Companies in the Asia-Pacific region (APAC) region can go ahead by investing heavily in Agent AI. IDC reports that 70% of APAC companies expect Agent AI to disrupt their business models in the next 18 months. As of 2025, two out of five people are already using AI agents, and one in two plans to implement them by 2026.
Using AI agents offers great opportunities, but with risks, given its autonomous nature. Each data source, static AI model, and agents within or outside the organization converge to create another point that developers need to protect and monitor. This is becoming a board-level concern.
A recent Lenovo survey found that only 48% of IT leaders feel confident in their ability to manage the risks of AI development and implementation, and more than 10 agreed that AI agents would pose a new kind of insider threat that they are not fully prepared to respond.
As we aim to increase the use of agent innovation throughout the software development lifecycle, what important considerations should organizations keep in mind?
As agents rise, risks likewise go beyond security and data
The rise of AI agents completely overturned the way software was built, governed and managed, and introduced new risks. IDC estimates that a third of APAC organizations are concerned about security and data privacy vulnerabilities associated with AI agents. However, there are more risks than security or data privacy.
Operational and development risks are the most difficult to contain.
When an AI agent is compromised, its impact can spread malicious activity through the web of interconnected systems. Ensuring these myriad of growing risks adds friction to the development process.
-JFrog, Senior Vice President, APAC
If common vulnerabilities and exposure (CVE) are too generous, you can score and the threat can slip through. Setting the threshold high will overwhelm developers with false positives, time, resources consuming, and reducing their ability and ability to respond quickly to real incidents.
Supply chain risks add to the burden on developers. Many agent systems are built with open source software, prerequisite models, and countless preset integrations to enhance faster development.
However, all you need is a single addiction model or one package sown with malware, exposing organizations and individuals in the Software Supply Chain (SSC) to attack. Even tokens leaked to public repository can cause obstacles that cascade well beyond their origins. The deeper the interconnect, the more unstable one weak link.
The risks of governance and compliance are also immeasurable today. Agent systems pose inherent risks to autonomy, such as black box decisions that prevent explanability, insecure or destructive behavior that may bypass human intentions, and prevent bias embedded in training data that expands into unfair outcomes.
Shadow AI/ML agents that are not permitted within your organization amplify these risks, operate outside of monitoring, and leave no audit trail.
Agents drive a quantum shift in software security and delivery, and workloads are immeasurable
Full traceability to the weights within the binary level or machine learning model is expected by stakeholders. Policymakers are particularly aware of these risks and are pushing for stricter, more comprehensive legislation. For example, Indian lawmakers are pushing for mandatory AI material bills.
This means that businesses across APAC need to prove what their agents did, why they acted, and whether their output complies with evolving regulations. Security requirements everywhere are quantum shifts in the way developers normally operate, adding a massive compliance burden to all teams throughout the software development lifecycle.
This quantum shift does not focus on how quickly companies can bring AI agents to the market. The real question lies in whether a company can ensure that all components, from models to binaries to packages, are safe, explainable and compliant in real time.
How the agent software lifecycle allows businesses to address new risks in the agent software lifecycle
Developers are currently expected to become all-in-one compliance officers, AI governors and security sentinels. They are already thin and stretched, and throwing more tools just creates more silos and blind spots.
Companies need to take a different approach to address these risks sustainably, but design builds trust. Here's how they can do so:
1. Create a trusted AI Agent Record System
Treat agents as top-class citizens of SSC. Track all your assets, from code and configuration to prompts and credentials. Maintains crypto audit trails, attach contextual metadata, and enable secure onboarding and retirement. This will provide a single, reliable audit trail for regulators and partners, and will also accelerate agent innovation.
2. Take a hybrid human and agent developer approach
Manual monitoring alone cannot maintain compliance. Developers need to focus on architecture, governance and intent, while agents must collaborate on coding, testing, packaging and monitoring. Automating vulnerability remediation with evidence capture is one immediate way to free developers to safely innovate.
3. Raising agent engineers
A new persona is appearing. It blends the skills of coders, machine learning practitioners and compliance architects into one. Agent engineers design design systems that predict risk, incorporate governance into workflows, and coordinate interactions between human developers and autonomous agents. Monitor agent behavior, enforce policies in real time, and translate regulatory requirements into practical guardrails within SSCs.
When businesses invest in boosting their developer teams with skills tailored to this new persona, they will gain leaders who can drive agent innovation without sacrificing security, explanation, or compliance.
Agent advancement in quantum shift
Quantum shifts in how software is developed occur, whether or not the organization is ready. Just as the rise of open source has called for a secure SSC, the rise of agent AI calls for a better approach to auditing and trust infrastructure.
APAC organizations embracing this unified approach not only mitigate risk, but also prime teams to accelerate innovation using AI agents and more.
Sunny Rao is Senior Vice President of APAC at JFrog
