AI-Driven Cybercrime in Asia: Warnings from the 2026 Nikkei Forum

"AI has democratised knowledge, with a very low barrier to entry. The bad actors have equal access as the good actors," noted a director-general from India's CERT-In at a similar forum, capturing a sentiment echoed at the Nikkei event .

The Deepfake Epidemic: From Novelty to Enterprise Risk

No threat loomed larger in the Tokyo discussions than deepfakes. What began as a novelty has matured into an operational risk embedded in everyday attack narratives . Experts at the forum highlighted a surge in deepfake-driven financial fraud, social engineering, and corporate impersonation, echoing broader findings that deepfake-as-a-service (DaaS) platforms have become one of the fastest-growing tools for cybercriminals .

Across the Asia-Pacific region, the impact is measurable:

• Deepfake fraud incidents spiked by 2,137% in 2025, now accounting for over 6% of all fraud attacks in some jurisdictions .
• In APAC specifically, synthetic personal data fraud jumped 142% year-over-year, making up 15.7% of all regional fraud attempts .
• Singapore police reported a 300% increase in AI-assisted impersonation scams .
• 87 deepfake scam rings were dismantled across Asia in the first quarter of 2025 alone, with nearly 40% of high-value fraud cases involving deepfake technologies .

Criminal networks deploying this technology have industrialized their operations. Revenues from AI-driven fraud now surpass the global drug trade, and many operations are linked to severe human rights abuses, including human trafficking into scam compounds across Southeast Asia .

A Regional Cybercrime Surge Beyond Deepfakes

The Nikkei Forum's warnings align with a broad deterioration of the cybersecurity environment. The conference highlighted how AI is also accelerating ransomware, Advanced Persistent Threat (APT) attacks, and the growth of Fraud-as-a-Service (FaaS) platforms.

Asia-Pacific ransomware surged nearly 58%, now dominating 44% of all data breaches in the region . Singapore's Cybersecurity Agency reported a 21% increase in ransomware incidents in 2024 alone, driven by criminals leveraging AI to automate attacks . In South Korea, cybersecurity breaches rose 26% in 2025 compared to the prior year, partly due to AI-powered hacking tactics .

Meanwhile, Southeast Asia's rapidly growing digital economy is increasingly exploited as a staging ground for global attacks, with compromised systems used as proxies to mask the origins of intrusions targeting organizations worldwide . AI-enhanced phishing, ClickFix scams, and the exploitation of trusted business tools are all on the rise .

The Regulatory Scramble: A Race Against the Machines

A consistent theme at the forum was the urgent need for regulation—a call already being answered across the region. In the past 18 months, at least six major digital identity and AI regulatory frameworks have come into force across APAC countries, directly responding to the surge in AI-powered identity fraud .

Japan exemplifies the reactive posture governments now find themselves in. In May 2026, the government announced it would issue warnings to operators of critical infrastructure vulnerable to AI-driven cyberattacks, following concerns raised by the capabilities of new models like Anthropic's Claude Mythos . Tokyo is also hurrying to establish a protocol via the National Cyber Security Office to coordinate responses to AI-enabled threats . Beyond infrastructure, Japan's ruling party is pushing for new legislation on generative AI, with draft rules including penal regulations for foundation model developers .

Other nations are moving in parallel. China's top legislature approved revisions to its internet safety law to tighten oversight of generative AI and mandate the labeling of synthetic media . South Korea finalized a "Comprehensive Plan to Eradicate AI-Generated False or Exaggerated Advertisements" in December 2025, targeting the use of deepfakes to impersonate professionals and celebrities . ASEAN has launched an expanded governance guide covering deepfake risks and responsible AI use .

Yet panelists acknowledged that regulation alone cannot solve the problem. As one expert warned, "regulation will always be chasing technology" . The consensus was that equally rapid investment in AI-powered threat detection, identity verification modernization, and workforce upskilling is essential .

The Nikkei Forum's core message was consistent with the trajectory observed across industry reports: AI is shifting cybercrime from opportunistic to highly engineered, automated, and industrial. The attacks are faster, more personalized, and harder to spot—and the region's defenses need to evolve at the same pace.