Post-its, Power Indexes, and the $1 Chevrolet: What Happens When a Property Giant Confronts Its Data Reality

Picture this: a room full of senior leaders from one of Malaysia's largest property developers (townships, high-rises, and hotel operations across the country) armed with sticky notes and five minutes to brainstorm every AI use case they could think of. 

It took them only 5 minutes to generate 40 AI use cases.The more valuable two hours went into working out what has to be true underneath each use case.

Last week, in conjunction with the AIBP ASEAN Conference and Exhibition Malaysia 2026, we facilitated a private workshop for the leadership team of UEM Sunrise. The workshop (meant to look into the Data Groundwork Behind Working AI) was built in three parts: an AI readiness exercise using the impact-effort matrix, some use case sharing from our workshop partners Level3AI and Cisco, and an #AskMeAnything peer sharing segment with practitioners who've been in the trenches.

The UEM Sunrise team was led by Peggy Lee (Chief People and Technology Officer) and Hafizuddin Sulaiman (Chief Financial Officer), alongside leaders from property development, innovation and analytics, IT infrastructure, and cybersecurity. Having that spread of functions in one room (while rare) facilitated a comprehensive discussion across data readiness, data quality, security, all the way down to  change management. 

Sticky notes, sticky use cases 

The impact-effort matrix exercise (inspired by one of our keynote panellists, Dr. Siew of Maybank, who mentioned finding a "north star" business outcome for AI) surfaced 40 use cases across the different teams. Classifying them is where the real conversation started.

The quick wins were relatively clear: generative design for land utilisation, AI-assisted recruitment, customer service optimisation. Already supported by existing market solutions, relatively low effort to pilot.

The high-impact, high-effort quadrant told a more interesting story. Financial modelling landed here because of data sourcing complexity. Post-occupancy lifecycle management using digital twins came up - the team recognising that managing asset performance across townships is a massive opportunity but requires serious data infrastructure. And then there was the idea of building an agentic concierge - an AI that could engage potential buyers, understand their financial profile and preferences, and guide them through the property journey.

Shifting Gears: The Risks Nobody Wants to Talk About

Of course, you cannot talk about deploying autonomous agents without talking about risk. Dr Kunal Sehgal, CXO Advisor, Cybersecurity from Cisco brought in a much needed reality check.

He walked us through the now-infamous Canadian case where a good white-hat hacker tricked a Chevrolet dealership's LLM chatbot into agreeing to a "legally binding offer" to sell a 2024 vehicle for exactly one dollar.

"Accountability can never be outsourced," Dr. Kunal warned the room. "It doesn't matter if you are renting your models from Google, Microsoft, or Anthropic. If your AI chatbot makes a mistake, the legal and financial liability sits squarely with you."

Then came the bigger picture. In June 2025, an AI agent called X Bao became number one on HackerOne's bug bounty leaderboard — the first time in the history of the programme that an AI beat all human hackers. "There was a belief that AI cannot do exploits," he noted. "AI can do vulnerability assessment, but not exploits. Well, that assumption is dead."

For any property company holding sensitive customer financial data, identity documents, and property records, this is a live consideration. Cybercriminals are no longer just targeting banks; real estate and healthcare data are increasingly in the crosshairs. Zero-day vulnerabilities (problems with no patches and no vendor support) are rising. Supply chain attacks, where hackers compromise a third-party supplier to impact everyone downstream, are becoming more common. And most organisations are running legacy end-of-life equipment without even knowing it.

AI governance isn't just about model accuracy. It starts with the security of the data you feed them and the systems they sit on.

Level3A - Safeguarded Advanced Automation 

Having UEM Sunrise's own team raise the agentic concierge idea made what Level3AI brought to the table feel particularly relevant. They showcased their technology in real time through a live conversation with their voice agent, Emily.

Emily didn't just answer questions. She held a natural, flowing conversation, and Level3AI addressed several of the key concerns head-on, especially around safety of the technology - how to prevent the agent from being manipulated, how to keep it on-brand, and how to ensure it doesn't go rogue in a live customer interaction.

#AskMeAnything

ft Erverna Navamalar Thanasegaram, Lead, Data Governance, Tenaga Nasional Berhad,   See Soon Keong, Lead, AI and Data Governance Assurance, Tenaga Nasional Berhad and Budiman Bujang, Deputy CDO, Johor Corporation. 

Three practitioners, two different organisations, all navigating the messy realities of data governance and AI implementation.

Small Data, Golden Data

There's a myth that you need a pristine, perfectly unified enterprise data lake before you can even think about deploying AI. If you wait for that, you'll be waiting a long time.

But rather than locking the gates until the plumbing is perfect, SK and Erverna talked about TNB’s parallel approach. 

"Most AI use cases do not need the entire universe of data to work," Erverna explained. "If you want to do talent development, you already know what data sources you need to evaluate an employee. You do not need to get the entire ecosystem of data to be available for you to do the use case."

SK also introduced the concept of "golden data" — your master data sources that are officially endorsed by the business line. "If we were talking about customer billing, we go for our identified BCRM data. We don't run from that because those are ones that you're going to roll out. Those are the ones going to impact you." In other words, for use cases with direct business impact, you go to the source.

SK and Erverna also mentioned that AI technology itself is evolving so fast that you need to revisit your assumptions regularly. "Maybe five years ago, you're using machine learning to predict asset failure. Now you may use large language models, small language models to infer when the next asset will fail." Don't just define your use case — articulate how AI is going to deliver value, because the tooling changes faster than the strategy.

100+ AI Use Cases and Counting

Budi shared JCorp's journey of centralising its digital architecture onto Microsoft Azure, creating a single source of truth across business units, and enabling over 500 users on AI-powered workflows with Microsoft Copilot — mapping over 100 AI use cases to date.

Since launching JCorp AI in February, they've been moving fast. To manage data complexity across the group's subsidiaries, Budi's team built a Data Quality Index (DQI) paired with a system-calculated confidence level.

"We build small AI agents to capture signals for the Data Quality Index," Budi shared. "These agents report back to a master agent who determines a confidence level. If there is bad data, your corporate strategy will be formulated on bad data. We look at that threshold closely."

To drive usage, JCorp tracks an internal "AI Power Index" and isn't afraid to use high-level accountability to keep teams moving.

The sandbox where POCs go to die 

The highlight of our Ask Me Anything segment came when the team from UEM Sunrise threw a wonderfully pragmatic curveball at the panel: when you're juggling 70 or 80 potential use cases at once, how do you actually govern them? Do you drag every single idea through a massive corporate risk matrix before you even touch a Proof of Concept?

JCorp built what they call the AI Registry, which has to go through three non-negotiable gates before a single line of production code gets written.

Gate 1: Strict Alignment to Key Results. If the AI application doesn't tie back to a strategic objective or key result, it gets killed. No room for technology for technology's sake.

Gate 2: Absolute Data Availability. The idea owners must articulate exactly what data sets they need and prove they're accessible and reliable. As Budi put it, data is the bloodline of AI — without it, the model starves.

Gate 3: Baseline Workflow Transformation. The final gate looks closely at the operational delta.Teams must map out their current workflow and show how the AI integration will actually move the needle. If it doesn't meaningfully change how work gets done, it doesn't clear the registry.

"Data is extracting the AI value," Budi pointed out. "We rush through AI development without thinking, eh? Our data is not correct... data tak ready."

If you're interested in contributing to or being part of future workshops like this one with other notable enterprises across ASEAN, do reach out or drop me a DM. Always happy to connect and see where we can add value to our enterprise stakeholders.

Next up, we’ll be in Jakarta on the 26th and 27th of August, followed by Bangkok, 2nd and 3rd September, exploring the nuances of AI ownership and governance, build vs buy, and cyber risk and resilience in AI-driven enterprises with

  • Pertamina

  • CIMB Niaga

  • Astra international

  • MIND ID

  • DANA

  • King Power

  • AXONS

  • Osotspa

  • Asset World Corporation

And more!

Previous
Previous

Governing AI in the Philippine Enterprise: Balancing Speed, Security, and Trust

Next
Next

53rd AIBP Conference & Exhibition Malaysia Day 1: Enterprise AI Moves From Adoption to Accountability