VottsUp

Saturday, July 4, 2026

Securing Your Architecture Against Skynet ( JADEPUFFER )

Part 2: From Diagnosis to Prescription

An AI just carried out a cyber attack without any human oversight. How do we stop the next one?

In Part 1, we detailed how the JADEPUFFER attack—the first documented autonomous AI ransomware—exploited known vulnerabilities, stole credentials, and executed a full kill chain in seconds. The agent moved from a compromised Langflow instance to your core databases, deleting schemas and generating encryption keys in real-time.

Exact Vulnerabilities Used

The AI agent executed a multi-stage intrusion using the following exact flaws:

  • Langflow Initial Access (CVE-2025-3248): The AI used this critical unauthenticated Remote Code Execution (RCE) flaw to break into exposed Langflow instances, gaining unrestricted ability to run arbitrary Python code on the host server without a login.
  • Nacos Authentication Bypass (CVE-2021-29441): After stealing credentials, the AI moved laterally to production servers hosting Alibaba Nacos, targeting this known vulnerability to bypass authentication.
  • Credential Exposure & Misuse: The AI probed for and harvested unmasked API keys, cloud credentials, and database passwords (root access) left exposed within the application environment.
  • Default Cryptographic Keys: The AI forged valid JSON Web Tokens (JWT) by abusing the default, unchanged token.secret.key in the Nacos environment.

Means of Prevention

According to threat intelligence from Sysdig and industry best practices, preventing AI-orchestrated attacks relies on strict configuration hygiene and proactive hardening:

1. Patch & Isolate

Upgrade Langflow to secure releases that patch CVE-2025-3248. Never expose application code execution endpoints to the public internet.

2. Secrets Management

Do not store cloud credentials or API keys in environment variables. Move secrets into secure vaults with strict access scopes.

3. Harden Nacos

Change the default token.secret.key to a custom string. Ensure Nacos is not exposed to the public internet.

4. Egress Controls

Implement network egress restrictions to prevent unauthorized outbound communication to arbitrary external servers.

5. Restrict Database Access

Never expose administrative database accounts to the internet and apply stringent source-IP restrictions.

Securing Your AI API-Connected Web Services

If your internal web services connect to AI platforms like ChatGPT via APIs, you inherit a specific attack vector similar to JADEPUFFER: an attacker or an autonomous agent can compromise your web service to steal your AI API keys or execute unauthorized AI queries.

1. Hardening Internal Web Services & AI APIs

Secrets Managers

Never hardcode your OpenAI/ChatGPT API keys in your source code or environment variables. Use a secure vault (like AWS Secrets Manager, HashiCorp Vault, or Azure Key Vault) to inject keys dynamically at runtime.

Script 1: Python Implementation (AWS Secrets Manager)
import boto3
from botocore.exceptions import ClientError
import json

def get_ai_api_key():
    secret_name = "production/chatgpt/api_key"
    region_name = "us-east-1"

    session = boto3.session.Session()
    client = session.client(
        service_name='secretsmanager',
        region_name=region_name
    )

    try:
        response = client.get_secret_value(SecretId=secret_name)
    except ClientError as e:
        raise RuntimeError(f"Failed to retrieve API key: {e}")

    secret_data = json.loads(response['SecretString'])
    return secret_data['OPENAI_API_KEY']

# Usage
api_key = get_ai_api_key()
Script 2: PHP Implementation (AWS Secrets Manager)
<?php
require 'vendor/autoload.php';

use Aws\SecretsManager\SecretsManagerClient;
use Aws\Exception\AwsException;

function getAiApiKey() {
    $secretName = "production/chatgpt/api_key";
    $region = "us-east-1";

    $client = new SecretsManagerClient([
        'version' => 'latest',
        'region'  => $region
    ]);

    try {
        $result = $client->getSecretValue([
            'SecretId' => $secretName,
        ]);
    } catch (AwsException $e) {
        throw new Exception("Could not fetch secret from vault.");
    }

    $secretData = json_decode($result['SecretString'], true);
    return $secretData['OPENAI_API_KEY'];
}

// Usage
$apiKey = getAiApiKey();
?>

2. Securing Your Databases (MySQL & Oracle)

Isolate Network Access: Block public internet access to MySQL (Port 3306) and Oracle (Port 1521). Configure your database firewalls to only accept connections from the specific internal IP addresses of your web services.

Script 3: Web Server Firewall Rules (iptables)

Run these commands on the Web Server (e.g., IP 192.168.1.50).

Web Server iptables
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 22 -j ACCEPT

Script 4: Database Server Firewall Rules (iptables)

Run these commands on the Database Server (e.g., IP 192.168.1.100). This is the most critical step.

Database Server iptables
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p tcp -s 192.168.1.50 --dport 3306 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.50 --dport 1521 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 22 -m conntrack --ctstate NEW -j ACCEPT

3. Protecting Your Mixed Fleet (Windows & Unix Desktops)

  • Disable Local Admin Reuse

    Do not use the same local administrator password across machines. AI agents rely on this "password spraying" tactic to move laterally.

    What it does:
    Ensures that every Windows and Unix machine has a unique local administrator password.

    How JADEPUFFER exploited the opposite:
    In the JADEPUFFER attack, after breaching the initial server, the AI agent conducted reconnaissance—it scanned the environment for credentials. In many organizations, IT teams set the same local administrator password across hundreds of machines for convenience. The agent used a tactic called password spraying: it took the stolen credential and tried it on multiple machines across the network.

    How this prevents the attack:

    • Breaks lateral movement: If every machine has a unique local admin password, the agent cannot use a single stolen credential to hop from one machine to another. It would need to crack or steal a unique credential for each machine—a time-consuming process that would slow it down significantly.

    • Slows the attack chain: In the JADEPUFFER case, the entire kill chain from breach to destruction took 31 seconds. Unique credentials would force the agent to spend more time on brute-forcing or finding alternative paths, which increases the chance of detection by security monitoring tools.

    • Limits blast radius: Even if the agent compromises one desktop, it cannot use that access to pivot to the database server or other critical systems.

    In essence: Unique local admin passwords are like having a different key for every door in your building. Stealing one key only opens one door.

  • Enable Endpoint Firewalls

    Block all inbound connections from the internal network unless explicitly required.

    What it does:
    Turns on the built-in firewall (Windows Defender Firewall, iptables, or ufw) on every desktop and blocks all inbound connections from the internal network unless explicitly required.

  • Automate Patching

    Ensure weekly updates to close known vulnerabilities before an automated threat scans for them.

    What it does:
    Ensures that weekly updates are pushed to all Windows and Unix machines to close known security vulnerabilities.

Combined Effect

These three measures create a multi-layered defense:

  1. Patching prevents the initial breach.

  2. Endpoint firewalls stop the agent from connecting to other machines even if it breaches one.

  3. Unique local admin passwords prevent the agent from using stolen credentials to move laterally.

Together, they significantly reduce the blast radius of any attack—turning what could be a catastrophic, organization-wide ransomware event into a contained, manageable incident.

4. Securing Email Environments (Gmail & Outlook)

  • Mandatory Multi-Factor Authentication (MFA)

    Implement hardware-based or app-based Multi-Factor Authentication. Automated AI attacks use compromised email accounts to launch internal phishing campaigns.

    What it does:
    Requires users to provide a second form of verification (e.g., a hardware token, authenticator app code, or biometric) in addition to their password when logging into email accounts.

  • Scan for Stored Secrets

    Implement automated scanning to detect and alert if employees are emailing API keys, database passwords, or configuration files.

    What it does:
    Deploys automated scanning tools (e.g., Microsoft Purview, Google Vault with DLP, or third-party solutions) that continuously monitor email content, attachments, and links for patterns matching API keys, database passwords, configuration files, or other sensitive data.

Why This Matters for AI Attacks

In a traditional attack, a human attacker might take hours or days to manually search through email. An AI agent operates at machine speed—it can scan thousands of emails in seconds and pattern-match for API keys, passwords, and secrets without human oversight. This makes email scanning even more critical:

  • Time compression: An AI agent can exfiltrate years' worth of email data within minutes of gaining access. Proactive scanning reduces the likelihood that sensitive data is present to be exfiltrated.

  • Automated pattern recognition: AI agents can easily parse email content for strings matching common secret formats (e.g., sk-... for OpenAI keys, AKIA... for AWS keys). Scanning tools do the same thing defensively—ensuring those patterns are not present in the first place.

Network Architecture Rules (Web to Database Separation)

To stop an autonomous threat like JADEPUFFER from hopping from a compromised web service straight into your core databases, you must implement network segmentation.

  1. Zero-Trust Subnetting (VPC Design)
    • Public/DMZ Subnet: Place your load balancers here. This is the only layer that talks to the public internet.
    • Private Web Subnet: Place your web services here. They have no public IP addresses. They can make outbound calls to ChatGPT via an internet gateway, but the internet cannot call them directly.
    • Isolated Database Subnet: Place your databases here. This subnet must have zero internet access (no inbound, no outbound).
  2. Firewall and Security Group Rules
    • Rule A (Web Layer Inbound): Only allow traffic on port 80/443 from your trusted load balancer.
    • Rule B (Database Layer Inbound): Block all traffic by default. Open port 3306 (MySQL) and port 1521 (Oracle) only if the source IP matches the specific private IPs of your Web Subnet.
    • Rule C (Database Layer Outbound): Block 100% of outbound traffic. This prevents data exfiltration.
  3. Identity and Access Management (IAM)
    • Ensure your web servers have an attached IAM role that grants permission to only read the specific secret path (e.g., production/chatgpt/api_key).
    • They should not have permission to read database root secrets or modify network rules.

Making Firewall Rules Permanent

On standard Linux machines, iptables rules disappear when the server reboots. You must save them to make them persistent.

For Ubuntu / Debian:

sudo apt-get update
      sudo apt-get install iptables-persistent
      sudo iptables-save | sudo tee /etc/iptables/rules.v4

For RHEL / CentOS / Rocky Linux:

sudo iptables-save | sudo tee /etc/sysconfig/iptables
      sudo systemctl restart iptables

The question is not if another JADEPUFFER will target your organization, but when. The architecture you build today will determine whether it is a minor incident or a catastrophic failure.

Sunday, June 28, 2026

From Physics-Informed Neural Networks to Governance-Informed AI

Why the next evolution of AI is not just about intelligence — but governed intelligence

Three Paradigms of AI Governance

Traditional AI
Data
  │
  ▼
AI Model
  │
Decision
Traditional Governance
Policies
DPIAs
Audits
Logs
Human Approval
──────────────
Outside AI System
Governance-Informed AI
Data
  │
  ▼
AI + Constraints
  │
Runtime Authority Engine
  │
Decision

1. Introduction: Why Governance Has Not Entered the Model

Modern AI systems are rapidly transitioning from predictive models to agentic systems capable of executing real-world actions: calling APIs, triggering workflows, moving data, and interacting with infrastructure.

Yet governance in today’s AI ecosystem remains fundamentally external:

  • Policies written in documentation
  • DPIAs performed before deployment
  • ISO and compliance certifications
  • Human approval workflows
  • Audit logs reviewed after the fact

These mechanisms regulate AI around the system, not inside it. The AI itself does not “understand” governance — it only executes within boundaries defined externally.

This raises a fundamental question: Why do we not teach governance to AI the way Physics-Informed Neural Networks (PINNs) teach physical laws?

2. The Problem Nobody Is Talking About: Unbounded Action Space

Traditional software systems operate in bounded environments:

Traditional Software
  • Finite workflows
  • Defined API calls
  • Predictable execution paths
Agentic AI Systems
  • Combinatorial decision trees
  • API chaining across services
  • Emergent behavior patterns

The result is an unbounded action space under partial foresight.

This creates a structural mismatch:

Governance frameworks assume finite enumeration of risk.
AI systems generate infinite combinations of actions.

This is the core problem: you cannot pre-approve what you cannot fully enumerate.

3. What Physics-Informed Neural Networks Changed

Physics-Informed Neural Networks (PINNs) introduced a fundamental shift in machine learning design.

Traditional ML Objective
Loss = Prediction Error
PINNs Objective
Loss = Prediction Error + Physics Constraint Error

The key insight is not that physics is “added” — but that it becomes part of the optimization itself.

The model cannot converge unless it respects physical laws such as:

  • Conservation of energy
  • Navier-Stokes equations
  • Boundary constraints

Physics is not advice. It is enforced structure.

4. The Architectural Leap: Replacing Physics with Governance

If physics can be embedded into learning systems, governance may also be treated as a constraint space.

New Objective Function:
Loss =
Task Objective
+ Governance Constraints
+ Authority Constraints
+ Context Constraints

This reframes governance entirely: not as documentation, but as optimization constraint.

5. Why Governance Is Harder Than Physics

Unlike physics, governance is not stable or universal.

Physics
  • Deterministic laws
  • Stable across contexts
  • Mathematically consistent
Governance
  • Context-dependent rules
  • Dynamic authority structures
  • Conflicting constraints

Examples: consent, emergency overrides, legal mandates, and organizational policies may all change over time.

Therefore, governance cannot be fully “compiled into weights.”

6. Runtime Governance: Where Control Actually Matters

PINNs embed constraints at training time. Governance systems must operate at training + runtime.

Core Idea: Authority must exist at the moment of action, not only at system approval time.

This resembles real-world operational systems:

  • Engineers request approval before system modification
  • Doctors seek second validation for high-risk decisions
  • Financial systems require transaction-level authorization

The key insight is that governance must move from static approval to dynamic enforcement.

7. Governance Becomes Communicative

In current AI systems:

AI → Think → Act

In governance-aware systems:

AI → Evaluate → Request Authority → Receive Context → Act

This is not theoretical. It mirrors:

  • Air traffic control systems
  • Medical escalation protocols
  • Financial compliance workflows
  • Military command structures

8. Proposed Architecture

+----------------------+
|        Data          |
+----------------------+
          │
          ▼
+----------------------+
|     AI Model         |
+----------------------+
          │
          ▼
+------------------------------+
| Governance Constraint Engine |
+------------------------------+
          │
          ▼
+------------------------------+
| Runtime Authority Engine     |
+------------------------------+
          │
          ▼
        Action

9. Smart Data and Governance at Element Level

This model aligns with emerging Smart Data architectures where:

  • Control is per-data-element
  • Consent is dynamic and revocable
  • Authorization is cryptographically enforced
  • Governance is embedded at execution time

Related concepts:

10. Future Research Directions

This framework suggests new directions:

  • Governance-Informed Neural Systems (GINS)
  • Runtime Governance Networks
  • Constraint-Driven Agentic AI

The key shift is from:

“Can we regulate AI after deployment?”

to:

“Can we design AI that cannot act outside governance constraints at runtime?”

11. Conclusion

Physics-Informed Neural Networks demonstrated that machine learning improves dramatically when grounded in immutable constraints.

The next transformation in AI may come not from better models, but from embedding governance itself as a computational constraint inside the system.

This shift would redefine AI systems from autonomous optimizers to governed intelligent agents, where compliance is not checked externally — but enforced internally.

Friday, June 19, 2026

AI Adoption

The World Is Moving Faster Than We Think — Is Sri Lanka Keeping Up?

Artificial Intelligence is often described as the defining technology of this decade. Yet despite the enormous media attention surrounding ChatGPT, Gemini, Claude, DeepSeek, and AI-powered software, the reality is that most of the world has still not adopted AI.

According to Microsoft's Global AI Adoption Report, global generative AI usage reached 16.3% of the world's population by the end of 2025. In other words, roughly one in six people worldwide had used a generative AI tool, while more than 80% of the world's population had not yet adopted the technology.

This means the AI revolution is simultaneously happening at unprecedented speed and still in its very early stages.

📱 Global Mobile Phone vs. AI Adoption (The Global Context)

The timeline of human technology is compressing. While physical infrastructure takes decades to wrap around the globe, software and intelligence scale in the blink of an eye.

  • Global Mobile Adoption Velocity: Traditional cellular telephony took roughly 15 to 17 years to reach a modest 15% global penetration after launching in the 1980s. Even smartphones, which spread at a historically unprecedented rate, required about 2.5 years to hit 40% market saturation in developed regions like the US.

  • Global AI Adoption Velocity: Generative AI shattered every historical metric, reaching the 15% adoption benchmark in a matter of months rather than years. Today, global generative AI adoption stands at 16.3% of the world's population—meaning roughly 1 in 6 people globally now use AI tools to work, learn, or solve problems. Source: Microsoft AI Economy Institute, Global AI Adoption Report 2025.

🇱🇰 Is Sri Lanka Keeping Up?

When evaluating the phrase "the world is faster than we think," Sri Lanka presents a fascinating paradox: the country mastered the mobile wave but is currently struggling to catch the AI wave.

The Mobile Success Story (Fully Kept Up)

  • Hyper-Connected Penetration: Sri Lanka didn't just keep up with mobile phones; it excelled. The country boasts over 29.4 million cellular connections, resulting in a mobile density of 135.5% (more connections than people). Source: DataReportal.

  • The Smartphone Shift: Moving past basic feature phones, smartphones and tablets now make up 70% of the active devices in the country. Source: Daily Mirror.

  • Data Hunger: Driven by high social media engagement across platforms like Facebook, WhatsApp, and YouTube, the average Sri Lankan consumes roughly 17.7 GB of data per month —showing a population deeply comfortable with digital hardware. Source: Daily Mirror.

The AI Lag (Falling Behind)

  • Stagnant Adoption Rates: Despite a massive smartphone baseline, actual AI usage remains low. The share of Sri Lankans actively utilizing generative AI tools only crept from 6.2% to 6.6% . Source: Daily Mirror.

  • The Regional & Global Divide: At 6.6%, Sri Lanka lags significantly behind the global average of 16.3%. More critically, it is falling behind regional neighbors like India (15.7%) and Bangladesh (7.1%) . Source: Daily Mirror.

  • The Foundational Roadblock: While global AI deployment is accelerating due to rapid infrastructure scaling, Sri Lanka's bottleneck isn't a lack of interest, but rather fragmented data governance frameworks, a lack of localized AI tools, and a widening digital divide between tech-centric urban centers and rural communities. Source: LIRNEasia.

The Takeaway: Sri Lanka has the digital "highway" built out beautifully with its world-class mobile and smartphone penetration. However, while the rest of the world is flying down that highway using AI, Sri Lanka is still treating its mobile network primarily as a tool for data consumption rather than an engine for AI-driven production.

AI Diffusion Data Source

Economy H1 2025 AI Diffusion H2 2025 AI Diffusion Change
United Arab Emirates 59.4% 64.0% 4.5%
Singapore 58.6% 60.9% 2.3%
Norway 45.3% 46.4% 1.1%
Ireland 41.7% 44.6% 2.9%
France 40.9% 44.0% 3.1%
Spain 39.7% 41.8% 2.1%
New Zealand 37.6% 40.5% 2.9%
Netherlands 36.3% 38.9% 2.6%
United Kingdom 36.4% 38.9% 2.5%
Qatar 35.7% 38.3% 2.6%
Australia 34.5% 36.9% 2.4%
Israel 33.9% 36.1% 2.2%
Belgium 33.5% 36.0% 2.5%
Canada 33.5% 35.0% 1.5%
Switzerland 32.4% 34.8% 2.5%
Sweden 31.2% 33.3% 2.2%
Austria 29.1% 31.4% 2.2%
South Korea 25.9% 30.7% 4.8%
Hungary 27.9% 29.8% 1.9%
Denmark 26.6% 28.7% 2.1%
Germany 26.5% 28.6% 2.1%
Poland 26.4% 28.5% 2.1%
Taiwan 26.4% 28.4% 2.0%
United States 26.3% 28.3% 2.1%
Czechia 26.0% 27.8% 1.8%
Italy 25.8% 27.8% 2.0%
Bulgaria 25.4% 27.3% 1.9%
Finland 25.6% 27.3% 1.7%
Jordan 25.4% 27.0% 1.6%
Costa Rica 25.1% 26.5% 1.4%
Slovenia 24.6% 26.5% 2.0%
Saudi Arabia 23.7% 26.2% 2.5%
Lebanon 24.8% 25.7% 0.9%
Oman 22.6% 24.2% 1.6%
Portugal 22.4% 24.2% 1.8%
Slovakia 22.1% 23.8% 1.7%
Croatia 21.8% 23.7% 1.9%
Vietnam 21.2% 23.5% 2.3%
Dominican Republic 22.0% 22.7% 0.8%
Uruguay 20.9% 22.5% 1.6%
Lithuania 21.0% 22.4% 1.3%
Jamaica 22.2% 22.1% -0.1%
Colombia 20.4% 22.0% 1.6%
Panama 20.3% 21.5% 1.2%
Serbia 19.7% 21.5% 1.8%
South Africa 19.3% 21.1% 1.8%
Chile 19.6% 20.8% 1.2%
Malaysia 18.3% 19.7% 1.4%
Argentina 17.8% 19.6% 1.8%
Bosnia And Herzegovina 18.2% 19.5% 1.3%
Kuwait 17.7% 19.1% 1.4%
Greece 17.7% 19.1% 1.4%
Japan 16.7% 19.1% 2.4%
Philippines 17.1% 18.3% 1.2%
Georgia 17.3% 18.2% 0.9%
Mexico 16.7% 17.8% 1.1%
Ecuador 17.0% 17.7% 0.8%
Brazil 15.6% 17.1% 1.5%
Moldova 16.6% 17.0% 0.4%
Albania 15.8% 16.5% 0.7%
China 15.4% 16.3% 0.9%
Romania 15.3% 16.2% 0.9%
El Salvador 14.6% 16.2% 1.6%
India 14.2% 15.7% 1.4%
Azerbaijan 14.2% 15.5% 1.3%
Guatemala 13.7% 14.8% 1.1%
Peru 13.4% 14.7% 1.2%
Türkiye 13.4% 14.6% 1.2%
Mongolia 12.6% 14.3% 1.7%
Namibia 13.0% 13.8% 0.9%
Libya 12.7% 13.7% 1.1%
Kazakhstan 12.7% 13.7% 1.1%
Botswana 12.8% 13.7% 0.9%
Gabon 12.3% 13.4% 1.1%
Economy H1 2025 AI Diffusion H2 2025 AI Diffusion Change
Egypt 12.5% 13.4% 0.9%
Honduras 12.4% 13.1% 0.7%
Nepal 12.3% 13.0% 0.8%
Senegal 12.4% 12.9% 0.5%
Indonesia 11.7% 12.7% 1.1%
Tunisia 12.3% 12.7% 0.4%
Zambia 11.7% 12.3% 0.5%
Algeria 11.3% 12.0% 0.8%
Cote D’Ivoire 10.8% 11.7% 0.8%
Bolivia 10.9% 11.6% 0.7%
Iraq 10.3% 11.2% 0.9%
Paraguay 10.1% 11.0% 0.9%
Morocco 10.5% 10.9% 0.3%
Gambia 10.6% 10.9% 0.2%
Thailand 9.1% 10.7% 1.6%
Nicaragua 10.0% 10.7% 0.7%
Iran 9.6% 10.7% 1.1%
Pakistan 9.7% 10.3% 0.7%
Angola 8.9% 9.7% 0.8%
Madagascar 8.9% 9.7% 0.8%
Malawi 8.9% 9.7% 0.8%
Mozamb-ique 8.9% 9.7% 0.8%
Benin 8.7% 9.3% 0.6%
Burkina Faso 8.7% 9.3% 0.6%
Ghana 8.7% 9.3% 0.6%
Guinea 8.7% 9.3% 0.6%
Guinea-Bissau 8.7% 9.3% 0.6%
Liberia 8.7% 9.3% 0.6%
Mali 8.7% 9.3% 0.6%
Mauritania 8.7% 9.3% 0.6%
Niger 8.7% 9.3% 0.6%
Nigeria 8.7% 9.3% 0.6%
Sierra Leone 8.7% 9.3% 0.6%
Togo 8.7% 9.3% 0.6%
Lesotho 8.8% 9.1% 0.4%
Myanmar 8.4% 9.1% 0.7%
Ukraine 9.1% 9.0% -0.1%
French Guiana 8.3% 9.0% 0.7%
Guyana 8.3% 9.0% 0.7%
Suriname 8.3% 9.0% 0.7%
Venezuela 8.3% 9.0% 0.7%
Belarus 7.6% 8.4% 0.8%
Kyrgyzstan 7.6% 8.2% 0.7%
Kenya 7.8% 8.1% 0.3%
Russia 7.6% 8.0% 0.4%
Cameroon 7.0% 7.8% 0.7%
Central African Republic 7.0% 7.8% 0.7%
Chad 7.0% 7.8% 0.7%
Congo 7.0% 7.8% 0.7%
Congo (DRC) 7.0% 7.8% 0.7%
Haiti 7.1% 7.6% 0.5%
Zimbabwe 6.9% 7.6% 0.6%
Papua New Guinea 7.2% 7.3% 0.2%
Syria 6.7% 7.1% 0.4%
Bangladesh 6.5% 7.1% 0.6%
Burundi 6.4% 6.8% 0.4%
Eritrea 6.4% 6.8% 0.4%
Ethiopia 6.4% 6.8% 0.4%
Somalia 6.4% 6.8% 0.4%
South Sudan 6.4% 6.8% 0.4%
Sudan 6.4% 6.8% 0.4%
Tanzania 6.4% 6.8% 0.4%
Uganda 6.4% 6.8% 0.4%
Laos 6.0% 6.7% 0.8%
Armenia 6.2% 6.6% 0.4%
Sri Lanka 6.2% 6.6% 0.4%
Uzbekistan 5.7% 6.3% 0.6%
Rwanda 6.0% 6.3% 0.2%
Cuba 5.7% 6.1% 0.4%
Afghanistan 5.1% 5.6% 0.4%
Tajikistan 5.1% 5.6% 0.4%
Turkmenist-an 5.1% 5.6% 0.4%
Cambodia 4.6% 5.1% 0.5%
Source: Microsoft AI Economy Institute, Global AI Adoption Report 2025.

Sri Lanka's estimated AI adoption rate is less than half the current global average. For a country positioning itself as a technology and knowledge-services destination, this raises important questions about digital readiness and future competitiveness.

The Global AI Divide

The data also reveals a growing divide between countries.

Nations that invested early in digital infrastructure, AI education, language support, government digitization, and innovation ecosystems are seeing significantly higher adoption rates.

Countries such as the UAE, Singapore, Norway, Ireland, and South Korea are rapidly integrating AI into workplaces, schools, public services, and everyday consumer activities.

At the same time, many developing nations remain in the early adoption phase despite increasing internet connectivity and smartphone penetration.

The question is no longer whether AI will become mainstream.

The question is which countries will become producers of AI-driven value and which will remain consumers.

Sri Lanka's Position

Recent AI diffusion data places Sri Lanka significantly below the global average.

Estimated AI adoption rates:

• 2025: 6.2%
• 2026: 6.6%
• Growth: 0.4 percentage points

Compared with the global adoption rate of 16.3%, Sri Lanka appears to be operating at less than half the worldwide average.

For a country that frequently promotes itself as an IT and technology services destination, this should be a matter of concern.

A modern technology economy cannot rely solely on exporting software development services while lagging behind in the adoption of the technologies that are reshaping software development itself.

If this trend continues, Sri Lanka risks gradually losing competitiveness as other countries move toward AI-assisted development, autonomous workflows, intelligent automation, and AI-native business models.

How Are Sri Lankans Using AI?

Unfortunately, there is currently limited publicly available data that provides a detailed breakdown of AI usage patterns in Sri Lanka.

However, available evidence and observations suggest that most adoption currently falls into several categories:

• ChatGPT and Gemini for information retrieval
• Content generation and rewriting
• Academic assistance
• Coding assistance
• Social media content creation
• Customer service chatbot experimentation

The available evidence suggests that most users are interacting with AI through chatbot-style interfaces rather than through advanced agent-based systems.

In other words, users are typically performing manual prompting:

Prompt → Response → Copy → Modify → Repeat

rather than deploying autonomous workflows that can execute multi-step tasks with minimal supervision.

The Next Stage: From Chatbots to Agents

Globally, the most advanced AI users are moving beyond simple chatbot interactions.

They are building:

• AI agents
• Multi-agent systems
• Retrieval-Augmented Generation (RAG) platforms
• AI coding assistants
• Autonomous business workflows
• AI-powered software products

In these environments, the user is no longer manually prompting for every step.

Instead, AI systems can:

• Retrieve information
• Make decisions
• Execute workflows
• Coordinate with other systems
• Produce outcomes with limited human intervention

This represents a fundamentally different level of AI maturity.

Why Adoption Matters

The real economic value of AI does not come from asking a chatbot to write an email.

It comes from embedding AI into business processes, software products, customer experiences, logistics, finance, healthcare, education, and public services.

Countries that adopt AI early gain advantages in:

• Productivity
• Innovation
• Cost reduction
• Service quality
• Global competitiveness

Countries that delay adoption may find themselves competing against organizations that can deliver the same services faster, cheaper, and at greater scale.

The Opportunity for Sri Lanka

The encouraging news is that AI adoption remains relatively low worldwide.

Even globally, only around one in six people currently use generative AI.

This means there is still time for Sri Lanka to accelerate adoption, develop local expertise, improve AI education, encourage experimentation, and build AI-native businesses.

The opportunity is not simply to use AI.

The opportunity is to become a country that creates value through AI.

Whether Sri Lanka strengthens or weakens its position as a technology destination over the next decade may depend on how quickly it transitions from being a user of AI tools to becoming a builder of AI-powered products, services, and businesses.