In Asia-Pacific, CISOs are navigating a pivotal shift as organisations operationalise AI across complex hybrid and sovereign environments in 2026-2027. 

AI has evolved from an innovative layer into a source of profound operational and security complexity, where failures in autonomous systems now trigger systemic business risks rather than contained outages, amplified by geopolitical tensions, supply-chain interdependencies, and regulatory volatility.

Ultimately, building digital resilience at scale demands robust governance, continuous monitoring, and sovereign-compliant architectures that safeguard trust, uptime, and compliance—enabling sustainable AI-driven growth without exposing enterprises to unacceptable risk. 

In this PodChats for FutureCISO, John Morgam, SVP & GM of Splunk Security, reveals how machine data and agentic AI help CISOs operationalise real-time observability, bridge talent gaps, and embed sovereign-compliant resilience. From Singapore to Sydney, discover strategies for secure, scalable AI growth through 2027.

John, welcome to PodChats for FutureCISO.

Here are 10 key questions for CISOs in Asia in 2026, sequenced to align with the narrative flow:

1.       Why has AI transitioned from a supplementary technology to a core driver of operational and security complexity across Asian enterprises? 

2.       How are AI-related failures increasingly manifesting as systemic business risks rather than isolated technical incidents? 

3.       What machine data strategies have organisations in Asia implemented to create a definitive, auditable record of system, user, and autonomous agent behaviour across hybrid environments? 

4.       Telemetry. How are organisations in Asia embedding real-time observability into security architectures to detect anomalies before AI-driven failures cascade across interconnected systems? 

a.       SIEMs and SOARs have been with us even before AI. What’s different today?

5.       Given the regional investment in security talent consolidation, what expertise gaps remain in organisations’ ability to govern where AI and operational decisions converge? 

6.       How does the convergence of automation, human judgement, and unified data enable agentic AI to transform security operations capabilities? 

7.       In what specific ways can agentic AI accelerate detection, deepen investigations, and support controlled, proportionate responses to incidents? 

8.       What practical strategies allow organisations to operationalise AI at enterprise scale across hybrid infrastructures while sustaining resilience? 

9.       How are regional CISOs adapting to sovereignty requirements across Asia—from Singapore’s MAS guidelines to Australia’s data locality rules—while maintaining unified security visibility? 

10.   How can trust, uptime, and regulatory compliance be maintained as AI adoption accelerates in sovereign, multi-cloud Asia-Pacific contexts?

11.   What should CIOs and CISOs bear in mind as Agentic AI makes its way in the SOC?