How Singapore Is Securing AI for 150,000 Public Officers

Key security features include technical restrictions on what AI agents can do—such as blocking file deletion or external emailing, and limiting recipient lists—rather than solely relying on model-level controls . The Government has also explicitly designed the Desk's security architecture so that protections remain intact even when third-party AI tools are added or swapped out .

GovTech's broader cybersecurity posture supports this work. The agency uses a government trust-based architecture framework, plus red-teaming, vulnerability assessments, and routine penetration testing across all government agencies . It also produced a central cybersecurity platform—Cerberus—that gives whole-of-government endpoint protection and threat detection . GovTech has also developed an LLM Cybersecurity Playbook that sets baseline best practices for developing, procuring, deploying, and using large language models across agencies .

Timeline-wise, the AI Assistant Desk is currently in development with some public officers testing it. A wider rollout is planned for later in 2026 .

The AI Agent Registry

Alongside the Desk, Singapore is building a registry of AI agents for all 150,000 public officers . This is not just a directory. The registry will track each agent's ownership, function, and activity—acting as a control mechanism as government agencies increasingly use AI for tasks like coding, drafting, and research .

The registry forms part of a broader suite of governance tools that GovTech is developing to manage the risks of agentic AI systems—AI that can make decisions and act at machine speed . This aligns with Singapore's wider push to govern autonomous AI, including the global-first AI Agents Sandbox that GovTech, CSA, and IMDA ran with Google from August 2025 to May 2026 . That sandbox tested computer-use agents in real government settings for QA, AI safety testing, and social assistance, and surfaced significant risks around cybersecurity, privacy, and oversight .

At the policy level, Singapore also released the Model AI Governance Framework for Agentic AI on 22 January 2026, which requires organisations to assess and bound risks upfront, limit agent autonomy and access, and maintain human accountability . The framework's appendices include agent registry and identity management templates . Together, the operational registry and the governance framework form a two-pronged approach: track what agents are doing while setting the rules for how they should behave.

AI Tools in Schools

The original question asked about Markly and LangBuddy as specific AI tools being tested in public schools. The provided sources do not directly confirm these two tools by name.

However, what is confirmed is that Singapore already has multiple centrally developed AI tools running on the Singapore Student Learning Space (SLS), the national online platform used by all school teachers and students . These tools are developed jointly by MOE and GovTech and include:

• Short Answer Feedback Assistant (ShortAnsFA), Language Feedback Assistant for English (LangFA-EL), and Mathematics Feedback Assistant (MathFA)—three AI-powered learning feedback assistants that mark student work and provide instant feedback .
• Authoring Copilot, which helps teachers plan lessons by generating sections, activities, and components based on their input .
• Learning Assistant (LEA), an AI tutor that uses Socratic-style guiding questions rather than giving direct answers, designed to make students think more deeply .
• Adaptive Learning System (ALS), which uses machine learning to create personalised learning pathways for Upper Primary Mathematics and Upper Secondary Geography .
• Speech Evaluation Tool, which analyses pronunciation, fluency, and clarity so students can practise oral skills independently .

The Education Ministry has adopted a phased approach: AI tools are withheld for lower primary levels (Primary 1–3) to protect foundational skill development, while older students use AI as a learning partner . Minister of State for Education Jasmin Lau has articulated the goal as helping students "learn about AI, learn to use AI, learn with AI, and most importantly, learn beyond AI" .

Cybersecurity: Penetration Testing with AI

GovTech is explicitly shifting toward preemptive, continuous security testing. Chian Khai Ang, who leads cybersecurity at GovTech, has said the agency is moving "beyond the paradigm that cyberattacks can be prevented" and is continuously testing systems rather than relying on periodic checks .

The agency is also scaling up AI-assisted Distributed Denial of Service (DDoS) testing to make it easier for other agencies to test safely . GovTech's public blog confirms ongoing work on "Engineering Multi-Agent Architectures for Autonomous Penetration Testing" .

On the offensive side, Singapore built the AI Capture the Flag (AI CTF) as a flagship platform to probe vulnerabilities unique to AI systems—weaknesses that traditional testing may not detect . Participants race to uncover and exploit AI-specific security gaps in a controlled environment .

The Bigger Picture

These tools do not exist in isolation. Singapore committed more than S$1 billion over five years to catalyse AI activities and aimed to triple the pool of AI practitioners to 15,000 . By March 2026, a new Institute of Digital Government was announced to systematically equip the entire public service with digital, data, design, and AI skills, with mandatory foundational modules covering cybersecurity, data protection, and AI literacy .

The National AI Strategy frames all of this as part of driving "broad-based AI adoption across government agencies to improve operational efficiency and enhance service delivery" . The registry, the Assistant Desk, the school tools, and the cybersecurity AI work are all operational expressions of a single, consistent policy: adopt AI at scale, but govern and secure it at every layer.