F5’s latest report, conducted by Twimbit and titled “2025 Strategic Imperatives: Securing APIs for the Age of Agentic AI in APAC,” has revealed that unsecured application programming interfaces (APIs) are not just a security blind spot, but a potential risk that could escalate amid the accelerating adoption of Agentic AI in the Asia Pacific (APAC).
Manoj Menon, founder and CEO at Twimbit, said that organisations in the Asia Pacific “lack dedicated teams, consistent oversight, and advanced capabilities—gaps that quickly become strategic vulnerabilities in the era of Agentic AI. Addressing these weaknesses will require stronger governance and end-to-end lifecycle controls to protect business continuity, compliance, and trust.”
Critical blindspot
The report found that over 80% of APAC organisations now use APIs to deploy AI and machine learning models. Most (63%) organisations in the region rate API security as “very important” for business continuity, regulatory compliance, and AI transformation. However, only 42% report mature API governance capabilities, while just 22% have established a dedicated API security function. Â
“The speed and autonomy of AI agents demand that API security be built into the foundation of business operations. This means integrating governance, visibility, and policy enforcement directly into API workflows, ensuring every interaction—whether human or machine—is authenticated, authorised, and monitored in real time,” said Mohan Veloo, chief technology officer for Asia Pacific, China and Japan, F5.
Addressing governance gaps
To address the governance gaps that could derail AI transformation initiatives, F5 recommends that enterprises assignC-level ownership for end-to-end API governance, deploy lifecycle controls across discovery, posture, runtime, and testing for comprehensive API security, and embed agent-aware observability into API traffic monitoring.
Moreover, F5 recommends the enforcement of OWASP-based policies across both human and agent API usage, and linking API behaviour to agent intent and business outcomes through governance architecture.
