienced security incidents due to unknown/unmanaged assets: of which, 60% are minor and 15% are major incidents.

A New Category of Risk Has Emerged from AI

Recent research highlights a 219% increase in mentions of malicious AI tools on the dark web. Threat actors are using AI to enhance phishing campaigns, automate vulnerability discovery, and accelerate account takeover attempts.

Artificial Intelligence introduces a new category of risk, from shadow IT created by the use of unauthorised generative AI platforms, to potential vulnerabilities within custom-built large language models. These risks come on top of existing challenges around cloud environments, remote working, and third-party supplier ecosystems, all of which continue to grow the enterprise attack surface.

Among emerging AI threats, no other AI technology arguably has had a bigger impact than deepfakes. Trend Micro’s research shows that 36% of consumers have encountered scam attempts involving deepfaked content. In malicious hands, this technology is equally effective in mass-market scams and highly targeted attacks on enterprises.

One growing concern is its use to bypass electronic Know-Your-Customer (eKYC) systems. Criminals can use AI-generated images or videos to open anonymous accounts on cryptocurrency platforms, often for money laundering. In effect, deepfake technology is being used to pit AI systems against each other, with attackers’ AI deceiving the AI safeguards designed to stop them.

Managing this environment effectively requires more than traditional perimeter defences. It calls for continuous, proactive cyber risk exposure management with real-time asset discovery, vulnerability identification, and intelligent prioritisation of security actions.

Thousands of Exposed AI Servers Raise Major Concerns

Trend Micro Malaysia’s latest research reveals that much of today’s AI infrastructure is being built on unsecured or outdated components, leaving gaping vulnerabilities that threat actors are ready to exploit. As businesses accelerate AI adoption, security is often left behind, introducing serious vulnerabilities across the development pipeline. Key challenges include:

• Critical Infrastructure at Risk: Core AI components are being exploited through previously unknown (zero-day) vulnerabilities, posing direct risks to business operations.
• Unsecured AI Systems Exposed Online: In the rush to deploy, many AI tools are left unintentionally open to the internet. Trend Micro found thousands of unprotected servers running key AI tools without basic authentication, making them easy targets for attackers.
• Open-Source Blind Spots: Widely used open-source libraries in AI frameworks often contain undetected flaws that make their way into production environments, becoming harder to find and fix later.
• Container Security Gaps: Since much of AI infrastructure runs in containerised environments, it inherits the same security risks as broader cloud systems. Without strong input controls and monitoring, these systems can be exploited by attackers.

To mitigate the risks outlined above, both the developer community and its customers must strike a better balance between security and speed to market, through concrete steps such as improving patch management and vulnerability scanning, maintaining a full inventory of software components, adopting container security best practices, and conducting regular configuration checks to ensure AI infrastructure isn’t inadvertently exposed to the internet.

AI Is also a Powerful Tool for Strengthening Security

At the same time, AI offers significant potential to improve security outcomes. Modern cyber risk exposure management platforms leverage AI to scan dynamic environments continuously, highlight misconfigurations and vulnerabilities, and recommend efficient remediation paths. This enables security teams to focus on the highest-impact threats, improving resilience without adding operational burden.

Security leaders increasingly recognise that effective attack surface management is tied to broader business outcomes, including operational continuity, customer trust, financial performance, and regulatory compliance. The next step is to embed these practices into core security strategies and communicate their value clearly to executive boards.

As AI continues to evolve, so too must cybersecurity. Organisations that take a strategic, proactive approach to managing cyber risk exposure will be better equipped to navigate the opportunities and challenges of the AI era, and to maintain trust, resilience, and competitive advantage.