Cyber threats, once limited to spam emails and basic malware, have evolved into highly unpredictable and sophisticated attacks. Since its introduction to the public, artificial intelligence (AI) has already been reshaping every aspect of the cybersecurity space, enabling both defenders and cybercriminals to operate with unprecedented efficiency.
From AI-powered cyberattacks and deepfakes to automated code generation, AI is making attacks more adaptive and difficult to detect. Meanwhile, IT professionals face growing uncertainties about job security as AI takes on more advanced roles in cybersecurity and software development.
While large enterprises are adopting AI to strengthen their security posture, cybercriminals are leveraging the same technology to launch increasingly sophisticated attacks. This presents a high-stakes balancing act for small and medium-sized enterprises (SMEs): AI can enhance security defenses, but it also introduces new risks that SMEs must actively address.
AI’s growing impact on cybersecurity
One of the most profound shifts AI has introduced is in software development. AI-driven platforms such as ChatGPT or GitHub can generate and refine code in seconds. Previously, software development required teams of engineers to write, test, and debug code manually.
Now, AI-assisted development can automate large portions of this process, potentially reducing the demand for entry-level coding roles while increasing the need for cybersecurity professionals who can monitor and secure AI-generated applications.
This shift is already altering IT workforce dynamics, particularly in Southeast Asia, where the cybersecurity talent gap remains a pressing concern.
According to the EY 2024 Work Reimagined Survey, 79% of employees in Singapore are now using GenAI daily, surpassing the global rate, due in part to the national AI roadmap 2021-2025, which promotes AI use across various sectors.
The hidden risks in AI-powered software development
While AI-powered platforms accelerate efficiency, they also introduce new cybersecurity concerns. AI-generated code can inadvertently introduce security flaws, as it often relies on pattern recognition rather than fundamental security principles.
In a 2022 study, researchers found that 40% of the code suggested by Copilot contained vulnerabilities. Alarmingly, further research showed that users often trusted AI-generated code more than their own, potentially leading to a false sense of security.
For SMEs with limited cybersecurity resources, this creates significant risks. AI-generated applications might integrate insecure coding practices or expose sensitive data through misconfigured APIs. AI-driven development also increases reliance on third-party services, which can become a single point of failure if compromised.
SMEs must take a proactive approach by conducting manual security audits on AI-generated code, ensuring compliance with data protection regulations, and implementing zero-trust architectures to limit access vulnerabilities. Additionally, employee training on AI-driven phishing attempts and social engineering attacks is critical to preventing breaches caused by human error.
AI as a catalyst for reskilling
Another pressing question is whether AI will replace white-collar professionals. While AI has automated many repetitive, rules-based tasks, the reality is more nuanced. Rather than eliminating jobs, AI is shifting demand toward professionals who can oversee AI systems, detect vulnerabilities, and enforce security policies.
For SMEs, this has two major implications. First, AI-assisted coding tools allow SMEs to develop software faster with smaller workforces, benefiting startups and businesses with tight budgets. Second, software developers and cybersecurity professionals will need to transition from manual coding to AI oversight, threat modelling, and compliance enforcement.
As AI adoption increases, so does the need for AI-specific cybersecurity skills. SMEs that invest in upskilling employees, particularly in AI security, ethical AI governance, and cloud security, will be better positioned to thrive in an AI-driven landscape. AI reskilling programs to help their workforce transition into AI security and compliance roles, ensuring employees can work alongside AI rather than be displaced by it.
Affordable cyber defense strategies for SMEs
AI-powered attacks are already a reality in Southeast Asia. Singapore, in particular, is witnessing a rise in AI-driven phishing and deepfake scams, where attackers use AI to generate highly convincing phishing emails and deepfake voices, making social engineering attacks more effective.
Earlier this year, Hong Kong police arrested 31 people over the alleged use of deepfake technologies to stage online romance and investment scams targeting victims from Singapore, Malaysia and Taiwan, with losses exceeding approximately S$5.78 million.
AI is also enhancing malware by enabling polymorphic ransomware, which continuously evolves to bypass security defenses. SMEs relying on cloud-based services and third-party software providers face greater risks of cascading cyber incidents, as a single vulnerability in a widely used service can impact multiple businesses at once.
Despite limited budgets, SMEs can adopt cost-effective cybersecurity strategies to mitigate risks. AI-powered cybersecurity solutions such as extended detection and response (XDR), real-time anomaly detection, and AI-assisted threat intelligence are becoming more accessible.
Cloud-based security solutions offer scalable protection without requiring large upfront investments. Free and open-source security tools, such as AI-driven threat detection software, can help SMEs enhance their defenses at a lower cost.
Building a collective cyber defense
Asian governments are ramping up cybersecurity measures for SMEs. Singapore’s Cyber Security Agency (CSA) last year introduced its Guidelines on Securing AI Systems, offering system owners a comprehensive approach to safeguarding AI throughout its lifecycle. In Malaysia, amendments to the Cybersecurity Act under the National Cyber Security Strategy (NCSS) enforce stricter compliance.
Beyond regulations, collaborative efforts between governments, enterprises, and technology providers are crucial. Cybersecurity alliances between the private and public sectors can help SMEs gain access to training programs, threat intelligence sharing, and subsidised cybersecurity tools.
AI is undeniably transforming the way software is built, secured, and managed. For SMEs, the challenge lies in leveraging AI’s efficiencies while mitigating the risks it introduces. The key to success is not rejecting AI but using it wisely through security-first strategies, continuous employee training, and proactive threat monitoring.
SMEs that prioritise cybersecurity resilience in the AI era will be the ones that thrive. By embracing AI responsibly, businesses can strengthen their security posture while remaining competitive in an increasingly digital economy.
Governments, industry leaders, and SMEs must work together to create a cybersecurity ecosystem that is prepared for the challenges and opportunities AI presents. The future of AI-driven cybersecurity is already here, how SMEs respond will determine their success in the years to come.
