By Beatriz Marie D. Cruz, Reporter
PHILIPPINE COMPANIES should boost investments in mobile app security as cybercriminals increasingly exploit artificial intelligence (AI) tools to bypass traditional defenses, according to cybersecurity firm Appdome, Inc.
“Recent studies have shown that the Philippines is pretty much the biggest market in Southeast Asia for fraudulent activity,” Jan Sysmans, Appdome mobile app security evangelist, said in a video interview.
“In the past, security and information technology (IT) budgets focused on protecting the perimeter. In a mobile-first world, the focus has to shift to protecting the mobile business,” he added.
Filipino consumers downloaded 3.39 billion mobile apps in 2024, ranking the Philippines among the top 10 globally in app downloads and usage hours, according to a 2025 report by analytics firm SensorTower, Inc.
The surge in mobile banking, e-commerce and digital entertainment has also widened the attack surface for cybercriminals.
Advances in AI have rendered traditional biometric authentication such as facial recognition and fingerprints less secure, Mr. Sysmans said, citing remarks from OpenAI Chief Executive Officer Sam Altman.
AI-driven deepfakes can now generate hyper-realistic data, effectively defeating identity-based security, he pointed out.
Cyber-incidents in the Philippines have accelerated alongside digital adoption. Data breaches jumped 49% in the third quarter, compromising more than 52 million credentials in just three months, based on a report by Viettel Cyber Security.
“What we’re seeing already is criminal organizations hacking into AI agents, presenting themselves as customer support agents,” Mr. Sysmans said, noting that such tactics exploit user trust and the growing sophistication of conversational AI.
He urged Philippine companies to prioritize securing mobile application programming interfaces (API) and user identity data — areas often neglected in traditional cybersecurity frameworks.
“If the mobile device or the APIs that the mobile app uses to connect to the backend are unprotected, then a criminal organization can leverage those connections to access resources or websites and try to inflict damage,” he said.
Despite rapid growth in mobile use, cybersecurity spending across Southeast Asia remains uneven. Industry analysts say organizations still allocate the bulk of IT budgets to legacy systems and network firewalls rather than app-layer protections.
The shift to mobile-first business models means companies can no longer afford to treat app security as an afterthought because the threat has moved to where the users are — on mobile.