Cyber security leaders in the Middle East are adjusting to a new reality where artificial intelligence (AI) is sharpening attacks even as it strengthens defences. Conversations with regional chief information security officers (CISOs), analysts and suppliers reveal a clear shift. Social engineering has become far more convincing, shadow AI is creating constant risks, and security teams are under pressure to operate at the same speed as the threats they face.
What has changed most is not just the volume of attacks, but their quality. The regular warning signs that once helped flag phishing or impersonation attempts have largely disappeared.
Aus Alzubaidi, CISO at MBC Group, points to a rise in well-written, contextually relevant spear phishing and deepfake impersonation. In the region, he says, attackers are already using AI-generated audio and video to impersonate executives and authorise transactions. “What once seemed theoretical is now playing out in real operations,” he says.
That erosion of trust is now being exploited at scale. Roland Daccache, director of sales engineering for the Middle East and North Africa at CrowdStrike, says AI is accelerating every stage of the attack lifecycle, not just improving content. The company’s 2026 global threat report recorded an 89% year-on-year increase in activity by AI-enabled adversaries.
Osama M. Hijji, group CISO at EFG Holding, says advanced persistent threat (APT) groups are using AI to accelerate malware development, mount more complex distributed denial of service (DDoS) attacks and launch sophisticated phishing campaigns. This is resulting in social engineering that feels credible, making malicious activity harder to detect.
AI’s dual impact on security
While risks dominate most conversations, not every security leader sees AI as a net negative. Alzubaidi is clear on this. “AI is helping me as a defender more than it is helping the attackers,” he said. “That is my honest view.”
Triage is faster, correlation is stronger, and analysts can work at a higher level once AI handles the noise. “If the fundamentals are strong, AI makes a good team faster,” he adds.
AI is helping me as a defender more than it is helping the attackers Aus Alzubaidi, MBC Group
That upside is already reshaping how security teams operate. There is growing demand for what Daccache describes as “agentic SOCs” (security operations centres) in which analysts oversee fleets of intelligent agents that handle triage, investigation and response. The goal is to operate at machine speed against AI-driven threats, freeing humans to focus on strategy and judgement.
But the same momentum is creating new risks.
Business units across organisations are adopting AI tools faster than security teams can evaluate them. This is driving a surge in shadow AI, with sensitive data getting into systems that often lack visibility or control. This is something Alzubaidi deals with daily. “A policy tells people what they should do. It does not tell you what they are actually doing,” he said.
Without technical controls, monitoring and clear data boundaries, policies offer limited protection.
Execution gaps are compounding the problem. Nitin Gulia, a Dubai-based IT risk and cyber security executive, highlights data readiness, legacy system integration, model governance and skilled talent as the biggest constraints. Many organisations are still experimenting with AI in security rather than deploying it at scale, even as the technology gets embedded across their wider operations.
How priorities are shifting
All of this is now visible in how CISOs are setting priorities.
Identity has moved to the top of the list, as stronger impersonation makes it easier for attackers to log in rather than break in. AI governance is no longer something that can be delegated or handled through policy alone. It is becoming a core CISO responsibility. At the same time, detection and response are being revisited to keep pace with rapidly evolving threat signals.
Stronger impersonation makes it easier for attackers to log in rather than break in
Across the region, however, progress is uneven. Ahmad Shehab, research analyst at Counterpoint Research, says large organisations in markets such as the UAE, Saudi Arabia and Qatar are moving towards a “resilience-first” approach, building security into AI initiatives from the outset. Banking continues to lead in cyber security investment, given its systemic importance.
In many other markets, the pattern remains the same. Digital transformation comes first, and security follows later, often in response to incidents rather than by design.
Shehab highlights gaps in advanced skills, tooling and consistent governance as the most visible constraints. While some countries prioritise data control and AI security, others remain focused on expansion, creating uneven maturity across the region.
For Alzubaidi, the difference comes down to fundamentals. AI does not fix weak systems, he argues. It amplifies what is already there. Strong teams get faster. Weak ones simply make mistakes more quickly.
Security leaders agree that the organisations making progress are those tightening identity controls, taking AI governance seriously and developing operations that can keep pace with modern threats. Progress is visible, but it is far from uniform across the region.
