Fastly, Inc. (NASDAQ: FSLY) has released its Fourth Annual Global Security Research Report, highlighting a growing cybersecurity crisis among AI-first businesses—companies that embed AI into core processes and offerings from the outset rather than as a secondary enhancement.

Key Findings: AI-First Businesses Face Longer Recovery and Higher Costs

The report reveals that AI-first organisations take nearly seven months on average to fully recover from cybersecurity incidents, which is 80 days longer than non-AI-first companies. This delay translates into a 135% higher financial toll, reflecting extended recovery periods and increased AI-specific compromises.

  • AI Exploitation: 44% of AI-first businesses reported that AI was directly exploited in their latest security incident, compared to only 6% of non-AI-first organisations.

  • Southeast Asia Impact: 69% of respondents cited AI or AI tool usage as a contributing factor in recent cybersecurity events.

  • Cost of AI Scraping: Nearly 7 in 10 (67%) Southeast Asian organisations face material costs from AI scraping, averaging USD 372,330 annually.

Operational and Security Impacts

AI-first and AI-native systems expand the attack surface, introducing agentic workflows, decentralized data flows, and additional infrastructure complexity. Among Southeast Asian organisations, the top negative effects include:

  1. Operational disruption (53%)

  2. Increased infrastructure costs (51%)

  3. Security incidents or data leakage (50%)

  4. User experience issues such as slower load times or broken functionality (35%)

Security Recommendations

Fastly highlights the need for modernised, AI-aware security strategies:

  • Web Application Firewalls (72%) and API discoverability/security solutions (66%) are among the leading investments.

  • Agentic discoverability tools (64%) are increasingly critical to track autonomous AI activity.

  • AI Governance and Expertise: 61% of respondents require additional AI-specific security expertise, and 59% report rising pressure on teams to manage AI risks.

  • DDoS Concerns: 83% of Southeast Asian organisations are worried about DDoS attacks targeting AI agents.

“AI is no longer a single tool—it’s becoming an integral part of business operations,” said Rachel Ler, AVP of Asia at Fastly. “Companies that establish clear AI governance today will gain a decisive advantage tomorrow.”

“From unmonitored agentic activity to escalating scraping costs, the risks are real, operationally and commercially. Web Application and API Protection (WAAP) tools are becoming business-critical solutions,” added Marshall Erwin, CISO at Fastly.

Conclusion

The report underscores that AI adoption without security modernization creates significant operational, financial, and reputational risks. Fastly urges AI-first organisations to implement AI-specific monitoring, secure inference infrastructure, and robust perimeter protections to reduce incident recovery times and safeguard their digital operations.

Download the full report from Fastly, Inc. to learn how to modernise security infrastructure and recover efficiently from cybersecurity incidents.