Businesses failing to modernize cybersecurity in step with AI expansion, Fastly report reveals
Fastly’s Global Security Research Report revealed that fast moving AI adopters are now paying the paying the price for delaying cybersecurity modernization with longer recovery times, higher breach costs and expanding attack surfaces.
Findings from Fastly’s fourth annual Global Security Research Report revealed that AI-first businesses are hurtling towards a cybersecurity crisis by failing to modernize security in step with AI’s rapid expansion across IT infrastructure. Fastly defines these companies as those that are integrating AI into key processes and offerings from the outset rather than as a secondary.
According to the report, these businesses are taking nearly seven months on average to fully recover from cybersecurity incidents, 80 days longer than businesses that do not identify as AI-first. Given the economic scenario today, such a problem not only increases their cybersecurity incident financial impact but also exploits compromises the businesses in the long run.
Taking a look at statistics from Southeast Asia, 69% of the respondents reflected that AI (or the use of AI tools or models) was a contributing factor for the most recent cybersecurity incidents. As such, concerns on AI-native systems are expanding the potential attack surface, introducing new layers like agentic workflows, and decentralized data flows, all of which complicate defense.
Marshall Erwin, CISO at Fastly pointed out that the speed of AI adoption is reshaping security infrastructure almost overnight. He believes that for AI-first businesses, the priority isn’t to slow down innovation, it’s to modernize security at the same rate.
“That means securing AI and inference infrastructure, monitoring and throttling unwanted AI crawler activity, anticipating the rise of shadow AI and shoring up your outer perimeter,” he said.
Echoing his sentiments is Rachel Ler, AVP of Asia at Fastly. Ler pointed out that AI is no longer a single tool as it’s becoming an integral part of business operations. She said that this creates new challenges for security teams, from tracking its deployment to understanding its impact during incident recovery.
“Companies that establish clear AI governance today will gain a decisive advantage tomorrow.” At the same time, practices such as AI scraping are adding cost and complexity to already stretched infrastructure, driving operational disruption and pushing spend into six-figure territory.” Ler added.
Meanwhile, Erwin explained that there is a major shift happening in terms of what organizations are responsible for defending.
“The challenge is no longer confined to malicious actors and isolated security incidents. Instead, it's about managing an infrastructure footprint that is growing rapidly and, often, invisibly,” Erwin said.
Managing AI risks
With AI risks increasing in Southeast Asia among AI first organizations, Fastly believes that organizations need to invest in more security tools for this new era. While the report revealed that web application firewalls (72%), API discoverability & security solutions (66%), and agentic discoverability (64%) have emerged as the leading areas of investment, the response is far from complete.
The report showed that four in five (83%) respondents from Southeast Asian organizations are concerned about DDoS attacks targeting AI agents. More than half (61%) say they need additional AI-specific security expertise to effectively defend their systems, while 59% report increased pressure on existing teams to manage AI risks.
“From unmonitored agentic activity to escalating scraping costs, the risks are real, operationally and commercially. As a result, Web Application and API Protection (WAAP) tools are becoming business-critical solutions because they provide essential visibility and control organizations need to secure innovation at the edge,” added Erwin.