Bryce Boland, head of Security Solution Architecture for Asia-Pacific and Japan at Amazon Web Services. Photo courtesy of the firm

As generative AI adoption accelerates across the Asia-Pacific, organisations are facing growing security risks while AI workloads scale in the cloud. Bryce Boland, head of Security Solution Architecture for Asia-Pacific and Japan at Amazon Web Services (AWS) talks about how the threat landscape is evolving and how businesses can secure generative AI while sustaining innovation.

As generative AI adoption accelerates across APAC, how is the security threat landscape evolving, and what best practices should organisations follow to scale their security operations in a cost-efficient way?

As companies continue to drive business value with generative AI (Gen AI), they are also managing larger volumes of sensitive data and new integration points between systems. Securing these Gen AI workloads at scale therefore remains a key concern for many organisations.

It’s also important to note that security teams are also using Gen AI to strengthen their security posture. At AWS, we recommend some of the following best practices for security teams.

First, organisations need clear visibility of their security posture, including their identity infrastructure and access activity. They need to know where their data resides, how it’s being accessed and what risks exist across their environment. A unified view allows them to identify issues and act swiftly to resolve them before they escalate.

Second, this visibility can be complemented with automation for time-consuming tasks such as compliance checks, threat detection and low-level remediation. By automating these processes, security teams can focus on higher-value work and respond to emerging threats faster and more consistently.

Ultimately, by building their Gen AI workloads on a secure and resilient foundation like AWS, organisations set themselves up for long-term success. Resilience is at the core of everything we design, including our cloud infrastructure. This foundation is what has helped millions of our customers develop their Gen AI solutions on the cloud already.

As APAC organisations move from Gen AI experimentation to large-scale deployment, what are the most urgent security challenges they face, and how can they simplify cloud security at scale to better protect Gen AI workloads from emerging threats?

As organisations start scaling their Gen AI innovations, three key security priorities have emerged. And at AWS, we’ve begun tackling these to help our customers address them.

AWS has always placed a strong emphasis on resilience to ensure that our customers’ data and applications remain secure and available. For example, AWS completely re-imagined virtualisation infrastructure with the AWS Nitro System, the foundation for all of our modern EC2 instances. Nitro offloads networking and storage virtualisation from the main server to AWS-designed hardware delivering bare-metal performance, all while providing an unparalleled layer of security and isolation for customer workloads.

Second, as cloud operations scale, there is a growing need for solutions that strengthen their security posture without adding operational complexity or cost. They are seeking ways to enable their security teams to be more efficient and focus resources on higher-value work. AWS Security Hub, now in preview, streamlines security operations by providing customers with a unified view of their organisation’s security posture, making it easier to identify and remedy active threats and vulnerabilities. At re:Inforce, we also announced a preview of AWS Shield Network Security Director, which gives customers end-to-end visibility into their network topology and helps identify potential gaps or misconfigurations.

Third, as AI models move into production, businesses are seeking the confidence that their security foundations can keep pace with innovation. At AWS, we continue to lead on security innovations that our customers need. For example, we extended Amazon GuardDuty’s Extended Threat Detection coverage to monitor Amazon Elastic Kubernetes Services containers for advanced threats. We enhanced Amazon Inspector Code Security to make it easier for developers to identify and fix vulnerabilities early in the build process.

Together, these innovations allow us to better support customers across APAC, giving them the tools and visibility to scale securely and confidently as they grow their Gen AI capabilities.

How are different industries in APAC - like financial services and digital-native services -approaching the security challenges of Gen AI?

In financial services, the focus is on trust and data protection. These organisations operate in a highly regulated environment and must ensure that their systems and customer data remain secure as they modernise and scale. For example, we worked closely with Singlife, a leading financial services company in Singapore, to securely migrate its entire business to the cloud over 18 months, with zero downtime and zero security incidents. We also helped them to establish more than 150 security checks and managed guardrails to safeguard sensitive financial data and maintain full regulatory compliance.

Meanwhile, digital-native services are prioritising speed and scalability while ensuring security is embedded from the start. A good example is Grab, a superapp in ASEAN, who has been on their Gen AI journey with AWS since 2023. To ensure customer trust and uphold strong security standards, Grab implemented Amazon Bedrock Guardrails, which implements essential safeguards across model, prompt and application levels, to streamline and standardise protections for its Gen AI applications. As of May 2025, the company is using these guardrails across all their critical production systems. VNS