Southeast Asia’s enterprises talk confidently about transformation, automation, and AI. But the moment a workflow moves from “assist” to “act” the enthusiasm slows. While agentic systems sound visionary in boardrooms, in practice they collide with long-standing habits and ways of doing business. Who signs off? Who supervises autonomy? Where is the data they can access stored? What happens when a process moves faster than the hierarchy built to contain it?

This is the region’s core tension: ambition without comfort, transformation without surrendering control.

Komy A sits right in the middle of that gap. He’s 22, a cybersecurity student, and started his company, Genta AI Solutions, in November 2024 while still in university. He is part of a cohort that grew up inside digital systems. For his generation, autonomy is not something to be earned. It is the starting assumption. Across much of Southeast Asia, autonomy still comes with a pause. Organizations are still deciding how far a system can run before a human steps back in, and who carries responsibility when something goes wrong.

A Founder Shaped By Systems

Komy’s entry point was not a university course but a childhood curiosity. The spark came from “a movie about hacking” he watched at eight or nine. He taught himself Python and JavaScript and gravitated toward the parts of computing that show how systems break and how they can be defended.

A lot of that learning happened through CTFs, short for capture-the-flag. He calls them “online competitions of hacking,” with “red teaming, blue teaming, like defense and attack kind of games.”

Then he found bug bounties, a more structured version of the same impulse, where you look for “a vulnerability… a door for other hackers to hack the company,” and if you find it, “you get the payout.”

“All big companies do that, including Apple, Google, Meta,” he adds. He started small. “It was still fun,” he says. “And also you kind of get paid for it, and you make a name for yourself online.”

That background has shaped how he talks about risk now. “There’s always a vulnerability in any kind of program or system,” he says. And with AI agents gaining access to more tools and data, he sees a familiar pattern: “there’s more that we don’t know than what we do know.”

The API Moment and The Birth of Genta AI

When Komy began his cybersecurity degree in Malaysia, he made a deliberate shift. As an international student he needed something more stable than security competitions. So, he took a full-time role at an Australian software company while studying.

At his second job, while still a student, Komy joined a US-based software firm in a more senior technical role. This was around the time the developer toolkit started shifting quickly. He had always automated what he could, but access to the OpenAI API felt like a step-change. He describes it as a moment that “changed everything.” He started using it immediately, even when “it still had some bugs in it,” and began wiring it into real production workflows.

As he built more, the gap became obvious. Many companies were, in his words, “outdated with the way they work.” He tested his approach with people he had worked with before, often without charging, and the interest confirmed the direction. “Everyone I have worked with was automatically interested,” he says. By November 2024, he formalized the work into Genta AI Solutions. The team grew quickly, eventually reaching sixteen people across Argentina, Malaysia, Japan, Egypt, Germany and the United States.

What Genta AI Does

Genta AI’s work follows a graduated autonomy path. It starts with quick wins through basic automation. Then it moves into mid-level work where reasoning matters and agents can take on defined decisions, with humans brought back in at the right checkpoints.

In practice, the first step is stepping inside a company’s day-to-day operations and looking for what Komy calls “the boring stuff.” These are tasks that drain hours without requiring judgment: data entry, spreadsheet updates, rigid form-driven processes. “These are what I call quick wins,” he says. They are often solved with basic automation, and usually do not even need AI. The goal is to save time fast, and to make the rest of the workflow easier to improve.

Once those quick wins are in place, he says the focus moves up a level. It becomes “mid-level kind of work,” where decisions and reasoning start to matter. That is where AI agents come in. “There’s decision making. There’s reasoning. This is the kind of course where AI gets involved,” he says. “There’s AI agents that need to take decisions or raise for humans in the loop checks,” with notifications that bring people back in when needed.

One of Genta’s first clients in Singapore shows how this plays out. Mamba is a Singapore-based SEO and GEO (generative engine optimization) firm that helps large clients rank on search and get mentioned by AI platforms. A lot of their day was research-heavy: keyword analysis, content checks, rankings, algorithm shifts, backlinks. It’s a lot of “click work,” or repetitive tasks that soak up time. In practice, work that should take an hour can stretch into a day, which was “kind of like the problem they had,” says Komy.

When Genta first came in, the plan was controlled automation. The aim was to speed up specific workflows, with agents sitting inside a defined pipeline. Keyword research was the clearest example. Give it a set of inputs, get a set of outputs, and keep the scope tight.

Komy points to MCP (Anthropic’s Model Context Protocol) as the moment the “pipeline” idea started to feel too small. With MCP, the agent isn’t just generating text that a human copies into SEMrush. That matters because it collapses the copy-paste layer and shifts the work closer to the tools teams already live in. For Mamba, that meant “get an agent connected to SEMrush,” so each person effectively has “a junior SEO engineer under their hands.”

On top of that, Genta built a second tool to calculate “mention rates,” meaning how often a client gets mentioned across a set of prompts. Komy says similar products exist, but they can get expensive quickly, so they built an internal version for Mamba as part of their engagement.

Why Automations and Agents Are Not the Same

Having engaged with organizations at different levels of AI maturity, Komy argues the market’s core problem is definitional. The biggest confusion he keeps running into is basic: people mix up AI agents with basic automation, which has been around for over a decade.

He starts with the familiar stuff most teams already use: trigger-based workflows. An email comes in, a response gets drafted. Someone fills out a form, the data gets routed, logged, or pushed into another system. It is useful because it is predictable. The same input kicks off the same sequence of steps every time.

He contrasts that with what he considers a real agent. Instead of a fixed script, you “just provide them the tools,” plus context and instructions, and “then they can act upon themselves.” The key difference is that an agent can decide when to use tools: “they have the tools. They have the context or the data, and then they act and manage to get the work with the set of instructions.”

He is careful not to dismiss either approach. “Both are powerful, both are really good. Both are not the same.” But he thinks the mislabeling causes trouble in both directions. Some companies underestimate what agents can do and stay stuck at “very, very simple automation levels.” Others assume the opposite, that one investment lets them “run their whole company” and “fire half of their team.” Komy rejects that. In his experience, “these agents all need a human most of the time,” and “we have to put humans in the loop checks before sending things out.”

The real shift, he says, is not replacement. It is moving people “from like the people who do the work to people who manage and guide the work, so more like management and supervisors kind of role.”

Institutional Hesitation: Age, Trust, and Security Regimes

Once you get clear on what an agent is, the real friction shows up fast: who is comfortable handing over action, and where do they draw the line?

In much of Southeast Asia, that line is shaped by how accountability works day-to-day. Responsibility is still assigned through hierarchy, and risk is managed through explicit approval. So autonomy does not just change workflows. It challenges how responsibility is assigned when something goes wrong.

Komy’s read is that Southeast Asia often draws that line earlier. “Southeast Asian based clients… are a bit more skeptical when it comes to new technology… they need more reassurance,” he says.

When he contrasts it with the U.S., he frames it as a comfort with uncertainty: “U.S.-based accounts are more open to going into new things with not 100% certainty. This is the biggest difference I’ve seen with how they perceive new projects.”

Komy says the age question comes up too, both his and the company’s. There have been a lot of situations where buyers hesitate because “this startup, you’re young.” He adds that decision-makers “really value experience… age in the industry, reputation.”

As a cybersecurity student, he starts from a blunt premise: “there’s nothing that’s 100% secure.” He also keeps coming back to the idea that the unknowns are still larger than the knowns in agent security. But in his view, that cannot become a reason to freeze. The move is to acknowledge risk, plan for it, and still proceed.

His answer is guardrails, not wishful thinking. Put “precautions and guidelines of security” in place before you expand autonomy. Start with “privilege access,” so agents only get the minimum permissions needed. Be strict about “what kind of data they have access to,” and isolate the environment they operate in, especially for sensitive workflows. The point is not perfect safety. It is reducing exposure and limiting blast radius if something goes wrong.

He also flags why this matters now: attackers are already experimenting with public model APIs, where malicious code can call an API and adapt to the environment. For him, that is exactly why progress and security have to move together, not as a trade-off.

Jobs in the Agent Era

This is where the agent conversation gets uncomfortable, because it is less about tools and more about roles: as agents absorb routine work, entry-level tasks thin and responsibilities move up into review and escalation, a shift the World Economic Forum’s Future of Jobs Report 2025 also reflects.

Komy’s view on jobs is more restrained than the usual ‘AI will replace everyone’ storyline. “AI won’t steal jobs,” he says, at least not yet.

The change he expects is task compression: fewer people needed to execute the workflow, more responsibility on the humans who supervise it. The junior layer shifts first, from doing the clicks to checking the outputs, handling edge cases, and deciding what is safe to send out. The work does not disappear overnight, but the bottom rung reshapes before headcount does.

The Road Ahead

Southeast Asia is not short on interest in agents. What it is still working through is the handover: where autonomy starts, where humans step back in, and who carries responsibility when something goes wrong. Komy’s generation tends to default to action, while institutions are still negotiating the rules of control. The technology is moving anyway. The question is whether governance will catch up before autonomy becomes the default setting.