"With the AI Basic Act taking effect in January this year, companies must fundamentally redesign how they handle data."

John Jester (존 제스터), chief revenue officer at Veeam Software, held a media briefing on Tuesday and again stressed the need to revamp data strategies as AI adoption spreads inside companies, including with the AI Basic Act taking effect.

He pointed to a lack of readiness on the ground even as regulation tightens. Citing a Veeam Software survey of IT leadership conducted in December 2025, he said nearly 7 in 10 chief information security officers cannot identify where data is stored across systems and how it flows.

The AI Basic Act requires transparent documentation and risk assessments for high-impact AI systems, while the Personal Information Protection Act requires reporting to authorities within 72 hours after a data leak occurs. The Financial Services Commission requires financial firms to verify and document the sources of data used in AI models. Jester said the need for more multi-dimensional data management is growing, but companies remain far from ready.

He said the pattern of data security threats has also changed as AI spreads. Many companies still cannot properly trace incidents within 72 hours after a data leak occurs, he said. He added that in many cases logs are not kept even when AI tools access sensitive information, and that shadow AI tools that bypass approval processes are being used widely.

He said 2,383 cyber incidents were reported in South Korea in 2025 and AI was used in 60 percent of major incidents. He said security architecture has changed fundamentally from the pre-AI era, when perimeter-based security, access centered on people with clear authority and quarterly audits were sufficient for managing data. Now, he said, AI agents access data thousands of times per second and move simultaneously across multiple sources. Models change daily, and recovery needs to be done not for everything but at the level of datasets, embeddings and model weights.

He said companies should focus on four main AI risks: sensitive data leakage, data breaches, compliance violations and AI agent errors.

He said AI can modify thousands of files in just minutes. A malfunctioning AI system can damage records or leak sensitive information before anyone notices, he said.

Veeam Software is upgrading its product strategy in line with these changes. It is automating data classification and tracking, and also provides identity-based governance for AI systems and agents, as well as recovery functions through forensic verification.

The briefing also highlighted Agent Commander. Agent Commander provides three functions: "detection" to immediately identify when AI attempts abnormal changes, "protection" to determine what changed, when, and by which AI tool, and "undo" to accurately revert only the files that caused the problem.

The company explained that it helps companies secure visibility into risks from AI agents and exposure of sensitive data.

Jester said Agent Commander supports use scenarios such as broad AI compliance, building secure custom agents in public clouds, adopting enterprise SaaS agents and securing visibility into shadow AI risks.