Keynote Speech by Mr Edward Chen, Deputy Chief Executive of CSA, at Palo Alto Networks Ignite on Tour Singapore 2025 on 11 March 2025

Cybersecurity in the Age of AI: Defending Singapore Together

1. First, congratulations to the amazing milestone of Palo Alto for reaching 20 years of age. As they say, when you turn 20, it is like a coming of age for both an individual and a company, especially in a cyberworld. I must say that it is quite amazing because this shows that the trajectory of our organisations is quite aligned as well, because next month the Cyber Security Agency of Singapore (CSA) is also celebrating our 10th Anniversary.

2. Good morning, Mr Simon Green, President of the Japan and Asia Pacific region for Palo Alto Networks, distinguished guests, ladies and gentlemen. I am Edward Chen, Deputy Chief Executive of the CSA.

Introduction

3. It is a pleasure to be here with you today at the “Ignite on Tour Singapore”, speaking to many colleagues in the government, friends in the private industry, and esteemed cyber professionals here.

4. About two years ago, I met Gal Nagli. He was a 25-year-old white hat, who had just discovered the first publicly known critical vulnerability in ChatGPT. When I asked him why he focused on ChatGPT, his answer was a very simple but profound one. To him, ChatGPT is the new Internet - one that would fundamentally transform how we create and consume information as a society.

5. But the story didn’t stop there. Just last month, he found another significant vulnerability but this time in DeepSeek – the AI developer that recently took the world by storm. The vulnerability stemmed from unsecured open ports in its database that could have allowed threat actors to gain unauthorised access deep into its system.

6. You see, this wasn’t some complex flaw hidden deep within an advanced AI model with billions and billions of parameters. Instead, it was a basic security misstep. The kind we often overlook in our rush to innovate.

7. These incidents highlight a fundamental truth: As AI reshapes the world, our approach to cybersecurity must evolve. To do so, we must rethink three key paradigms: Threat, Terrain, and Technology.

Threat: The Lowered Bar

8. First, on threat. The barrier to entry has significantly lowered, creating a more favourable environment for threat actors. While we have yet to see large-scale AI-powered autonomous cyberattacks in the wild, two troubling trends stand out in recent times: phishing and malware development.

9. Consider phishing. Last year, CSA observed that more than 10% of phishing emails in Singapore, contained AI-generated content. These aren’t the usual, poorly worded scams with glaring red flags. Instead, AI-generated phishing emails are often highly personalised, contextually relevant, and hard to distinguish from the legitimate ones.

10. This isn’t just about more phishing emails; it’s about better phishing emails – making them far more dangerous.

11. It doesn’t stop there. A report published in December last year by Palo Alto Unit 42 researchers demonstrated that Large Language Models could generate malware variants that evaded detection 88% of the time.

12. Let that sink in. Imagine the implications of malware that can effectively bypass traditional security measures nearly 9 out of 10 times.

Terrain: The Expanding Battlefield

13. Next, let’s talk about the expanding terrain. AI adoption is everywhere.

14. According to a 2024 McKinsey Global Survey, 72% of global organisations have leveraged AI into at least one business function—up from 55% the year before. This rapid adoption is creating a larger, more complex attack surface for all of us defenders here. Every AI-powered system, or device, is now a potential attack target.

15. And with AI comes new classes of cyberattacks. One example? Prompt injection attacks—where adversaries manipulate AI models with deceptive inputs, causing them to leak sensitive data or execute harmful commands. Researchers are racing to develop defenses like input sanitisation and adversarial training, but we are still in the early stages of understanding and comprehensively addressing these threats.

16. At the same time, we cannot ignore traditional attack vectors – misconfigurations, unpatched systems and weak credentials. These remain the easiest ways for attackers to break in. The DeepSeek vulnerabilities discovered by Gal Nagli illustrate this point. A cuttingedge AI system wasn’t compromised by an AI-specific attack, but by a simple security misconfiguration. This tells us two things: First, we must secure AI. Second, we must not forget the basics too.

Technology: AI as a Force Multiplier for Defense

17. So, how do we tilt the scales in favour of defenders like us?

18. Well, as mentioned just now, we must fight AI with AI. After all, you don’t bring a knife to a gunfight. If cybercriminals are adopting AI-driven tactics, we must do the same.

19. AI is already transforming malware analysis. According to VirusTotal, AI-driven detection can identify obfuscated malicious scripts with up to 70% greater accuracy than traditional methods. This sounds good, but if you compare this 70% to the 88% AI-enabled malware evasion rate mentioned earlier, we clearly still have some way to go.

20. Thankfully, AI isn’t just about improving detection—it is evolving into an active defender.

21. As they say, this year is the age of agentic AI. We are precisely entering this stage right now. AI systems in the age of agentic AI, can independently:

- Analyse threats

- Make real-time decisions, and

- Take defensive actions

22. While human oversight remains essential, AI-driven autonomous response systems will be game-changers.

23. We already see this in solutions like Palo Alto’s AI-enabled Prisma Access Browser, or PAB in short. Based on these statistics, PAB doesn’t just block threats—it proactively detects and neutralises them in realtime.

24. These innovations prove one thing: AI has immense potential to strengthen our cybersecurity posture.

Our Response so far

25. While we may not have all the answers, Singapore and the CSA are taking proactive and practical steps to address these challenges. Just allow me to share on three key ones – what I would call the three “lines” – Guidelines, Baseline and Frontline.

26. First, guidelines. We recognise that AI systems must be secure-bydesign and deployed in a secure-by-default manner. In October last year, CSA launched a set of guidelines on "Securing AI Systems" along with a companion guide that provides practical advice and recommendations to secure AI systems throughout its lifecycle. These resources will serve as useful references to help system owners implement security measures at every stage, from development to deployment and even maintenance.

27. As we continue to witness rapid evolution in AI systems, our guidelines must remain dynamic and responsive. We welcome feedback from cyber professionals like yourselves.

28. Next on baseline. As we rush to implement AI, we continue to contend with traditional cyber threat vectors.

29. This is one reason why CSA introduced the Cybersecurity Labelling Scheme, or CLS in short, for IoT devices. The key idea is to incentivise manufacturers of IoT devices such as home routers and IP cameras to develop more secure products. With over 30 billion IoT devices expected worldwide by 2030, raising the baseline security of these increasingly interconnected devices would help to significantly reduce our attack surfaces.

30. I am pleased to note that since its inception four years ago, CLS (IoT) has witnessed rapid adoption. To date, more than 850 device applications have been received under CLS, with over 650 devices already labelled – demonstrating a strong commitment from the manufacturers. Furthermore, Singapore has signed mutual recognition arrangements with Germany, Finland, and the Republic of Korea. These arrangements not only enhance global interoperability but also incentive manufacturers beyond Singapore to collectively raise the security baseline for us all.

31. Last but not least – the frontline. More specifically, the importance of training our frontline cyber defenders to be AI-ready. One example is the Critical Infrastructure Defence Exercise that was co-organised by CSA and the Digital and Intelligence Service for over 200 cyber defenders from 28 public and private agencies in Singapore last year. This is the largest hands-on keyboard exercise in Singapore. For the first time in a national-level exercise, we deployed a “live” cloud and AI testbed with simulated attacks such as prompt injection attacks and model poisoning. From this exercise, the participants were able to not only witness firsthand related AI attack vectors, but also practise the necessary detection, triage and remediation procedures for this cloud and AI systems in a very realistic environment.

Conclusion

32. Ultimately, Cybersecurity is a team sport. I think this is what Simon is very passionate about, and I resonate with him as well. No single entity can secure cyberspace alone. But together—governments, businesses, and individuals—we can turn AI into our greatest advantage, not our greatest vulnerability. Let’s not wait for the next crisis to act. The time is now. The duty is ours.

33. And together, we will defend Singapore in the AI age. Thank you.