Southeast Asia’s March 2026 funding surge is less a sudden spike than a signal of structural maturity in the region’s tech ecosystem. The sharp rebound from February’s dip reflects how capital cycles, rather than sentiment alone, increasingly shape investment flows.

What stands out is not just the US$378M raised, but the composition of that capital. Repeat funding rounds for companies like Carsome and growing interest in B2B SaaS players such as Amity Solutions suggest investors are prioritising scalability and proven business models over speculative bets. This marks a shift from earlier growth-at-all-costs strategies toward more disciplined deployment.

At the same time, the diversity of active investors (from state-backed entities like EDBI to private capital and regional VCs) highlights a deepening capital pool. This reduces dependence on any single funding source and strengthens ecosystem resilience.

However, the optimism should be tempered. Rapid funding increases often precede recalibrations, especially in markets grappling with regulatory complexity and talent shortages. The real test lies in whether startups can convert capital into sustainable growth.

Ultimately, March’s numbers reinforce Southeast Asia’s position as an emerging innovation hub, but one transitioning from exuberance to execution.

REGIONAL

SEA tech funding surges 322% to US$378M in March 2026: After a bruising funding winter, investor confidence roared back across 23 rounds driven by Carsome, Amity Solutions, and active VCs including Vertex Ventures, EDBI, Asia Partners, and Kairous Capital.

Indonesia FMCG e-commerce hits record IDR40T in Q1 2026: Food and Beverage surged 88% year-on-year, fuelled by Ramadan and Eid al-Fitr spending, while ShopTokopedia posted the strongest platform growth across nearly all categories, and Lazada shed between 49% and 66%.

eFishery fraud chills SEA agritech investment pipeline: Investor Aqua-Spark says eFishery’s systematic inflation of performance data has shut off mainstream capital flows into aquaculture, a sector urgently needing institutional funding ahead of a global protein crisis by 2050.

Central Asia opens Malaysia tech hub to enter SEA markets: IT Park Uzbekistan, Kazakhstan’s Astana Hub, and VC firm Big Sky Capital signed a tripartite MOU to give B2B SaaS and AI startups a structured soft landing into Malaysia and Singapore, with commercialisation — not just pilots — as the stated priority.

SEA SMEs are already using AI daily, but gaps remain: Only 4.2% of Singapore SMEs had adopted AI in 2023 versus 44% of large firms, yet over 75% of APAC SMEs are already using AI-enabled digital tools, pointing to a wide gap between passive use and meaningful, scalable adoption.

Indonesia’s AI shopping adoption hits 82%, but trust lags: A YouGov-Visa study found 82% of Indonesian consumers use AI for product searches and price comparisons, yet only 32% are open to completing purchases through AI, citing data security and hidden fee concerns as the main barriers.

---

INTERVIEWS & FEATURES

Cooley’s David He: eFishery “poured cold water” on the ecosystem: He tells e27 that the collapse exposed a simple governance failure; investors relied on management-reported accounts rather than audited ones. However, the reputational damage is disproportionate given the many credible founders still operating across the region.

Hatch’s founder: Inclusion is expensive, slow, and worth it: The founder of workforce development firm Hatch argues that Southeast Asia’s skills gap is an infrastructure problem, not a talent problem, and that true inclusion demands time, flexibility, and long-term presence, not just a placement metric.

The fundable founder trap: Why “investor-ready” can kill you: A B2B SaaS founder who met every conventional standard still shut down when investor appetite shifted upstream while he was still preparing his pitch, illustrating why a layered capital stack matters more than a polished data room.

The VC hunger games: How investors fight for unicorns: From Benchmark’s high-stakes bet on Uber to Accel’s relationship-first win at Facebook, the tactics VCs use to secure deals — overbidding, influence-building, and timing plays — reveal that chasing valuations, as WeWork showed, often ends badly.

Sustainability tech founder: Ambition without humanity is a dead end: After an AI lifecycle assessment startup imploded due to broken trust and misaligned egos, the founder rebuilt a green-economy platform by prioritising empathy, psychological safety, and “No-Meeting Wednesdays”over technical firepower.

---

INTERNATIONAL

Crypto market hits US$2.36T on regulatory clarity and ETH supply move: The joint SEC-CFTC digital commodities framework classifying BTC, ETH, and SOL fuelled a 2.06% rally, while the Ethereum Foundation’s decision to stake US$93M worth of ETH tightened liquid supply, though elevated leverage and the April 16 CLARITY Act roundtable remain key risk flashpoints.

Bitcoin retreats to US$68,765 as Iran deadline looms over markets: After briefly reclaiming US$70,000 on short liquidations totalling US$145M, Bitcoin pulled back as Strait of Hormuz tensions pushed Brent crude to US$110 per barrel, with the Fear and Greed Index sitting at 26 and US equity markets posting four consecutive sessions of gains despite the volatility.

OpenAI calls for Musk investigation over for-profit restructuring block: OpenAI urged California and Delaware attorneys general to probe Musk’s anticompetitive efforts to block its shift to a for-profit structure, with a trial against Musk, OpenAI, and Microsoft imminent and damages claims reaching US$134B.

OpenAI alumni launch US$100M VC fund targeting early-stage AI: Zero Shot has hit a first close of US$20M and already backed Worktrace AI and Foundry Robotics, with founding partners Evan Morikawa, Andrew Mayne, and Shawn Jain drawing on their engineering and research roots at OpenAI.

OpenAI Korea partners with Shinsegae on AI commerce rollout: The MOU will see AI shopping agents deployed first at E-Mart, allowing users to search, build purchase lists, and complete payment and delivery through conversational AI, with OpenAI also supporting productivity tools across the broader Shinsegae Group.

India’s gig worker drought disrupts quick commerce delivery: Seasonal migration for harvest and elections has left daily active gig workers 10–12% below early-2026 levels in Delhi-NCR, Bengaluru, and Mumbai, forcing platforms to cap instant delivery, raise bonuses, and brace for a potential 25% surge in demand ahead.

South Korea orders five-minute crypto ledger checks after Bithumb error: Following a major reconciliation failure, South Korea’s Financial Services Commission mandated all exchanges verify internal ledgers against actual crypto holdings every five minutes by end-May, with daily public disclosure and monthly accounting firm audits also required.

---

CYBERSECURITY

China targets Taiwan’s chip talent through covert recruitment networks: Taiwan’s National Security Bureau warns China is using indirect channels and shell entities to poach semiconductor and AI engineers, while Taiwan’s Government Service Network faced more than 170 million intrusion attempts in Q1 alone, with deepfake election interference also flagged.

Taiwan investigates 11 Chinese firms for illegal chip worker poaching: Authorities raided 49 sites and questioned 90 people after firms hid mainland ties and operated in Taiwan without approval, part of a crackdown handling 100 cases since 2020, even as 77.7% of Taiwanese chip companies now report hiring difficulties.

Ambiguous AI policy is a security risk, not just a governance gap: When AI models act as policy executors, unclear rules create inconsistent enforcement that attackers can probe for weak edges, erode user trust, and blind internal security teams — demanding machine-operational definitions that are decisionable, testable, and auditable.

Corporate mental health strategies are failing; AI can help fix that: Singapore’s employee engagement sits at just 59%, yet only 36% of local employers are comfortable discussing mental health at work; AI-powered platforms can detect early distress signals through anonymised sentiment analysis and personalise support pathways, reducing stigma and scaling clinical care responsibly.

---

SEMICONDUCTOR

Samsung forecasts Q1 profit of US$37.8B on AI chip demand surge: Revenue is projected to rise 68% to US$87.8B, with the chip division alone contributing an estimated US$35.6B in operating profit as customers stockpiled inventory ahead of anticipated DRAM price increases of over 50% this quarter, far exceeding LSEG’s SmartEstimate of US$26.8B.

Nvidia’s SchedMD buy raises vendor-neutrality fears for Slurm software: Slurm, which runs approximately 60% of supercomputers worldwide, is now under Nvidia ownership, prompting concern from AI and HPC specialists that the chipmaker could favour its own hardware over rivals like AMD, despite pledges to keep Slurm open source and vendor-neutral.

---

AI

The AI wave is real, but it won’t lift everyone equally: With Jensen Huang projecting US$1T in AI infrastructure spending through 2027 and a gigawatt data centre costing US$40B before a single chip is installed, the application layer — not the infrastructure layer — is where SEA founders can still compete, provided the on-ramp gap for SMEs is closed through operator-first tools and local capability-building.

AI didn’t invent bias; it inherited and amplified it: From Google’s gender-skewed hiring tool to IBM Watson’s flawed oncology recommendations, biased training data scales institutional inequality at machine speed, making human critical oversight — not just algorithmic audits — a non-negotiable check on AI deployment.

The hidden dangers of AI bias and what startups are doing about it: A 2025 study found AI-generated summaries influenced 84% of purchase decisions even when containing hallucinated facts in up to 60% of cases; startups like Pymetrics, Truera, Zest AI, and H2O.ai are building fairness frameworks, explainability tools, and bias-audited credit models to counter these risks.

AI moves from workplace safety experiment to mandatory infrastructure: Singapore’s Ministry of Manpower already mandates video surveillance on construction sites valued at SG$5M or more, and with Vietnam passing SEA’s first comprehensive AI law in December 2025, regulators across the region are shifting from voluntary guidelines to enforceable AI oversight frameworks.

Agentic AI is the next frontier for SEA’s small businesses: Beyond automating invoices and social media captions, the emerging shift is toward autonomous systems that connect point-of-sale alerts, supplier orders, loyalty updates, and manager reports into a single continuous workflow — moving AI from a helper to a genuine operational partner for lean SME teams.

---

THOUGHT LEADERSHIP

Solar grids in Sierra Leone, innovation hubs in SEA: A shared climate vision: The founder of Green Sphere Power Company argues that Africa and Asia share both the urgency of energy access and the tools to solve it, envisioning solar startups in Sierra Leone learning from Singapore’s green tech ecosystem and Nairobi engineers collaborating with Bangkok’s AI innovators.

AI policy enforcement without clarity is governance at scale, done wrong: Organisations deploying AI as a policy executor, flagging transactions, removing content, throttling accounts, must match automation speed with governance maturity, because ambiguous policy doesn’t stay unclear under automation; it becomes inconsistent enforcement that attackers exploit and users distrust.

The fundable founder trap: Build a capital stack, not just a pitch: Indonesian B2B startup Stoqo had real traction and still shut down in 2020 because it could not bridge to the next round; the lesson is that founders must layer grants, venture debt, revenue-based instruments, and equity rather than betting on a single source of capital arriving on schedule.

Human-centric technology isn’t built with code; it’s built with culture: A product marketer turned sustainability tech founder argues that after watching an AI lifecycle assessment startup implode from broken trust, companies that design around human needs first — using AI to amplify judgment rather than automate it –will outlast those chasing “hi-tech, low-touch” shortcuts.

Inclusion is a long game and most institutions aren’t built for it: Hatch’s seven-year journey placing overlooked workers (youth, people with disabilities, caregivers) reveals that real workforce inclusion costs far more than a placement metric captures: it demands patience, flexible pathways, and the willingness to redesign the route when the first one doesn’t fit.

AI inherited society’s biases and human oversight is the only real fix: Drawing parallels from convict leasing laws to Google’s gender-biased hiring algorithm, an Accelerating Asia Ventures partner argues that bias embedded in training data is not a model quality problem but a systemic one, requiring diverse data curation, algorithmic auditing, and human review at every stage.

The AI wave is reshaping who can build — but the on-ramp is still broken: While Jensen Huang’s US$1T infrastructure forecast and Karpathy’s codeless workflow signal a profound shift in who can create products, only 5% of SEA SMEs that claim AI adoption use it meaningfully, underscoring that access to tools and the ability to deploy them at scale remain two very different things.

Crypto’s 2.06% rally reflects policy maturity, not speculative impulse: The market’s 55% correlation with gold signals growing perception as an inflation hedge, while the CLARITY Act’s progress through Congress and the April 16 SEC roundtable will determine whether regulatory clarity translates into sustained institutional flows or triggers a retreat to the US$2.33T support level.

VC hunger games: Relationships and timing beat the highest bid: Accel’s US$12.7M bet on Facebook, won through mentorship and a hands-off approach rather than the largest cheque, returned billions at IPO, while WeWork’s US$47B valuation collapse showed what FOMO-driven investing without governance scrutiny ultimately costs.

The post Ecosystem Roundup: Boom or turning point? appeared first on e27.

When Singtel’s network went dark for eight hours on March 16, the ripple effects were immediate and far-reaching. Emergency services faltered. Digital payments stalled. Thousands of gig workers lost an entire day’s income. For a city-state that has staked its economic future on digital leadership, the outage was more than an inconvenience: it was a stress test the infrastructure did not entirely pass.

The incident arrives at a pivotal moment. Southeast Asian (SEA) telcos are bracing for mobile data consumption to surge to 40GB per user by 2030, driven in large part by the accelerating deployment of AI across every sector of the economy. At the heart of this transformation is a concept gaining urgent traction in boardrooms and policy circles alike: Sovereign AI — the principle that nations must own, operate, and govern the AI infrastructure that underpins their critical systems, rather than cede that control to foreign platforms or distant cloud providers.

For Singapore, Sovereign AI is not merely a geopolitical aspiration. It is an infrastructural imperative. As AI workloads demand always-on compute, low-latency data processing and ironclad network reliability, the question is whether the telco sector — the backbone of the digital economy — is architected for what comes next.

Mayank Srivastava, chief executive of BDx Data Centres, argues the Singtel outage carries a lesson that extends well beyond fault attribution. “As economies digitise, dependencies concentrate across networks, data centres, and cross-border links,” he said in an email interview with e27.

Also Read: Singtel launches US$250M AI fund to turn its telco empire into an AI deployment platform

The following is an edited excerpt of the conversation.

Can you explain what Sovereign AI means in practice, and why you believe Singapore and SEA risks “data colonisation” if it doesn’t act now?

In practical terms, Sovereign AI is about ensuring that value creation happens locally. In the AI economy, the data centre is the factory housing large‑scale GPU clusters. It is where data is processed, models are trained, and decisions are generated. Sovereign AI means that data, compute, and governance frameworks are aligned within national or regional jurisdictions, under local laws and accountability.

This is not about isolation or exclusion. It is about economic participation. Historically, economies that exported raw materials but imported finished goods captured less long‑term value. In the digital economy, data is the raw material. If it is consistently processed elsewhere, the economic and strategic value associated with it accumulates outside the region.

The implication is not just revenue, it is agency. Critical systems in healthcare, finance, and public services increasingly rely on AI‑driven decision layers. Ensuring that these systems are supported by trusted, locally governed infrastructure strengthens transparency, resilience, and public trust. When we use the term “data colonisation,” we are referring to this economic value‑capture dynamic, not a political concept.

Singapore is well positioned to lead in this area. Recent IMDA initiatives around trusted infrastructure, AI governance, and high‑efficiency data centres reflect a thoughtful, forward‑looking approach. By supporting secure, energy‑efficient AI infrastructure within its regulatory framework, Singapore can anchor value creation locally while remaining globally connected—benefiting enterprises, startups, and the broader digital economy.

With SEA telcos projecting 40GB of data per user by 2030, what does that demand curve actually mean for the physical infrastructure required to support it?

The headline number has indeed shifted. With 5G-Advanced, V2X, and persistent machine-to-machine traffic, SEA’s mobile data usage is now projected at around 38-40GB per user by 2030 per Ericsson and GSMA baselines, though aggressive AI/IoT scenarios could push toward 60GB+ in high-growth markets. But the real infrastructure implication isn’t just volume. It is the shape of the demand curve.

Also Read: Echelon Philippines 2025 – Building at telco-scale: How startups can leverage Globe’s ecosystem for fast-track market entry

What matters is the nature of the data. More ultra‑high‑definition video, far more real‑time AI inference, and continuous IoT traffic fundamentally change infrastructure requirements. These are latency‑sensitive, always‑on workloads that stress power delivery, cooling, and network resilience in ways traditional mobile traffic never did.

Around 40GB per user is not a gentle increase; it is a vertical climb when translated into physics. Five years ago, a typical rack ran at 5kW. Today, NVIDIA DGX GB200-scale AI racks reach 120-200kW in production (scaling to 700-800kW in dense clusters). By 2030, 1-2MW per rack is realistic as power density becomes the limit.

Supporting 2MW racks requires an order‑of‑magnitude shift in cooling, including direct‑to‑chip and liquid‑immersion systems, along with redesigned power trains and grid interfaces. As highlighted in BDx discussions on AI‑first facilities, this represents 10× cooling retrofits compared to conventional designs.

Regionally, this demand cannot be met by any single market alone. It points to the need for coordinated capacity development across Singapore, Indonesia, Malaysia, Thailand, and Vietnam. Given the long lead times involved in power provisioning and construction, infrastructure planning must move well ahead of demand rather than react to it.

Do you think telcos should stop worrying about power density and refocus on services that drive growth? What is the danger of telcos continuing to build and operate their own data infrastructure rather than partnering with specialist providers like BDx?

Telcos face a genuine strategic balancing act. Modern data centres have evolved into highly specialised environments requiring deep expertise in power engineering, thermal management, and increasingly AI‑optimised design. These capabilities sit alongside—but are distinct from—core telecommunications operations.

The question is less about capability and more about focus. As networks evolve and services become more sophisticated, tying up capital and leadership attention in highly specialised infrastructure can limit flexibility elsewhere.

Also Read: A new dawn in the post-2G era: How cloud technology can propel the telco industry to new heights

Partnership models offer an alternative. By working with specialist providers, telcos can access AI‑ready, future‑proof infrastructure while concentrating their investment and innovation efforts on network quality, platforms, and customer‑facing services. This separation of roles also lowers friction for startups and enterprises, who benefit when telcos focus on service innovation while infrastructure specialists focus on scale, efficiency, and resilience.

It is a collaborative approach that allows each participant to operate where they add the most value.

How should we think about the ROI of reliability? When a telco goes down, the costs are obvious, but what is the business case for investing heavily in resilience before a crisis happens, especially when margins are already under pressure?

Reliability investments are challenging to justify because their value is most visible in what does not happen—outages avoided, customers retained, regulatory scrutiny prevented. Traditional ROI models struggle to capture this.

A useful analogy is healthcare. There is an accepted baseline of reliability below which systems simply cannot operate. In a digital economy, communications infrastructure increasingly occupies that same category. As AI supports real‑time finance, healthcare, and public services, reliability becomes a prerequisite rather than a differentiator.

In that context, resilience is not defensive spending. It is a condition for participating in higher‑value use cases. Operators that can demonstrate consistent, measurable reliability operate in a different commercial and regulatory conversation than those competing solely on cost.

As Southeast Asian telcos consolidate to boost valuation, there is a tension between leaning out operationally and building the robust backbone an AI-native economy needs. How do telcos resolve that contradiction?

Consolidation can create scale, but scale alone does not solve architectural complexity. The opportunity lies in being precise about what to optimise internally and what to access through partnerships.

Also Read: Founders’ playbook for resilience in 2026: Building in atoms in a fractured world

AI is going to be a utility, like electricity or the internet. The backbone required for an AI‑native economy is layered. It includes networks, specialist infrastructure, cloud platforms, and regulatory frameworks working together. No single balance sheet needs to own every layer.

By treating infrastructure as something to access strategically rather than own entirely, telcos can redirect capital toward network quality and differentiated services while still supporting the depth and resilience AI workloads require.

If you were advising Singapore’s policymakers today, what are the two or three most urgent infrastructure decisions they need to make in the next 12 to 24 months to ensure the country is genuinely ready for an AI-driven future?

First, aligning power policy with AI timelines.

AI infrastructure investments move faster than traditional approval cycles. While Singapore’s regulatory rigour is a strength, there is scope for clearer, faster pathways for high‑efficiency, AI‑optimised capacity with defined sustainability standards. As AI adoption accelerates, the next 12 to 24 months become disproportionately important for setting these frameworks.

Second, strengthening trusted compute for critical sectors.

As AI becomes integral to finance, healthcare, and public services, ensuring that these workloads are supported by resilient, trusted infrastructure is essential. Periodic stress‑testing of dependencies and encouraging meaningful infrastructure diversity can further strengthen confidence.

Third, keeping regulations practical and enabling.

Singapore has a strong track record of using regulation to unlock innovation rather than constrain it—across sectors such as aviation, fintech, and border security. Changi Airport’s use of facial recognition is a clear example of regulation providing the clarity and confidence needed for large‑scale adoption.

Also Read: A new dawn in the post-2G era: How cloud technology can propel the telco industry to new heights

AI infrastructure requires the same seamless approach: clear rules, aligned incentives, and strong governance, implemented in a way that matches the pace and capital intensity of the technology. When regulatory frameworks are predictable and outcomes‑based, they enable infrastructure providers to take the long‑term investment risks required to keep Singapore—and the region—at the forefront of global AI development.

This balance between oversight and enablement is one of Singapore’s defining strengths, and applying it thoughtfully to AI infrastructure will be key to sustaining leadership as the ecosystem continues to evolve.

—

Image Credit: Taylor Vick on Unsplash

The post When the backbone breaks: Can Singapore’s telcos power a Sovereign AI future? appeared first on e27.

As Southeast Asia navigates a new era of global trade marked by shifting tariffs and geopolitical pressures, many businesses are rethinking their supply chains. But while much of the attention focuses on rerouting shipments or finding new trade partners, there’s another, often invisible layer that needs equal scrutiny: data.

For e-commerce businesses across the region, especially small and medium-sized enterprises (SMES), data has become just as critical as the goods themselves. Every customer order involves a trail of personal information: names, emails, addresses, payment details, and browsing behaviours. And just like your physical inventory, this data flows through a complex web of systems and partners.

In an age where data breaches can disrupt operations, damage reputations, and trigger regulatory scrutiny, SMEs in Southeast Asia must rethink their approach. It’s time to treat data as a strategic asset within the supply chain.

How did data become part of the supply chain?

Traditionally, supply chains moved goods. Now, they also move data, especially in e-commerce, where orders are digital, fulfilment is multi-system, and customer touchpoints span multiple platforms.

It starts with a customer creating an account and ends with delivery (and sometimes returns), but in between, that data flows through:

• Your website and checkout forms
• Order management and warehouse systems
• Third-party logistic partners and courier services
• Payment processors and fraud detection tools
• CRM, email marketing, and support platforms

At each handoff, there’s a risk. A weak link in your vendor ecosystem could become the entry point for attackers or trigger compliance penalties.

Also Read: Building resilience against cyber attacks in ASEAN through data

Why Southeast Asia’s SMEs are at higher risk

Southeast Asia is experiencing rapid e-commerce growth, driven by mobile-first consumers, rising digital adoption, and an increasingly tech-savvy population. But SMEs face unique challenges:

• Lean teams with limited cybersecurity expertise
• Dependence on third-party services without full visibility into security practices
• Inconsistent data protection regulations across the region
• Growing exposure to cross-border customers and compliance obligations (e.g., GDPR, PDPA)

In this climate, SMEs become attractive targets: they hold valuable data, yet often lack enterprise-grade defenses.

Where the breaches happen

Here are the common weak spots in e-commerce supply chains:

• Unsecured web forms: Personal data submitted via non-encrypted connections
• Outdated plugins and platforms: Easy entry points for attackers
• Open access in cloud storage: S3 buckets or Google Drives set to public
• Courier handoffs: Emailing spreadsheets with full customer details
• Weak access control: Everyone from interns to vendors having admin rights
• Missing contracts: No Data Processing Agreements (DPAs) with partners

The result? A bigger attack surface and a greater chance of incidents—not only cyberattacks but accidental leaks and regulatory missteps.

Consequences: Beyond compliance

Data breaches hurt more than just your security posture. They come with steep costs:

• Regulatory fines (PDPA, GDPR, etc.)
• Investigation and legal fees
• Lost trust and customer churn

In a region where consumer trust is hard-won and word-of-mouth drives growth, a single breach can knock your brand out of the running.

Also Read: How a data-driven approach can optimise decarbonisation in the built environment

Ten practical steps for SMEs

Fortunately, protecting your data doesn’t require a massive budget. Start here:

• Strong passwords + MFA: Require complex passwords and enable multi-factor authentication.
• Employee training: Teach your team how to avoid phishing and handle data responsibly.
• Encrypt everything: Secure data in transit (HTTPS, TLS) and at rest.
• Limit access: Give employees and partners only what they need—nothing more.
• Map your data: Know what you collect, where it’s stored, and who has access.
• Keep software patched: Don’t leave doors open through outdated systems.
• Vet your vendors: Ask about their security measures and insist on DPA clauses.
• Have a breach plan: Know how to respond if something goes wrong.
• Use open-source tools: Leverage cost-effective solutions for monitoring and scanning.
• Avoid data hoarding: Don’t keep data you don’t need. Delete securely.

Build supply chains with privacy in mind

Just as trade routes are being recalibrated in response to tariffs and trade tensions, your digital supply chain needs strategic redesign too. Start building systems that respect data from the ground up:

• Collect less
• Secure more
• Automate safely
• Limit access by role

This approach aligns with “privacy by design” and positions your business to handle future regulations, audits, and customer scrutiny.

Final word: Data is your trade advantage

As Southeast Asia adapts to new global trade realities, digital resilience becomes part of economic resilience. E-commerce SMEs that protect customer data won’t just avoid fines—they’ll build brands that last.

Trust is currency. In uncertain times, protecting that trust is how you future-proof your business.

—

Editor’s note: e27 aims to foster thought leadership by publishing views from the community. Share your opinion by submitting an article, video, podcast, or infographic.

Join us on Instagram, Facebook, X, and LinkedIn to stay connected.

We’re building the most useful WA community for founders and enablers. Join here and be part of it.

Image credit: Canva Pro

The post Your supply chain isn’t just boxes. It’s personal data too appeared first on e27.

The enterprise AI story has moved well beyond chatbots and novelty pilots. In large companies, AI agents are now being connected to finance systems, customer databases, internal knowledge bases, payment rails, cloud consoles and software development pipelines. That shift is why “The AI Agent Governance Gap” report by US-based API management company Gravitee lands with the force of a fire alarm, not a polite policy memo.

The report cites findings from Cybersecurity Insiders showing that 71 per cent of large enterprises have already deployed AI agents with direct access to core business systems, yet only 16 per cent effectively govern that access. In other words, the corporate world has handed the keys to the machine before installing the locks.

Also Read: AI agents could become the new OTAs: What it means for Agoda and the future of travel

That framing matters enormously in Southeast Asia, where enterprises are modernising fast but often unevenly. The region’s banks, telcos, insurers, logistics giants, government-linked companies and fast-scaling tech firms are running a dense mix of legacy systems, cloud services, outsourced IT operations, and regional data flows. Add AI agents into that patchwork, and the attack surface does not merely expand. It becomes harder to even describe.

The problem is not adoption. It is architecture

Gravitee’s core argument is that the governance gap is architectural, not procedural. AI agents do not behave like human employees, and they do not fit neatly into identity and access models designed for human beings signing in from laptops. Agents operate at machine speed, can chain actions across multiple systems, inherit permissions quietly and create activity logs that are difficult for security teams to interpret in real time.

The numbers in the report are stark. It says 92 per cent of organisations lack full visibility into their AI identities, while 95 per cent doubt they could detect or contain misuse if it occurred. Nearly half of surveyed CISOs (47 per cent) say they have already seen AI agents exhibit unintended or unauthorised behaviour. That is not a theoretical risk. That is production risk wearing a name badge.

For Southeast Asia, the implications are especially sharp because many businesses operate across multiple jurisdictions with different compliance expectations. A Singapore-headquartered company may have engineering in Vietnam, a customer service operation in the Philippines, merchant relationships in Indonesia and cloud workloads spread across several regions. One poorly scoped AI agent plugged into a CRM, data warehouse, and payment workflow can turn into a compliance and security headache across borders in a matter of seconds.

Regional digitisation has created fertile ground for agent sprawl

There is a reason the region is vulnerable to this problem. Southeast Asia’s digital economy has been built on speed, interoperability and relentless integration. Super apps connect payments, food delivery, transport and lending. E-commerce platforms rely on real-time logistics and fraud tools. Banks are exposing more services through APIs.

Manufacturers are digitising procurement, forecasting and maintenance. Every one of those changes creates more structured workflows for an AI agent to enter.

And once agents arrive, they rarely stay in one lane. A sales operations agent may begin by summarising pipeline data, then request permission to update records, trigger marketing actions, and request access to billing information to answer customer queries. Over time, what began as a productivity tool becomes a semi-autonomous operator within the business.

This is where the report’s warning becomes uncomfortable. Most organisations still govern access as if the main risk is a human clicking the wrong button. But the bigger danger increasingly comes from a non-human identity making a thousand correct calls, in the wrong sequence, at the wrong scale, with the wrong level of access.

Also Read: AI agents are outpacing security: The crisis hiding in plain sight

That problem is not abstract in Southeast Asia. Regional companies often rely on managed service providers, third-party integrators and offshore development teams to stitch systems together. Credentials are shared. Service accounts linger. Documentation ages badly. In that environment, AI agents do not arrive in a pristine architecture. They arrive in a house whose wiring is already creative.

Why visibility is collapsing

The report argues that the first casualty of agentic AI is visibility. Traditional dashboards can tell security teams that an API was called or a database was queried. They are far less effective at expressing why an agent took a particular action, what chain of prompts or tool calls produced it, and whether the access was proportionate to the task.

That matters because AI agents do not simply authenticate once and sit still. They discover tools, call APIs, retrieve documents, invoke external models and sometimes delegate subtasks to other services. Each of those steps creates a miniature trust decision. According to the report, most enterprises are not instrumented to observe that flow in any coherent way.

In Southeast Asia, this visibility gap intersects with another reality: many organisations are using AI to compensate for talent shortages. Teams want automation because they are under pressure to do more with fewer specialists. That business case is real. But it also increases the temptation to grant broad permissions quickly, especially when the alternative is slower manual work.

The result is a pattern security teams know all too well: access first, governance later. Except that later, when the workflow is live, the vendor is embedded,, and the business unit is already dependent on the outcome.

The hidden boardroom risk

There is also a strategic issue here that founders and boards should not ignore. Many executives still view AI risk through the lens of model accuracy, bias or data leakage. Those issues matter, but agent governance is different. It is an operational power risk. It is the risk that software can now do things in enterprise systems, not merely analyse or recommend.

That shifts the conversation from ethics decks to control planes. If an agent can touch ERP, procurement, payroll, code repositories or customer records, then the real question is no longer whether the model is clever. The real question is whether the organisation knows what the agent is allowed to do, when, under what policy and with what audit trail.

For Southeast Asian enterprises racing to prove they are AI-ready, this is where the story gets serious. The most immediate threat may not be a headline-grabbing model failure. It may be a quiet overreach: an agent with too much access, too little monitoring and too many connected systems.

The coming divide

The Gravitee report points towards a coming divide in enterprise AI. On one side will be organisations that treat agents as first-class operational actors requiring identity, authorisation, monitoring and lifecycle management. On the other hand, there arehand, there those who continue to treat agents as convenient add-ons to existing software.
The first group will move more slowly at the beginning and much faster later. The second group will look agile until something breaks.

Also Read: Agentic AI is powerful, but power isn’t product-market fit

In Southeast Asia, where growth markets often reward speed and execution, that distinction could become a competitive fault line. The winners will not simply be the companies with the most AI agents. They will be the ones who know exactly what those agents are doing, what they can touch and how quickly their access can be changed or revoked.

The age of AI agents in the enterprise has already begun. The age of controlling them has barely started. That, as the report makes clear, is the real story.

The post AI agents are already inside your systems, but who’s controlling them? appeared first on e27.

A rat at the end of the rat race is still a rat.

It is an intentionally uncomfortable line, but it captures something important about how we often talk about progress in the digital economy. Too often, the goal is framed as helping more women and marginalised communities enter the system, compete harder, and succeed within structures they did not shape. But participation alone is not equity. If the rules, incentives, and power dynamics remain unequal, then bringing more people into the race does not create fairness. It simply expands the pool of people expected to navigate the same system. That is why equity matters. Not because it helps more people run faster, but because it asks whether the race itself should be redesigned.

This matters especially in Southeast Asia, where the digital economy is growing quickly but not evenly. New platforms, AI tools, financial services, and digital business models are creating real opportunities across the region. But access, mobility, and outcomes are still shaped by gender, income, geography, language, education, and social norms. In this context, equity cannot be treated as a side conversation. It has to be built into how innovation is designed, funded, and scaled.

For a long time, conversations about women in tech have focused on visibility. How many women are in the room? How many are founding companies, writing code, raising capital, or taking on leadership roles? These remain important questions, but they are no longer enough. Representation matters, but it does not tell us whether the systems people are entering are fair, inclusive, or empowering by design.

Technology does not emerge in a vacuum. Every platform, funding process, AI model, and workplace culture reflects the assumptions of the people and institutions behind it. If those assumptions go unexamined, inequality does not disappear in a digital environment. It becomes embedded into it.

Also Read: Ethical implications of using AI in hiring

At a systems level, this becomes visible in four areas.

The first is access. Participation in the digital economy is still unevenly distributed. Access is not only about being connected to the internet or owning a device. It is also about whether people have the tools, literacy, trust, safety, and confidence to engage meaningfully. Many individuals may be technically online but still excluded from the real benefits of the digital economy because products are unaffordable, systems are difficult to navigate, or pathways into jobs, markets, and networks remain out of reach.

The second is capital allocation. Capital does more than fund innovation. It determines which ideas are taken seriously, which founders are seen as credible, and which markets are considered worth building for. These decisions are often shaped by pattern recognition and inherited assumptions about what a promising founder or business should look like. As a result, capital can reinforce familiarity rather than recognise overlooked value. This does not just create unequal funding outcomes. It also shapes the direction of innovation itself.

The third is product design. Even when people can access digital systems and businesses can secure funding, exclusion can still be built into the product itself. Design choices reflect whose experiences are considered normal and whose are treated as exceptions. This can be seen in AI systems trained on narrow datasets, financial tools that overlook informal work realities, or digital services that assume levels of language fluency or digital confidence that many users do not share. When products are not designed with a wider range of lived realities in mind, they do not simply fail to serve some users well. They reproduce exclusion at scale.

The fourth is workplace culture. An equitable digital economy cannot be built by organisations that remain unequal on the inside. Workplace culture shapes who gets hired, who gets heard, who is trusted with responsibility, and who is able to progress into leadership. Too often, inclusion is measured by representation at the entry level while deeper questions of sponsorship, decision-making power, and belonging remain unresolved. If people from underrepresented backgrounds are brought into the system but not supported to shape it, the broader structure does not meaningfully change.

Taken together, these are not separate issues. They are different layers of the same system. A more equitable digital economy will not come from visibility alone. It will come from redesigning the structures that determine participation, validation, experience, and power.

Also Read: A new era of automation: Establishing best practices for intelligent automation and generative AI

Even the language we use deserves scrutiny. There is a quiet contradiction in the word inclusion. It sounds generous, but it also reveals power. To include is to decide who was outside, who belongs, and on what terms. That is why inclusion, on its own, can be insufficient. The deeper goal is not to be admitted into systems built by others, but to reshape the system so belonging is not conditional.

There is a similar tension in the way we celebrate the extraordinary. We usually mean the exceptional, the rare, the remarkable. But taken apart, extraordinary also returns us to the ordinary, the everyday person whose life and labour hold society together. Equity matters because a fair system cannot be designed only for the exceptional few who manage to break through. It must also work for the ordinary person, who should not need to be extraordinary just to be seen, supported, and given a fair chance.

That means asking harder questions. Who gets included in pilot opportunities and industry networks? Who is represented in the datasets behind the tools we build? Who gets trusted with strategic roles or technical leadership? Who finds the application process intuitive, and who finds it alienating? Who remains invisible in the innovation ecosystem, not because they lack talent, but because the system was not designed to recognise them clearly?

These are not abstract concerns. They affect the quality of innovation itself. An ecosystem that excludes is not just unfair. It is less capable. It misses markets, overlooks pain points, narrows the range of solutions being built, and concentrates opportunity in ways that weaken resilience.

For those of us working in innovation ecosystems, this creates a shared responsibility. We are not only supporting what gets built. We are also shaping the conditions under which innovation happens. That includes who gets access to capital, platforms, partnerships, distribution, and legitimacy.

The goal, then, is not simply to help more people enter existing systems. It is to build better systems in the first place. Because the real measure of progress is not how many people we let into the race, but whether we are willing to redesign it.

Otherwise, we risk mistaking movement for change. A rat at the end of the rat race is still a rat. Equity matters because the ambition should never have been to help more people survive the same race. It should be to build a digital economy where dignity, opportunity, and leadership are not conditional on fitting into a system that was never designed for everyone to begin with.

—

Editor’s note: e27 aims to foster thought leadership by publishing views from the community. You can also share your perspective by submitting an article, video, podcast, or infographic.

The post Beyond inclusion: Why equity matters in the digital economy appeared first on e27.