Key Points:
- AI-powered tools now allow cybercriminals to scale and automate scams across the Asia-Pacific region.
- Scammers use advanced camera-injection tools to bypass facial-recognition security in banking apps.
- Cybersecurity experts warn that traditional perimeter defenses are completely obsolete against AI exploits.
- Building digital operational resilience requires fighting AI-powered attacks with automated AI defenses.
The 31st Nikkei Forum “The Future of Asia” conference in Tokyo highlighted a sobering reality: artificial intelligence has quickly evolved from a productivity tool into a potent weapon for cybercriminals. During a highly anticipated panel discussion titled “AI-Driven Evolution of Cyber Threats and Defenses,” leading regional security experts warned that the rapid proliferation of deepfakes and automated scams poses a new type of national security threat across the Asia-Pacific region. As bad actors weaponize generative AI, traditional security systems struggle to keep pace. The consensus among the panelists indicates that organizations must fundamentally redesign their defensive strategies to survive this highly sophisticated, automated era of cyber warfare.
Scams now represent the most widespread digital threat in the region, accounting for over 57% of all recorded cybercrimes in the Asia-Pacific territory. Jennifer Soh, the Cyber Investigation Lead for APAC at the cybersecurity firm Group-IB, explained how hackers utilize artificial intelligence to automate and scale their operations. Traditionally, executing a successful phishing campaign required significant technical skill and manual coordination. Today, amateur criminals leverage customized malicious GPTs and specialized “dark LLMs” to generate highly convincing, culturally localized phishing messages in multiple languages within seconds. This rapid, automated generation allows attackers to bypass standard text filters and launch hundreds of coordinated campaigns simultaneously.
The threat has become particularly severe in the mobile financial sector, where criminals actively target biometric authentication. Soh revealed alarming details about advanced “Android Malware Scams” that trick users into installing fraudulent applications, granting attackers complete remote control over their mobile devices. Once inside, cybercriminals utilize specialized “Camera Injection Tools” to bypass facial recognition security on banking apps. The attackers manipulate the victim’s device to capture real-time facial video recordings under false pretenses. The software then injects the recorded video directly into the banking application’s camera feed, allowing hackers to authorize fraudulent money transfers and drain customer accounts.
This rapid technological evolution has rendered traditional perimeter-based security measures completely obsolete. Kazuhiro Hayashi, the Cybersecurity & Digital Operational Resilience Leader for PwC Japan Group, warned that organizations can no longer rely on static firewalls or manual monitoring. AI-powered hacking tools can scan entire corporate networks for vulnerabilities in a matter of seconds, adapting their tactics in real-time based on the defensive barriers they encounter. This level of automated complexity enables low-level asymmetric threat actors to coordinate and execute near-peer-level attacks against major enterprises and government bodies, overwhelming traditional IT response teams.
To counter this growing threat, Hayashi argued that organizations must transition their digital defenses from a manual craft into an automated science. Since human security operators cannot react fast enough to block automated exploits, companies must fight AI-powered threats with superior, AI-powered defenses. This strategy requires integrating advanced analytics and real-time threat detection systems directly into the corporate network fabric. By deploying automated defensive playbooks, security systems can automatically isolate compromised nodes and neutralize incoming attacks within seconds of detection, significantly reducing the mean time to respond.
Financial institutions find themselves on the absolute frontline of this automated technological warfare. David Formula, the Director of Bank Central Asia in Indonesia, discussed how commercial banks must constantly adapt their security protocols to protect client assets. Formula emphasized that as social engineering campaigns become more realistic through AI voice cloning and deepfake videos, technical defenses alone are no longer sufficient. Banks must combine advanced biometric defenses with continuous, proactive consumer education. This dual approach helps customers recognize sophisticated impersonation scams before they inadvertently hand over their personal credentials or install malicious software.
The threat also extends far beyond financial fraud, increasingly targeting critical national infrastructure across the region. Panelists pointed to the devastating ransomware attack that crippled an Indonesian national data center last year, paralyzing over 210 critical government and immigration services and causing massive delays at major airports. As Asian economies become highly dependent on interconnected digital systems for energy, healthcare, and transport, a single exploited vulnerability can cause widespread social and economic chaos. Security teams must treat critical infrastructure protection as a matter of national sovereignty rather than a standard corporate compliance issue.
Ultimately, the panelists agreed that individual enterprises and governments cannot resolve these systemic vulnerabilities in isolation. The discussion concluded with a strong call for unified international cooperation. To defend the integrity of the regional digital space, Asia-Pacific nations must establish standardized cyber defense frameworks and share real-time threat intelligence across borders. By working together to close regulatory loopholes and bridge the massive cybersecurity talent gap, the region can build a resilient digital economy capable of withstanding the next generation of AI-driven threats.
