CSA’s Initiatives to Strengthen Singapore's Cyber Defences Amid an AI-Driven Threat Landscape
30 June 2026
Efforts to tackle an increasingly complex cyber landscape highlighted in the Singapore Cyber Landscape 2025/2026.
1 The Cyber Security Agency of Singapore (CSA) released the Singapore Cyber Landscape (SCL) 2025/2026 publication today. It highlights the initiatives that were put in place to strengthen Singapore's cyber resilience against an increasingly complex and AI-enabled global threat landscape. The publication covers key cybersecurity trends observed over the past year and outlines how CSA is working with industry, critical sectors and the public to address evolving cyber risks.
AI is Reshaping the Cyber Threat Landscape
2 Threat actors are increasingly harnessing artificial intelligence (AI) to conduct cyber-attacks at greater speed, scale and sophistication. The emergence of agentic AI is particularly concerning, as autonomous AI systems have the potential to automate significant parts of the cyber kill chain, lowering the barrier to entry for less sophisticated threat actors and compressing attacks that previously unfolded over days into hours. Recent developments such as the emergence of Anthropic's Mythos have demonstrated how AI can accelerate vulnerability research and exploit development, while the misuse of OpenClaw, a legitimate open-source agentic AI tool, has shown how such technologies can be weaponised to breach development pipelines at scale.
3 At the same time, AI presents significant opportunities for defenders. AI-enabled cybersecurity capabilities can improve threat detection, accelerate incident response and help security teams identify and remediate vulnerabilities more quickly. By automating routine tasks and enhancing security testing, AI enables cybersecurity professionals to focus on more sophisticated threats requiring human expertise and judgement.
4 As organisations increasingly deploy AI across enterprise networks and Critical Information Infrastructure (CII), AI systems themselves are also becoming attractive targets. Vulnerabilities in AI systems could have wider security implications beyond the AI applications themselves, making the secure deployment of AI an increasingly important priority.
5 To support organisations in adopting AI securely, CSA has introduced several initiatives. These include the publication of the Guidelines on Securing AI Systems and its accompanying Companion Guide, which provide practical recommendations for system owners to safeguard AI systems. Recognising the unique challenges posed by autonomous AI, CSA also published a discussion paper on securing agentic AI systems in October 2025 and will continue working with international partners to advance AI security standards.
Phishing Evolves as AI Lowers the Cost of Deception
6 AI is also reshaping phishing and scam operations by enabling threat actors to generate convincing phishing lures at scale, produce realistic voice clones and video deepfakes, and develop tools capable of bypassing multi-factor authentication.
7 Despite these developments, phishing activity in Singapore declined in 2025, with approximately 4,800 phishing attempts reported to CSA, a 21% decrease from about 6,100 cases in 2024.
8 To strengthen public resilience against increasingly sophisticated scams, CSA, with the support of the Ministry of Home Affairs, launched the pilot run of the National Simulated Scams Exercise in March 2026. The exercise simulated AI-enabled Government Official Impersonation Scam calls to help members of the public better recognise and respond to emerging scam tactics.
Botnets, Ransomware and APTs Continue to Threaten Organisations
9 The number of infected infrastructure detected in Singapore rose significantly to 284,300 in 2025, a 142% increase from 2024. This was driven primarily by persistent malicious infrastructure activity and improved detection of infected botnet devices. The continued profitability of Malware-as-a-Service operations, coupled with the widespread use of consumer Internet-of-Things (IoT) devices with weak security configurations or unpatched firmware, has created more opportunities for botnet operators.
10 To better secure consumer IoT devices, all residential routers sold in Singapore must meet Cybersecurity Labelling Scheme Level 2 requirements by end-2027. These requirements include stronger authentication mechanisms and more secure storage of sensitive data to better protect against increasingly sophisticated attacks. In addition, Singapore was involved in establishing common requirements and guidance for developing labelling schemes internationally through the ISO/IEC 27404 standard, harmonising benchmarks to facilitate a more secure global IoT landscape.
11 Ransomware remained a significant threat in 2025, with reported cases increasing slightly from 159 in 2024 to 165 in 2025. Small and Medium Enterprises (SMEs) continued to be disproportionately affected due to comparatively lower cybersecurity maturity and limited resources.
12 To strengthen SME resilience, CSA supported the establishment of the Cyber Resilience Centre (CRC) with industry partners to provide cybersecurity health checks and recovery assistance following cyber incidents. Eligible SMEs can also receive up to 70% co-funding for cybersecurity advisory services under CSA's Chief Information Security Officer-as-a-Service (CISOaaS) programme.
13 Singapore also continues to strengthen international cooperation against ransomware. As a member of the Counter Ransomware Initiative (CRI), Singapore hosted the fifth CRI Summit in October 2025 during Singapore International Cyber Week. At the Summit, CRI members endorsed the Singapore- and United Kingdom-led Guidance for Organisations to Build Supply Chain Resilience Against Ransomware, providing practical recommendations to help organisations strengthen supply chain resilience.
14 Advanced Persistent Threat (APT) activity continued to pose a serious threat to Singapore. One of the most significant incidents in 2025 involved an attempted cyber intrusion by APT actor UNC3886 targeting Singapore's four major telecommunications operators.
15 Singapore responded through Operation CYBER GUARDIAN, the nation's largest coordinated cyber incident response effort to date. The operation successfully contained the incident, with no disruption to telecommunications services and no evidence of customer data being compromised.
Strengthening Cyber Resilience Across Singapore
16 CSA has introduced several initiatives to strengthen cybersecurity across critical sectors, businesses and the wider community.
17 For CII owners, CSA has required all operators to attain Cyber Trust mark (CTM) certification by end-2027. While the Cybersecurity Act already regulates designated CII systems, the CTM requirement extends good cybersecurity practices across the broader enterprise environments supporting CII operations. In May 2026, the Commissioner of Cybersecurity also issued guidance to all CII owners on the cybersecurity implications of frontier AI developments. CSA will continue working closely with CII owners to implement the recommendations and has begun rolling out specialised technical training for cybersecurity practitioners within CII sectors.
18 National cyber readiness was further strengthened through the sixth and largest Exercise Cyber Star in 2025, involving close to 500 participants from CSA, the Singapore Armed Forces' Digital and Intelligence Service, and CII owners across 11 critical sectors. The exercise tested Singapore's ability to coordinate responses to large-scale cyber incidents affecting national critical infrastructure.
19 To support organisations more broadly, CSA expanded the Cyber Essentials and CTM certifications in 2025 to include mandatory cloud and AI security requirements. As of early 2026, more than 800 organisations have attained at least one Cyber Essentials certification.
20 CSA also continued advancing Singapore's National Quantum-Safe initiative, working with industry, academia and international partners to raise awareness of quantum risks, support migration planning and accelerate the adoption of quantum-safe technologies.
21 Looking ahead, CSA will continue investing in national cybersecurity capabilities, strengthening partnerships with industry and international partners, and ensuring that emerging technologies such as AI and quantum computing can be adopted securely to support Singapore's digital future.
“In today’s accelerating and increasingly complex threat landscape, major challenges such as AI and quantum loom ahead. We need to lock down, find first, and fix fast. We must tighten up and harden systems before threat actors can find footholds. Discover vulnerabilities before they are exploited. And when gaps are found, close them faster than threat actors can act. This cycle should be continuous, rather than point-in-time checks. We are working closely with global partners and industry to ensure that fast-evolving technologies strengthen, rather than undermine, our collective security. Together – industry, government, and citizens – we can build a future where digital innovation thrives in tandem with trust and security.”
- Mr David Koh
Commissioner of Cybersecurity and Chief Executive of CSA
About the Singapore Cyber Landscape 2025/2026
The “Singapore Cyber Landscape 2025/2026: Securing Our Digital Frontiers” publication reviews Singapore’s cybersecurity situation in 2025 against the backdrop of global trends and events, and highlights Singapore’s efforts in creating a safe and secure cyberspace amidst the dynamic AI-enabled global threat landscape.
CSA analyses multiple data sources and developments to shed light on the common cyber threats observed in Singapore’s cyberspace. Through case studies of incidents in Singapore, the publication aims to raise awareness of cyber threats among cyber stakeholders and the general public, and to offer practical and actionable insights to better defend ourselves against ever-evolving cyber threats.
Please refer to www.csa.gov.sg/resources/publications/singapore-cyber-landscape-2025-2026 for a copy of the report.
*** End ***
About the Cyber Security Agency of Singapore
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our National Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes.
CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg.
For media queries, please contact:
Eunice Tan
Manager, Communications & Engagement Division
Email: eunice_tt_tan@csa.gov.sg
Jingxuan Chen
Senior Assistant Director, Communications & Engagement Division
Email: CHEN_Jingxuan@csa.gov.sg
