Top IT predictions in APAC in 2026

Cloud sovereignty as strategy, not box-ticking

From Singapore’s digital sovereignty framework to India’s Data Protection Act, cloud sovereignty has become a focus for countries that want greater control over their technology future. Analyst firm Forrester expects that by 2026, about half of APAC enterprises will make sovereignty-based controls – such as in-region infrastructure and data residency – a top criterion for cloud and AI platforms.

“Sovereignty is about control and choice,” said Martin Creighan, vice-president for APAC at Commvault. “In a multi-cloud, multi-region world, enterprises need the freedom to decide where data resides – on-premises, in a private cloud, a local hyperscaler region, or a global cloud – while still maintaining visibility into under whose laws it sits, and how it can be recovered without crossing borders.”

Creighan noted that IT architectures are also becoming sovereignty-aware by default, with encryption, access policies, and compliance rules moving with the data, across national borders and clouds. “When sovereignty is built into design, compliance becomes a competitive advantage. In 2026, this combination of sovereignty and freedom of choice will allow organisations to innovate confidently within trusted boundaries,” he said.

AI becomes more local

The new year will see more localisation and relevance of AI innovation to markets in Southeast Asia, with more options available to cater to different purposes, according to Gavin Barfield, vice-president and chief technology officer for solutions at Salesforce ASEAN.

While AI innovation has primarily been in English at launch, with a focus on getting the technology working well, there will be more investments in localising AI to reflect the unique linguistic tapestry in ASEAN, Barfield noted.

By 2026, the ability to collaborate with AI in software development, rather than compete against it, and focus on verifying its output, will be a defining skill for employability and growth in the region’s evolving tech economy

“AI models fine-tuned with regional linguistic and cultural nuances will deliver more accurate and contextually relevant responses, improving customer experience and delivering true business impact in the region,” he said. “We will also see a variety of LLM [large language model] options emerge for local businesses, as global LLMs localise and more regional, local, and even industry-specific small language models (SLMs) emerge to cater to varying needs.”

Barfield said the availability of local and region-specific AI will enable businesses to solve uniquely local problems, adding that Salesforce is making its Agentforce platform available in Southeast Asian languages, including Tagalog, Thai, Vietnamese, Bahasa Melayu, and Bahasa Indonesia, to more local businesses in the region.

APAC to be global data backbone

With APAC being the primary engine for global economic growth, the region has seen more investments in digital infrastructure such as datacentres and subsea cables in recent years. Singapore, a business and financial hub, already handles over 99% of its international telecom traffic via 26 submarine cables.

Newly launched high‑capacity subsea systems, such as the 10,500km Southeast Asia-Japan Cable 2 with 126 terabits per second capacity, will further improve connectivity across Singapore, Japan, Hong Kong, and beyond, noted Amajit Gupta, managing director and group CEO of Lightstorm, a network infrastructure provider.

“By 2026, this dense subsea mesh will naturally raise expectations for private, isolated pathways and security-baked infrastructure,” Gupta said. “Growing AI-led and cross-border workloads will reinforce this direction. As subsea expansion accelerates, enterprises will increasingly look for zero trust-aligned, resilient connectivity across APAC.”

AI-assisted software development to drive workforce recalibration

Following widespread tech sector layoffs, the new year will see a recalibration of the region’s technology workforce, according to Marcus Low, vice-president and managing director for APAC and Japan at Sonar, a code quality platform provider.

Low noted that AI has lowered the barriers to coding, making software development become more accessible to those without engineering backgrounds. AI-assisted tools can now generate, test, and refine code through natural language prompts, allowing individuals with minimal coding experience to upskill quickly and contribute to digital product creation.

“With this, we’ll also see more of a focus from the volume of AI-generated code to the verification of its output,” Low added. “By 2026, the ability to collaborate with AI in software development, rather than compete against it, and focus on verifying its output, will be a defining skill for employability and growth in the region’s evolving tech economy.”

Vibe hacking to redefine social engineering

Social engineering will evolve beyond phishing into full-scale psychological manipulation in 2026, according to Findlay Whitelaw, security researcher and strategist at Exabeam, noting that AI-enabled insiders are primed to use LLMs to plan and execute sophisticated attacks.

“This may span from deepfake scams to vibe hacking, where AI-crafted messages mimic the tone and trust of executives within the organisation,” Whitelaw said. “Vibe hacking takes traditional phishing techniques to the next level by leveraging familiarity and exploiting trust. It is a dangerous advancement in social engineering tactics, with employees inclined to comply simply because the tone feels right.”

Against this backdrop, organisations will need to focus more on AI transparency and employee education to prepare for this next generation of trust-based cyber attacks, he warned.

Observability going beyond engineering roots

Peter Marelas, senior director of product management at New Relic, expects observability to become an enabler of digital trust, resilience, and competitive advantage, going beyond its roots as an engineering tool.

The infrastructure stack will become modular, programmable, and open. Vendor lock-in will give way to ‘infrastructure as code,’ where the hypervisor quietly fades into the background

Organisations will find that traditional monitoring is inadequate in the AI era, and technology and business leaders will need intelligent observability not just to see what’s happening, but to understand why it’s happening, and what to do next, he added.

That will require them to progress from manually maintained configuration management databases, which were built for slower, more predictable environments, to live observability graphs built from telemetry data.

“This real-time graph will replace current databases as the single source of truth, helping teams trace issues instantly and even debug how autonomous systems interact,” Marelas said. “As agentic AI and interconnected services expand, this graph becomes the foundation of trustworthy, self-healing digital ecosystems.”

And by combining telemetry with cloud cost data, observability systems can help to pinpoint inefficiencies and even test cost-saving changes safely using FinOps (financial operations) automation, Marelas noted. “Intelligent observability will directly reduce downtime, streamline cloud spend, and accelerate decision-making, turning visibility into measurable business value,” he said.

The virtualisation revolt

The decade-long dominance of proprietary hypervisors will finally fracture, according to Matthew Oostveen, Pure Storage’s vice-president and chief technology officer for APAC and Japan. While recent market consolidations have been a catalyst, he noted that underlying drivers – cost, complexity, and the desire for greater control – have reached a breaking point.

“Enterprises across the region, tired of rising license fees and shrinking flexibility, will begin rewriting their infrastructure playbooks,” Oostveen said. “Virtualisation will no longer be a product; it will be a capability, embedded natively into cloud, container, and edge platforms. Lightweight hypervisors, open-source technologies, and cloud-native orchestration will replace heavyweight virtual machine sprawl.”

The winners will be those who see this not as an exodus, but as an evolution: moving from managing virtual machines to virtualising the entire stack – compute, storage, networks, and even AI workloads. “By 2026, the infrastructure stack will become modular, programmable, and open. Vendor lock-in will give way to ‘infrastructure as code,’ where the hypervisor quietly fades into the background,” Oostveen said.

Full democratisation of ransomware

Ransomware will become fully commoditised, transforming into a mass-scale cyber crime economy, according to Reuben Koh, director of security technology and strategy at Akamai. “With off-the-shelf ransomware-as-a-service subscriptions, AI-powered ‘vibe-hacking,’ and growing collaboration between cyber criminals, hacktivists, and state-aligned actors, launching an extortion campaign will require far less expertise than before,” he said.

Koh pointed to a cyber security incident in Singapore where a ransomware attack on a printing supplier had potentially exposed thousands of bank customer statements, demonstrating how supply chain compromise can rapidly escalate into financial and reputational impact even for highly regulated institutions.

“Sectors rich in sensitive data such as finance, healthcare, retail, media will face intensified targeting, while managed service providers and supply chain vendors become high-value entry points. High-tech industries such as semiconductors remain especially vulnerable,” he said.

Open source to drive enterprise AI

The demand for cloud-native, AI and cyber security talent continues to outpace supply across APAC, and in 2026, the gap will only widen unless organisations invest in a skills-first approach to build, operate, and optimise modern digital systems, said Guna Chellappan, Red Hat’s general manager for Singapore.

In doing so, he noted that open source will play a key role, by providing shared knowledge, transparency, and a global ecosystem rooted in collaboration. “Tools and frameworks are also made available to everyone, instead of just a few. As more enterprises contribute back to these communities – by building on ideas quickly and responsibly – APAC will strengthen its position in digital innovation, not just as a consumer but increasingly as a creator,” he added.

In addition, as APAC organisations double down on AI, openness, flexibility, and collaboration will remain the principles that help them move from potential to real, measurable outcomes. “With no single model suited to every enterprise context, open source will continue to underpin the freedom and innovation needed to build what comes next,” Chellappan said.

Human-centric only identity systems will fail

Over the next year, organisations will confront an access and permissions crisis as agent-to-agent interactions expose the limitations of traditional access control systems, according to Craig Nielsen, vice-president for APAC and Japan at GitLab.

Unlike human users or simple automations, agentic AI systems communicate with each other, delegate tasks, and make decisions that cascade across multiple systems, exposing gaps in traditional composite identity solutions. When one agent instructs another, existing permission frameworks break down because they were designed for individual human actors, not autonomous systems that act on behalf of other autonomous systems.

While some companies are implementing short-term fixes, such as assigning personas to agents, Nielsen said these approaches treat agents like employees rather than addressing the fundamental governance challenge. Organisations that continue using human-centric permission models will find themselves unable to trace decision-making chains, audit agent actions, or maintain security as their AI systems become increasingly interconnected and autonomous.

“Organisations must accept that this will require rethinking identity and access management from first principles. They should assemble cross-functional teams to design governance frameworks built for autonomous systems, rather than retrofitting human-centric models. The window to get ahead of this is narrow, as once agent ecosystems become deeply interconnected, redesigning foundational frameworks becomes exponentially harder,” he said.