Artificial IntelligenceBylines

Grok Bans in Southeast Asia and Enforceable Guardrails

How Should Regulators and Adopters Alike Scrutinise and Rgulate the Use of AI? 

Indonesia, Malaysia, and the Philippines have announced they are regulating Grok, the X platform’s Artificial Intelligence (AI) chatbot due to with malicious use of such AI for deepfakes and harassment. This step highlights an important question: How should regulators and adopters alike scrutinise and regulate the use of AI?

To be clear, the recent scrutiny and restriction of Grok AI across parts of Southeast Asia isn’t a rejection of AI itself, but an indicator that governance has been unable to pace with adoption. As regulators in Indonesia, Malaysia, and the Philippines assess the societal and security implications of generative AI, organisations across APAC should view this moment as both a warning and an opportunity.

AI systems are not passive tools. They act autonomously, process sensitive data, and increasingly interact with critical operational systems. Without clear governance, AI becomes a new class of digital identity operating at machine speed, often outside traditional security controls. This is particularly acute in APAC, where regulatory approaches vary widely. Singapore’s AI Verify framework provides one example, while Japan favours an innovation-first, soft-law model. The divergent approaches to regulating AI create uneven risk exposure across borders.

From a cybersecurity perspective, the issue is not the model itself, but how access, identity, and decision-making are governed once AI is deployed. Unregulated or ‘shadow AI’ tools can introduce unmanaged credentials, expose sensitive datasets, and create audit gaps that are unacceptable for enterprises and public sector bodies. Gartner has warned that by 2027, 50% of business decisions will be augmented or automated by AI, underscoring the need for clear accountability and traceability today.

There are tangible ramifications for end-users too. Poorly governed AI can leak personal data, generate misleading outputs, or be manipulated to perform unauthorised actions. Maintaining trust will be critical as adoption continues to grow.

The path forward is not blanket bans, but enforceable guardrails. That means adopting identity-first security, least-privilege access, and full auditability while maintaining human oversight for high-risk actions. APAC organisations that embed governance into AI deployments now will be best positioned to innovate responsibly, comply with evolving regulation, and maintain public.

Takanori Nishiyama

Senior Vice President of APAC & Japan Country Manager at Keeper Security

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *