Pages

01 June, 2026

2026 highlights: May

Technology highlights for May 2026 included:

- Aramco and Pasqal launched KSA's first quantum computer and the Middle East’s first commercial quantum computing-as-a-service platform.

- Dell and NVIDIA unveiled a broad AI ecosystem designed to run frontier AI models and autonomous agents securely for the enterprise with the Dell AI Factory with NVIDIA at its heart. 

- Google Threat Intelligence Group announced that it had found the first threat actor using a zero-day exploit that they believe was developed with AI. Found in a Python script, the exploit targeted a two-factor authentication (2FA) bypass in a popular open-source, web-based system administration tool. 

Shane Barney, CISO, Keeper Security, said: "When attackers use AI to identify high-level semantic logic flaws in authentication flows at a speed and scale no human analyst can match, the gap between having MFA and having resilient authentication becomes impossible to ignore. Keeper Security’s latest Global Insight Report revealed that only 35% of organisations globally have implemented phishing-resistant MFA, the FIDO2 and passkey-based methods that resist this class of attack. That’s despite nearly half (46%) identifying AI-driven attacks as their single greatest source of increased security pressure over the past year.

"That sizeable gap is precisely where incidents happen. AI not only lowers the skill barrier for attackers, it also systematically targets the trust assumptions that legacy authentication methods were never designed to defend against. The evolving threat landscape means it’s essential that organisations move beyond SMS codes and basic authenticator apps towards hardware-backed, phishing-resistant credentials."

MFA stands for multifactor authentication, and SMS for short message service. 

- India's Community Emergency Response Team (CERT) set patch deadlines for exposed flaws. 

Takanori Nishiyama, SVP APAC, Keeper Security said the tiered framework gives security leaders a defensible basis for making faster decisions on "the vulnerabilities that genuinely cannot wait." "CERT-In's new guidance is a direct acknowledgement that AI has fundamentally changed the pace of exploitation. From vulnerability discovery through weaponisation, AI is accelerating every stage of the attack lifecycle. What once took days now takes hours, and defenders must operate accordingly," he said.

"The framework's tiered structure reflects a risk-based approach that organisations across Asia-Pacific would do well to adopt regardless of jurisdiction. Twelve hours for known exploited vulnerabilities on Internet-facing systems, one day for critical external flaws and three days for critical internal vulnerabilities on high-value systems. The tiers matter because they force prioritisation – something many organisations still struggle with." 

Nishiyama also noted that India's regulators are beginning to treat AI deployments as a distinct attack surface requiring dedicated controls. 

- Instructure, which has a presence in India and Singapore, suffered an attack by the ShinyHunters group on April 29. As of 12 May, Steve Daly, CEO said that Canvas by Instructure is fully operational and remains safe to use, and that core learning data is not compromised. The latest developments are on its Incident Update page. 

Dave Russell, SVP and Head of Strategy at Veeam Software said: “Moving to SaaS doesn’t eliminate risk - it changes it. Even when the provider secures the platform, it’s still your data and still your responsibility to ensure it is protected, retained, and recoverable. SaaS is an attack surface, and resilience planning has to assume critical services can become unavailable or untrusted with little notice. The most pragmatic step organisations can take is to apply consistent data hygiene everywhere (on‑premises, cloud, and SaaS) and maintain independent, recoverable copies of mission‑critical data so recovery happens on your timeline, not the attacker’s.”

Rick Vanover, VP of Product Strategy at Veeam Software added: “SaaS can feel like ‘set it and forget it’ until it’s suddenly ‘set it and regret it.’ The shared responsibility model is the fine print nobody reads until an incident forces the issue: the provider runs the service, but you own the outcome - including getting your data back and keeping the business running. 

"Treat SaaS like any other production system: lock down identity, know where the data is, keep it clean, and make sure you have a recovery plan that doesn’t depend on the same platform that’s having a bad day. If ransomware loves anything, it’s single points of failure, so don’t give it one.”

ShinyHunters was also linked to a breach of 7-Eleven's Salesforce environment in April 2026. 

SaaS stands for software-as-a-service. 

 

An Instagram ad about protections for teen accounts seen at City Hall station, Singapore, in May 2026.
An Instagram ad about protections for teen accounts seen at City Hall station, Singapore, in May 2026.

- Meta provided more detail on its efforts to detect underage accounts, sharing that AI is used to analyse profiles for contextual clues such as birthday celebrations or mentions of school grades. The technology is to be extended across additional parts of Meta's apps like Instagram Reels, Instagram Live, and Facebook Groups.

Subscription plans for Meta platforms were launched. Instagram Plus, WhatsApp Plus, and Facebook Plus are available under the Meta One brand, with more plans on the way for creators, businesses, and Meta AI power users. 

- Micron Technology and SK Hynix saw their market capitalisation surpass US$1 T.  Both are semiconductor firms supplying the chips that make AI possible.

“Wall Street spent the past two years believing NVIDIA was the AI trade,” said Nigel Green, CEO of global financial advisor deVere Group.

“Now the market is starting to realise the real power may sit deeper in the supply chain.”

Green elaborated that investors are no longer indiscriminately rewarding companies building AI products. “The AI boom is becoming less about who builds the models and more about who controls the choke points,” he said. 

“Increasingly, they are concentrating capital into the firms controlling the infrastructure bottlenecks the entire AI economy depends on. And memory has rapidly become one of the biggest (bottlenecks).”

NVIDIA launched an AI research lab in Singapore focused on advancing embodied and efficient AI. The lab is NVIDIA’s Singapore hub and second research presence in Asia Pacific.  

OpenAI rolled out GPT‑5.5‑Cyber in limited preview to defenders responsible for securing critical infrastructure to support specialised cybersecurity workflows that help protect the broader ecosystem. 

Anthony Grieco, SVP, Chief Security & Trust Officer at Cisco, commented: "At Cisco, we view frontier models as a powerful force multiplier for defenders. Models like GPT-5.5 are fundamentally changing the velocity of our operations, enabling us to move faster on everything from incident investigation to proactive exposure reduction. 

"But speed cannot be traded for trust. The true value of this technology isn't found in the model alone, but in the enterprise-ready framework we wrap around it. A framework that helps us make more secure products. Our focus is on transforming our secure development and operations processes with these new capabilities. For us, it's about enabling innovation that is as reliable as it is fast."

- World Telecommunication and Information Society Day was celebrated on May 17. 

Mohan Veloo, CTO, Asia Pacific, China and Japan, F5, said that the more connected we become, the more fragile the system can become if trust, resilience, and governance are not designed in from the start. "Today, most organisations are operating across on premises, public cloud, edge, and colocation environments. F5 research shows that more than 86% of organisations globally now run applications across multiple environments. That has become the new operating reality, but it also expands the attack surface and makes consistent security and governance much harder," Veloo said.

"The next phase of telecommunications will not be defined only by faster networks or more capacity. It will be defined by whether we can build digital lifelines that are secure, resilient, and trusted. As AI, cloud, APIs, and edge computing become embedded into everyday services, organisations need a unified way to deliver, secure, and govern applications wherever they run."

-  In Singapore, the Infocomm Media Development Authority (IMDA), JTC and the Singapore Institute of Technology (SIT) have created new collaborations for physical AI with Certis, DHL, Grab and QuikBot. IMDA and the National Robotics Programme (NRP) will also work with knowledge partners such as FieldAI and Thoughtworks in collaboration with companies such as Slamtec, Unitree, and QuikBot to the same goal.

The Singapore Ministry of Digital Development and Information (MDDI) and Google announced an expansion of Google's collaboration with the Singapore government through a new National AI Partnership. The partnership aims to harness frontier AI as a force for good – including deploying AI to solve society's challenges, fostering an AI-ready workforce in Singapore, and creating a secure and trusted ecosystem.

MDDI also signed a memorandum of understanding (MoU) with OpenAI to collaborate on a new OpenAI for Singapore initiative, focusing on advancing applied AI innovation, building AI talent, and making AI accessible to citizens, enterprises and the public sector. The partnership represents a commitment of more than S$300 M by OpenAI. 

- Taiwan's largest SMS one-time password (OTP) delivery platform, EVERY8D, which is operated by Teamplus, suffered a data breach. SMS message logs involving businesses and government officials were exposed. 

Nishiyama said the incident is a timely reminder that authentication infrastructure is not immune to attack. "When that layer is compromised, the accounts and communications it protects become vulnerable, regardless of how strong the underlying credentials may be. SMS-based OTP has offered organisations a meaningful layer of protection beyond passwords alone, but it has never been without its limitations. SIM swapping, SS7 vulnerabilities and phishing interceptions are well-documented weaknesses with SMS-based verification," he said.

"This is not an isolated event. Across Asia-Pacific, organisations continue to face growing pressure from ransomware and credential-based attacks, and authentication gaps remain a frequent point of entry. This incident also highlights the compounding risk of supply chain concentration. When a single third-party provider underpins OTP verification for banks, e-commerce platforms and government agencies simultaneously, one successful attack can trigger failures across an entire ecosystem." 

TechTrade Asia is looking out for comments on tech-related highlights that occur in June. Please send them before 1 July. 

Hashtag: #2026highlights 

No comments:

Post a Comment