When AI Acts, Who Answers? Day 2 Insights from the 53rd AIBP Conference & Exhibition Malaysia 2026
"You cannot send an AI agent to jail."
Azlan Ahmad, Chief Information Officer of Tenaga Nasional Berhad, was stating a structural fact. An AI agent has no legal awareness of its own mistakes, and whatever it does, the consequences land on people.
Day 1 had settled the structural questions of enterprise AI: who owns the outcome, the data, and the decision. Day 2, held on 9 July at W Hotel Kuala Lumpur, turned to the people expected to live with those answers.
Senior leaders across healthcare, energy, utilities, telecommunications, construction and investment holdings spent the day on three sharper questions:
Does your workforce trust AI enough to work alongside it?
Can your security team keep up when attackers move at machine speed?
When an AI agent gets it wrong, who takes the fall?
The Talent Question
At KPJ Healthcare, agentic AI now verifies payroll and claims across roughly 18,000 employees and 30 hospitals. One payroll officer is in charge of work that once took three people, and a learning and development function that used to need a dedicated staffer in every hospital now runs on eight people across the whole company.
Numbers like these read as productivity to a CFO but as a countdown to the people doing the work. The panellists spent most of their time on how to manage that gap.
Tengku Hazrizal Tuan Mohd Ghazali, General Manager of Group HR Management at KPJ, put the human role in terms any driver understands: AI works like Waze. It suggests the route but the driver still chooses, and still owns where the car ends up.
KPJ backed the principle with process, rolling out mandatory AI awareness training to all staff, nurses included, before any specific tool arrived.
Jo-Ann Low, Group Head of HR at Gamuda, was blunt about the messaging: stop publicly positioning AI as a headcount-reduction tool. Even where attrition eventually happens, announcing it raises anxiety and slows the adoption leaders want.
Gamuda's alternative is to invest in capability. That means tying AI usage to KPIs. An internal AI Academy runs weekly training and role-based modules, with graduates coaching their peers. And reverse-mentoring pairs tech-savvy junior staff with senior leadership, because leaders need AI fluency as much as their teams do.
She even declines to police personal use of company AI licences, reasoning that positive personal experience with the tools builds the familiarity that carries into work.
Nicholas Thooi, Chief People Officer at BonusLink, described a lighter-weight route to the same end: a subject matter expert model, where individual staff become the internal go-to for a given AI tool, spreading proficiency without a dedicated platform-owner role.
He paired it with a budget principle worth stealing: when AI absorbs a deliverable, reinvest the savings into training or better tooling rather than quietly banking them.
Nicholas also left leaders with a warning. AI outputs mirror the patterns their users feed them, and an assistant left unchecked starts telling a leader what they want to hear. A yes culture can take root at the top without anyone deciding to build one.
Nurul Diana Intan Zafirah Ishak, Head of Risk, Compliance & Sustainability at Cyberview, added the governance side of it. Over-reliance invites a blaming game, where "it's the system's fault" becomes the escape hatch. Her conclusion is the opposite of what most organisations reach for: the more AI is involved, the more leader accountability has to be reinforced.
Same Threats, Less Time
Dr. Amir Samad, Head of Cyber Security at Petronas, opened the security discussion with a reframe that set the tone:
"There is no new risk being introduced by AI. The risk is the speed at which these things are being uncovered."
Automated penetration testing and vulnerability discovery existed long before this wave. They just happen much faster now, and the window defenders have to respond keeps shrinking.
The exposure also scales differently once AI agents enter the picture. A human can access one piece of data at a time, while a compromised AI agent reaches multiple data sources at once, multiplying what a single breach can touch.
Where each organisation draws its automation line depends on what a mistake costs. PETRONAS illustrates one end of the spectrum. In its operational technology environment, the systems that physically run plants and refineries, an unplanned shutdown can cost millions and take days to recover. AI there is allowed to detect and flag problems, and never to act on them. Every response goes through a person first.
Maxis sits further along the automation curve, because keeping telco services continuously available demands machine-speed response. That has quietly changed the hiring profile. The hardest people to recruit now, said Head of Cybersecurity Mei Ling Mudin, are builders of AI guardrails, not operators of security tools.
Telekom Malaysia (TM) has pushed furthest into formal governance. Before any AI use case goes live, it passes an internal risk classification that scores what could go wrong and reports the result to the board.
Every system has to be explainable, meaning the team can trace why the AI made a given decision rather than accepting the output as faith. And testing does not stop after launch. TM deliberately continues attacking its own AI systems to find weaknesses, because a model that behaved safely at deployment can drift over time.
Chief Information Security Officer Raja Azrina Raja Othman was candid that this discipline has a price. TM has pulled the brakes on projects internally rather than switch on vendor tools that turned out less secure by default than assumed.
The session, moderated by Dato' Ts. Dr. Haji Amirudin Abdul Wahab of the AIBP Advisory board, produced less than a debate than a shared baseline: formal, pre-deployment AI risk classification is replacing ad hoc review across enterprise technology in the region.
AI Agents on Probation
The day's final discussion made autonomy concrete. Shaharuddin Hamid Mustapha, Chief Executive Officer of PETRONAS Digital, shared that his own AI assistant had rejected a memo he wrote that same week. Agent autonomy has stopped being a demo capability.
Nobody argued against supervising agents. What separated the speakers was where they put the supervision.
Shaharuddin puts it at a portfolio level. The complaint that governance slows innovation, he argued, is aimed at the wrong projects. Governance costs little on projects without mega value at stake, and what it catches is the invisible leakage of unmonitored agents and runaway costs. As he put it, borrowing a line from his bosses:
"The value is on a PowerPoint, the cost is in a SAP. The value is conceptual, but the cost is always real."
Given the stakes of oil and gas, his posture is to protect first, then accelerate.
Tenaga Nasional Berhad manages its agents architecturally. Its Human-AI Interaction Model tiers decisions by consequence, keeping critical safety calls under human supervision no matter how capable the system becomes. For a national utility, an agent error means a power outage. Automation may fly the plane; the captain stays in command.
Ahmad Yusri Mohamed, Chief Digital Officer of Johor Corporation (JCorp), plugs its agents even earlier, in its design. He warned against the most common shortcut: mapping AI onto an existing SOP flowchart just automates inefficiency faster. JCorp redesigns each workflow from the outcome backward, then works out which steps genuinely need a human decision-maker.
The division of labour inside that redesign is clean. The model is IT's responsibility, stress-tested until confidence is high. The data feeding it belongs to the business unit, because they know what is relevant.
Damien Wong, Senior Vice President Asia Pacific at Tricentis, offered a way of framing where responsibility sits. When a car hits a wall, fault depends on whether the car malfunctioned or the driving was reckless, and the same logic applies to an AI model and how a business deploys it.
His suggestion for building trust in a new agent sits in time. Treat a new agent like a new employee: onboarding, training, then a probation period, before it earns real autonomy. He closed with a line that captures the day: "the most trustworthy AI is the one that knows when it shouldn't be deciding."
The Conversation Continues Across ASEAN
Two days in Kuala Lumpur made one thing visible: Malaysian enterprises have moved past adopting AI and are now absorbing it, into job design, hiring plans, security operations and the looming question of who answers when something goes wrong. The organisations furthest along were the ones investing in their people as deliberately as their platforms.
The same questions are now heading across the region, with AIBP in Jakarta on 26 and 27 August and Bangkok on 2 and 3 September, where enterprises across Indonesia and Thailand will take up AI ownership and governance, build versus buy, and cyber resilience in AI-driven organisations.
See what's next for AIBP. Explore our upcoming activities here.