April 22, 2026

Malaysia is rushing into AI faster than anyone. Its governance gap is the price

TNG News April 22, 2026

  • Malaysia is deploying AI faster than it can secure it, and the numbers prove it.
  • The country most bullish on agentic AI is also the least prepared to catch what goes wrong.

The studies keep coming. McKinsey published one. Gartner flagged it. Stanford’s HAI Index mapped it globally. And now TrendAI, the enterprise AI security arm of Trend Micro, has added its own data to what is becoming a familiar pattern: AI adoption is accelerating, governance is not keeping pace, and the gap between the two is where real risk lives.

But within TrendAI’s latest global researchwhich surveyed 3,700 IT and business decision makers across 23 countries, Malaysia surfaces with a profile that warrants closer attention. The country ranks highest across all markets surveyed for pressure to approve risky AI implementations–75% of Malaysian IT decision makers reported feeling that pressure, nine points above the global average of 66%.

At the same time, Malaysian organisations detect only 33 to 34% of malicious AI behaviour, below the global average of 35 to 40%. Taken together, that combination is the real finding.

Malaysia is moving fastest into AI risk and catching the least of what goes wrong.

The AI governance gap Malaysia cannot afford to ignore

Part of that pressure traces to Malaysia’s national ambition. The AI Nation 2030 roadmap, the MY-AI Standards platform launched in March, the billions committed to data centre infrastructure–all of it signals urgency from the top down. When governments set transformation targets, the pressure cascades through every layer of enterprise decision-making.

Security concerns get overridden not out of ignorance, but because the directive to move fast comes from above. The governance infrastructure, however, has not kept pace with that urgency. Malaysia’s AI Governance Bill is not expected to reach Cabinet until mid-2026, and current guidelines remain voluntary and non-binding.

Flores was direct on what he thinks Malaysian enterprises should do with that information: “Organisations need to define their own policies. They need to define their own guidelines for their own use case. If everyone waits for government regulation, by the time the first draft arrives, problems are going to happen.”

That is a vendor telling Malaysian enterprises not to wait for the state. It is also probably the right advice.

Ambitious on agentic AI, blind to current threats

The data from TrendAI’s Malaysia-specific findings reveals another tension worth sitting with. Some 60% of Malaysian IT decision makers expect agentic AI to transform cyber defence–significantly above the global figure of 48%. Kill switch support is also higher here than the global average.

Malaysia, by every measure in this study, is the most bullish market on AI’s defensive potential.

Yet detection of malicious AI behaviour is below average. The optimism and the capability are pointed in opposite directions. When TWA raised this during the Q&A–the idea that Malaysia wants agentic AI to take on more defensive responsibility while current detection is already lagging, Flores argued that governance and technical implementation can run in parallel.

Organisations do not need to solve one before pursuing the other. His advice: match the use case to the current capability of the technology, build incrementally, and get executive buy-in on risk management at every stage.

That is sensible as a framework. But it assumes a level of internal alignment that the same research suggests most Malaysian organisations do not yet have. Only 14% of Malaysian business decision makers have had formal AI training, against 38% of IT decision makers–a 24-point gap that is far wider than the global equivalent.

On governance policy, IT leads business at 52% versus 29%. The people making deployment decisions and the people managing the risk are operating with fundamentally different levels of understanding.

The accountability question

Goh Chee Hoh, Managing Director of TrendAI Malaysia, framed the challenge in terms of competing priorities. Business decision makers treat AI as a business tool and assume security is handled. IT decision makers know it is not that simple. That misalignment, he argued, is structural and closing requires security to be elevated as a board-level priority, not left to technical teams alone.

He also offered some measured perspective on Malaysia’s position. Excluding Singapore, which hosts regional headquarters and operates under a different regulatory and enterprise environment, Malaysia compares reasonably well within Southeast Asia. Bank Negara’s frameworks and CyberSecurity Malaysia’s initiatives give the country a foundation that some regional peers lack.

“I think we are very competitive in terms of AI transformation,” Goh said. That may be true relative to the region. Whether it is true relative to the pace of the threat is a different question–and one this research leaves open.

What the pattern is actually telling us

The TrendAI study is not saying anything McKinsey, Deloitte, or Gartner have not said. Governance lags adoption. Business and IT are misaligned. Agentic AI is arriving before organisations are ready. These findings have been documented consistently since 2023, and the numbers have not moved much.

What Malaysia’s version of this story adds is specificity. The pressure here is higher than anywhere else in the study. The detection deficit is real. The regulatory safety net is still being written. And the appetite for more autonomous AI systems is stronger than the global average.

The question for Malaysian enterprises is not whether the AI governance gap exists–the evidence on that is clear. The question is who inside the organisation is going to own closing it, and whether they have the authority to do so before something forces the issue.

Flores, when asked how long it would take for Malaysian enterprises to truly grasp the threat landscape, pointed to use cases as the guide. Start where the risk tolerance is manageable–chatbot support, HR screening, alert correlation. Build governance around what you can see before expanding into what you cannot.

The advice is practical. Whether the pace of deployment across Malaysian enterprises allows for that kind of discipline is another matter entirely.

TrendAI commissioned Sapio Research to survey 3,700 IT and business decision makers across 23 countries globally. The Malaysia media briefing was held on April 16, 2026, in Kuala Lumpur.

TNG – Latest News & Reviews

More News

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft issues emergency update for macOS and Linux ASP.NET threat

TNG News April 22, 2026
Meta deploys tracking tool to train AI on employee workflows

Meta deploys tracking tool to train AI on employee workflows

TNG News April 22, 2026
The Ghost in the Machine: How AI is Crafting the Future of Gaming Worlds

The Ghost in the Machine: How AI is Crafting the Future of Gaming Worlds

TNG News April 22, 2026

You may have missed

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft issues emergency update for macOS and Linux ASP.NET threat

TNG News April 22, 2026
NBA games today: Playoff schedule, odds, predictions with Pistons, Thunder on deck

NBA games today: Playoff schedule, odds, predictions with Pistons, Thunder on deck

TNG News April 22, 2026
Ripple’s Tokenization Bet: Will XRP Price Explode As It Enters This Trillion-Dollar Industry?

Ripple’s Tokenization Bet: Will XRP Price Explode As It Enters This Trillion-Dollar Industry?

TNG News April 22, 2026
01.tech joins AffPapa iGaming Awards as Headline Sponsor

01.tech joins AffPapa iGaming Awards as Headline Sponsor

TNG News April 22, 2026
Malaysia is rushing into AI faster than anyone. Its governance gap is the price

Malaysia is rushing into AI faster than anyone. Its governance gap is the price

TNG News April 22, 2026