THE LARGEST TECH & STARTUP SHOW IN AFRICA
1,800 EXHIBITING COMPANIES
700+ STARTUPS
$350 BILLION AUM
60,000 VISITORS
700+ SPEAKERS
As cybersecurity pressure intensifies across government and enterprise, the Middle East and Africa’s largest cybersecurity gathering is entering a defining new phase. GISEC Global 2026, hosted by the UAE’s Cybersecurity Council and the official government cybersecurity partner, Dubai Electronic Security Center (DESC), will take place from 5–7 May 2026 at the Dubai Exhibition Centre (DEC), Expo City Dubai. The event marks not only a change in venue but also a shift in tone, urgency, and strategic focus.
Cybersecurity is no longer a support function. It sits at the intersection of national resilience,
economic stability, and geopolitical strategy. AI is accelerating both defense and attack capabilities. State-backed threats continue to evolve. Quantum disruption is moving from theoretical risk to a long-term planning reality. Against this backdrop, GISEC 2026 arrives at a moment when security leaders must look beyond incremental improvements and confront structural change.
The move to Expo City Dubai reflects this maturity, providing a setting designed for scale, clarity, and more purposeful engagement in a rapidly shifting cyber landscape.
GISEC SPOTLIGHT
A NEW SETTING FOR A MORE STRATEGIC CYBER DIALOGUE
Expo City Dubai’s campus-style layout enables a more cohesive experience for attendees navigating complex agendas. Participants can follow clearer thematic journeys across stages, demonstration zones, and networking areas.
For cybersecurity professionals balancing strategic oversight with technical validation and peer engagement, this environment supports both focused learning and deeper discussion. The Dubai Exhibition Centre’s design allows space for high-energy live activations alongside quieter environments for executive-level conversations, aligning with the increasingly layered nature of cyber decision-making.
But the significance of the move goes beyond logistics. It reinforces cybersecurity’s role at the core of digital ambition, innovation policy, and regional competitiveness.
THE 2026 AGENDA: FIVE PILLARS REFLECTING A CHANGING THREAT LANDSCAPE
GISEC Global 2026’s programme reflects the issues defining the next era of cybersecurity, blending strategic foresight with applied operational insight.
OFFENSIVE SECURITY AND PROACTIVE DEFENSE
Defensive models alone are no longer sufficient. As adversaries adopt AI-driven automation and machinespeed attack capabilities, organisations and governments are increasingly investing in offensive security methodologies, including red teaming, adversary simulation, and continuous attack surface validation.
Sessions in this pillar explore how proactive testing and simulated breach environments are becoming essential tools in strengthening resilience against advanced AI-enabled threats.
QUANTUM CYBER RESILIENCE
Quantum computing may not be fully operational at scale, but its implications for encryption and long-term data protection are already shaping security strategy. GISEC 2026 will examine crypto-agility, post-quantum migration planning, and the risks associated with “harvest now, decrypt later” attack models.
Security leaders must begin preparing today for cryptographic transitions that could define digital trust for decades.
CYBER DEFENSE AND NATIONAL SECURITY
Cybersecurity is increasingly intertwined with national security and geopolitical stability. From critical infrastructure targeting to state-sponsored campaigns, the lines between cybercrime, cyberwarfare, and strategic competition are blurring.
GISEC 2026 will bring together policymakers, national cyber authorities, and enterprise leaders to examine public, private collaboration, sovereign cyber capabilities, and coordinated resilience strategies.
OT AND CRITICAL INFRASTRUCTURE SECURITY
As IT and OT environments converge, industrial systems, energy grids, utilities, transport networks, and manufacturing operations face expanding exposure. A cyber incident in these environments now carries economic and societal consequences far beyond IT disruption.
Technical and strategic sessions will address segmentation, visibility, threat detection in industrial control systems, and resilience planning for high-impact infrastructure environments.
GENERATIVE AI IN CYBERSECURITY
Generative AI has rapidly become both a defense multiplier and a threat amplifier. Security teams are leveraging AI for detection, automation, and response, while adversaries exploit it for sophisticated phishing, malware development, and deepfake-based deception.
GISEC 2026 will explore governance models, risk management frameworks, and practical deployment
considerations as organisations integrate AI into core security operations.
FROM OBSERVATION TO ACTION: DESIGNED FOR PARTICIPATION
Beyond traditional conference sessions, GISEC 2026 expands interactive components designed to translate discussion into application.
Themed stages offer curated content journeys aligned to government, critical infrastructure, enterprise security, and technical practitioner audiences. Live cyber activations, simulations, and challenge environments allow attendees to observe and engage with real-world offensive and defensive techniques in controlled settings.
Structured networking programmes aim to reduce friction between decision-makers and solution providers, enabling more targeted and meaningful engagement. In an environment where cyber investments are scrutinised for measurable return, conversations must move beyond awareness toward validation and execution.
WHY THE EXPO CITY FORMAT MATTERS FOR OUTCOMES
For both buyers and vendors, cybersecurity events are increasingly judged by tangible outcomes, including partnerships formed, strategies refined, and technologies validated.
Expo City Dubai’s integrated layout supports this expectation by creating more deliberate intersections between content, exhibition, and executive networking. Security leaders can move seamlessly from strategic insights on stage to technical
scrutiny on the exhibition floor, ensuring that dialogue translates into informed decision-making.
This alignment between discussion and action reinforces GISEC’s positioning not merely as an awareness platform, but as a catalyst for measurable progress in regional cyber resilience.
A DEFINING MOMENT FOR THE INTERNATIONAL CYBER CALENDAR
The relocation to Expo City Dubai symbolises more than expansion. It reflects a cybersecurity landscape that has grown in complexity, urgency, and strategic importance.
As AI accelerates, quantum risk advances, and national cyber priorities intensify, GISEC Global 2026 positions itself as a forum where these structural shifts are examined with seriousness and depth.
From 5–7 May 2026, senior decision-makers, national cyber authorities, technology leaders, and security practitioners will convene not simply to discuss threats, but to shape how resilience is built across the Middle East, Africa, and beyond.
In a region actively investing in digital transformation and infrastructure modernisation, GISEC 2026 represents an opportunity to align strategy with execution and to define what cyber readiness means for the next phase of global security.
Exhibitors looking to showcase solutions, build partnerships, and shape the next phase of cybersecurity dialogue are encouraged to book their stand early via the official GISEC website.
THE DEATH OF OLD SECURITY:
BECOME
It started quietly, almost invisibly. A multinational retail chain logged in for its usual morning checks. IT teams reviewed alerts, scanned for malware, and assumed everything was normal. By mid-morning, registers went dark, payment systems froze, and employees couldn’t access inventory records. The cause? A ransomware attack had silently bypassed traditional antivirus and firewalls, exploiting gaps no one thought existed. By the time the breach was noticed, operations were paralyzed, millions in losses mounted, and reputations were at stake.
Scenes like these are becoming alarmingly common in 2026. The pace of technological change, the rise of autonomous attacks, and hyperconnected systems are rendering many long-standing cybersecurity practices obsolete. Passwords, signature-based antivirus, static firewalls, reactive threat hunting, and siloed teams, once the cornerstones of digital defense, are now vulnerabilities.
Across industries, from finance to healthcare, logistics to critical infrastructure, what worked yesterday is no longer enough. Organizations face a choice: adapt to survive, or cling to outdated tools and face increasingly sophisticated attacks.
PASSWORDS: THE FIRST CASUALTY
Alice, a finance manager working remotely, believed she was careful with her login credentials. Every system required a unique password, rotated regularly, and protected with multifactor authentication. But when an AI-generated deepfake of her manager appeared on her screen, urging her to confirm login details, she unwittingly handed over access. Within minutes, attackers had infiltrated her company’s network.
Passwords, long considered the backbone of cybersecurity, are failing. AI-driven attacks, sophisticated phishing, and brute-force techniques bypass human vigilance at alarming speed. In 2026, organizations are moving toward passwordless authentication, behavioral biometrics, and continuous AI monitoring to reduce human error.
It’s widely recognized in cybersecurity circles that passwords are no longer the first line of defense, they’ve become the weakest link. By 2026, depending on them is like leaving the front door unlocked.
Experts predict that within this year, nearly 70% of enterprises will have phased out traditional passwords entirely, replacing them with behavioral-based authentication or device-bound cryptography. Yet, many organizations still cling to legacy systems, exposing themselves to automated attacks capable of bypassing multifactor authentication altogether.
SIGNATURE-BASED ANTIVIRUS: DEAD ON ARRIVAL
Meanwhile, a global bank experienced an attack from polymorphic malware that changed its signature every few seconds. Traditional antivirus failed to detect it, leaving systems exposed for hours.
The reality in 2026 is clear: signature-based antivirus is obsolete. Cybercriminals use AI to create malware that adapts in real-time, rendering static signature detection ineffective. Modern defenses rely on predictive AI, anomaly detection, and autonomous threat responses. Organizations that haven’t upgraded are left exposed to attacks evolving faster than humans or traditional tools can respond.
Endpoint protection updates used to be the backbone of digital defense. Today, by the time patches arrive, malware has already adapted. Real-time, AI-driven monitoring is now the standard for staying ahead of attacks.
Even small businesses are not immune. Startups relying on conventional antivirus solutions often underestimate
Old cybersecurity tools fade in 2026, intelligent automation defines real protection."
the sophistication of modern attacks. By the time an alert reaches a human analyst, the damage is done, from data theft to reputational loss.
PERIMETER-FIRST SECURITY: THE CASTLEAND-MOAT MODEL IS DEAD
For decades, cybersecurity resembled a medieval castle: thick walls, guarded gates, and implicit trust inside. But in 2026, the castle walls are meaningless. Remote workforces, hybrid cloud environments, and IoT devices make traditional network perimeters porous.
Zero-trust architectures, rapidly adopted this year, operate on the principle that no device, user, or application is inherently trusted. Continuous verification, micro-segmentation, and adaptive monitoring replace perimeter-first thinking. Companies clinging to outdated trust assumptions risk breaches that cannot be contained by firewalls alone.
Consider a manufacturing enterprise with dozens of remote sites and industrial IoT devices. A single compromised sensor, left unchecked by traditional firewall rules, allowed attackers to pivot into critical control systems. Zero-trust policies, had they been implemented, would have prevented lateral movement by isolating the device automatically.
Cybersecurity teams can no longer rely on network perimeters. Each device, application, and user is a potential entry point, making old trust assumptions dangerous.
REACTIVE THREAT HUNTING: WAITING IS NO LONGER AN OPTION
Organizations have long depended on alert-driven, reactive security. A compromise occurs, an alert triggers, and humans investigate and respond. But attackers have grown faster than humans can react.
AI-driven predictive threat hunting is now the standard. Security systems can forecast attacks hours or days in advance, automatically contain potential threats, and alert human teams only when intervention is necessary. Reactive defenses are no longer sufficient, they are a liability.
A tech company detected unusual lateral movement in its network. By the time humans analyzed the logs, AI systems had already isolated the compromised segments, preventing a full-scale breach. The lesson is clear: those without predictive defense are already behind.
Predictive threat hunting leverages global intelligence networks, anomaly detection algorithms, and behavioral
analysis. The system anticipates the attacker’s next move, often neutralizing threats before humans even know they exist.
HUMAN-ONLY SOCS: THE ERA OF AIAUGMENTED SECURITY
Even the most skilled Security Operations Center (SOC) teams are struggling to keep up. The volume of data, alerts, and potential threat vectors is overwhelming. AIaugmented SOCs now analyze millions of logs in real time, identify patterns invisible to humans, and autonomously respond to low-risk threats.
Even the most skilled SOC teams cannot keep up with the speed of modern attacks. Without AI support, human analysts are fighting a battle they cannot win alone.
In healthcare, SOC teams now rely on AI systems to monitor connected medical devices in real time. A slight anomaly in an infusion pump’s network behavior triggers immediate isolation, preventing a potentially dangerous compromise. Humans make the judgment call but AI handles the relentless, round-the-clock monitoring that would be impossible for human teams alone.
STATIC FIREWALLS AND MANUAL COMPLIANCE: OUTPACED AND OUTDATED
Traditional firewalls, designed for static office networks, cannot adapt to dynamic cloud and hybrid environments. Similarly, manual compliance checks are insufficient in a world of real-time regulatory oversight.
Adaptive network security, micro-segmentation, and AI-driven governance are replacing outdated systems. Continuous compliance monitoring ensures organizations remain within regulatory requirements without manual intervention, reducing both risk and operational friction.
Manual audits are obsolete. Regulations move at the speed of data. Waiting weeks or months to verify compliance is a recipe for disaster.
SINGLE-LAYER ENCRYPTION: VULNERABLE IN A QUANTUM FUTURE
Encryption has long been a cornerstone of cybersecurity, but simple methods are increasingly vulnerable. Early quantum computing experiments show the potential to break current cryptographic standards. Organizations are moving toward post-quantum cryptography, layered encryption, and AI-assisted key management to protect sensitive data.
Banks and cloud service providers are investing heavily in quantum-resistant algorithms. Governments are introducing regulations requiring organizations to adopt encryption that can withstand the computational power of next-generation computers. Those sticking to single-layer encryption are exposed to both advanced persistent threats and futureproofing failures.
SILOED SECURITY TEAMS: INTEGRATION IS ESSENTIAL
Cybersecurity can no longer exist as a siloed function. By 2026, it must integrate across DevOps, IT, supply chains, and business strategy. Isolated teams are slower to respond, miss critical context, and fail against sophisticated attacks. Integrated cybersecurity ensures that defense is proactive, coordinated, and aligned with organizational objectives.
An energy sector company integrated cybersecurity with operations, allowing AI systems to detect anomalies in industrial control networks. When irregularities occurred in IoT-connected turbines, security and operational
teams acted simultaneously to prevent downtime. Siloed organizations would have faced cascading failures before human intervention could respond.
STATIC THREAT INTELLIGENCE REPORTS: TOO SLOW FOR A FAST WORLD
Quarterly or monthly threat intelligence reports are obsolete. Threats evolve in real time, and waiting to react is no longer acceptable. Modern intelligence systems use AI to provide actionable insights instantly, predicting attacks before they occur. Organizations relying on outdated intelligence are essentially blind to emerging risks.
A logistics firm using predictive intelligence thwarted a ransomware attack before any disruption occurred, while a competitor relying on monthly reports suffered operational shutdowns for days. Real-time intelligence has become not just an advantage but a survival requirement.
THE NEW CYBERSECURITY PLAYBOOK
The obsolete practices above are being actively replaced by
a new set of strategies:
• AI-Driven Defense: Autonomous monitoring, predictive threat hunting, and automated responses.
• Zero-Trust Architecture: Continuous verification and segmentation for every user and device.
• Passwordless and Behavioral Authentication: Eliminating human error from security workflows.
• Continuous Compliance: Real-time monitoring of regulatory requirements and risk posture.
• Integrated Teams: Security embedded across DevOps, IT, and business operations.
• Post-Quantum Cryptography: Preparing for the next generation of computational threats.
• Adaptive Network Security: Real-time, AI-driven controls replacing static firewalls.
Organizations embracing these approaches are thriving. Those that don’t are already behind, and at risk of becoming cautionary tales.
THE HUMAN FACTOR: BEYOND TOOLS
Even with AI and automation, humans remain central to effective cybersecurity. Teams must cultivate a culture of awareness, agility, and strategic thinking. Continuous training, scenario planning, and cross-functional collaboration are no longer optional, they are survival requirements.
A healthcare company uses AI-driven monitoring but invests heavily in human oversight. When an anomaly occurred in connected medical devices, AI flagged it, but human analysts interpreted the context and prevented a potentially catastrophic outage. Technology alone cannot replace judgment and creativity, but without technology, humans cannot scale fast enough.
2026 IS THE YEAR OF REINVENTION
Cybersecurity is no longer a checklist of tools; it is a dynamic ecosystem. Every decision, device, and connection is part of the battlefield. Passwords, signature-based antivirus, static firewalls, reactive defenses, and siloed teams are relics. The cyber battlefield demands agility, intelligence, and integration. AI, automation, predictive intelligence, and continuous verification define the new rules.
Organizations have a choice: evolve, or risk becoming the next story of a preventable breach. The quiet mornings of old are gone. In 2026, cybersecurity never sleeps, and neither can those who hope to survive it.
ENRICO MERCADANTE
SECURE NETWORKING IN THE AI ERA
AI is transforming business operations, putting unprecedented pressure on networks that must now handle innovation and security simultaneously. Enrico Mercadante, VP of EMEA Networking at Cisco, highlights that outdated infrastructure and complex multi-vendor environments make organizations vulnerable to sophisticated cyber threats. Building networks with security integrated by design, automated management, and AI-assisted monitoring is no longer optional. Companies that modernize their infrastructure today can reduce risks, respond faster to incidents, and create resilient systems capable of supporting AI-driven workloads. The networks of tomorrow are secure, intelligent, and prepared to power businesses through the rapidly evolving digital landscape.
CISCO CYBER INSIGHTS
As organizations get ready to roll out AI to change their business processes and implement new ones, their networks are under greater pressure than ever before. At the same time, the frequency, scale, and sophistication of cyberattacks continue to rise, meaning network resilience remains critical. Here’s how secure, resilient networks are defining the future, and what organizations can do to stay ahead.
THE THREAT LANDSCAPE IS EVOLVING, FASTER THAN EVER
Global networks have been under siege for years, but recent attacks are more sophisticated and move at unprecedented speed. Many organizations are still relying on outdated infrastructure, with Cisco research revealing that 48% of network assets worldwide are aging or obsolete. This creates vulnerabilities that attackers eagerly exploit. It’s no longer enough to patch and maintain; a fundamental shift in strategy is required.
The business impact is significant: According to our research, just one severe network outage per business per year results in an aggregated $160 billion in losses globally driven by congestion, cyberattacks, and software misconfigurations.
This mounting risk is prompting organizations to rethink and evolve their network architectures for greater resilience. And Cisco is accelerating efforts to refresh outdated customer infrastructure and share best practices for securing existing environments through the Resilient Infrastructure initiative. This initiative aims to shrink the attack surface, strengthen default protections, eliminate outdated features, and deliver advanced security tools that help protect data and enable faster threat detection.
COMPLEXITY HAS BECOME A HIDDEN VULNERABILITY
Modern networks typically span solutions and services from a range of different vendors, creating layers of complexity that can quickly overwhelm even experienced IT teams. This complexity often translates into vulnerability, especially when secure configurations aren’t consistently implemented or maintained. For many, simplicity and automation are now mission critical.
Businesses increasingly need networks where secure configurations, protocols, and features are enabled by default and adapt automatically. There is also a growing demand for AI-assisted systems that support troubleshooting and proactively alert administrators to insecure practices, helping to phase out legacy methods that no longer meet today’s security standards. Cisco’s focus on agent-based AI operations for networks builds on established network automation practices, supporting companies
as they evolve their network management and integrate with continuous development workflows.
SECURITY BY DEFAULT: RAISING THE BAR FOR PROTECTION FOR NETWORK DEVICES
Security for network devices should never be an afterthought. Historically, network infrastructure hasn’t been monitored as closely as other areas of IT, but today it serves as a critical control point for managing risk. Organizations now face the challenge of not only detecting threats quickly, but also responding before vulnerabilities can be exploited. There is an urgent need to reduce the attack surface, remove legacy insecure features, and introduce advanced capabilities for detection and response.
That’s why Cisco is doubling down on building security into the foundation of the networking portfolio. Recent enhancements enable teams to respond to threats in real time, often before a patch is available resulting in less downtime, greater resilience, and increased peace of mind.
BUILDING A SECURE, FUTURE-READY NETWORK FOR AI
As the digital landscape evolves, businesses need infrastructure that not only keeps pace with innovation but also establishes a secure, future-ready foundation. With AI workloads expanding rapidly and quantum computing on the horizon, many are under increasing pressure to ensure their networks can protect sensitive data against emerging threats.
The next generation of security requires networks to seamlessly provide identity management, deep visibility, integrated detection and protection, and streamlined management, while also incorporating advanced technologies like post-quantum cryptography. Secure Networking, something only Cisco can truly deliver, is the architectural foundation that makes this vision possible. By bringing networking and security together, organizations gain the deep visibility, integrated protection, and reduced complexity needed to evolve their infrastructure for the AI era.
TAKING ACTION FOR A RESILIENT FUTURE
The future of security and trust depends on the decisions organizations make today. It is critical to assess existing infrastructure, identify gaps, and prioritize modernization to address both current threats and future challenges. Effective collaboration between IT, security, and network teams is essential for managing risk and staying ahead of evolving threats. This requires moving away from outdated technologies, embracing secure networking, standardizing and automating configurations, planning for the entire network lifecycle, and gradually integrating AI-powered capabilities.
Building a resilient and secure digital foundation is no longer optional, it’s a business imperative.
WHY OT SECURITY HINGES ON IDENTITY MANAGEMENT
As the United Arab Emirates (UAE) continues its push toward “We the UAE 2031”, Operation 300bn will take center stage. As it does so, security professionals working in heavy industrial sectors must confront the inherent risks that have arisen through the modernization of industrial control systems (ICS). To make smart factories and smart plants work, enterprises have merged OT with IT, exposing critical infrastructure to the same connected threat landscape that has plagued more IT-centric sectors. Problems arise because, for such environments to function, machines must be given identities. CISOs across the region have been aware for some time that identities are the new perimeter. According to a May 2025 report from e&’s security arm, Help AG, 45% of cyber-incidents in the UAE involve the compromise of credentials.
As more of the UAE’s OT surface becomes exposed, security teams must address the issue of credential
sprawl in legacy ICS in ecosystems. Old setups are set up to fail when simple misconfigurations and over-credentialling leave paths to privilege, and consequently success, for adversaries. A new approach to risk management is needed to deal with the difficulties in remediation that are frequently found in heavy industry’s always-on environments.
Purdue models, with their iDMZ firewalling and air-gap precautions, do not, on their own, meet the agility requirements of modern businesses when it comes to remote management, vendor access, and IT integration for systems like DNS and IAM (identity access management). OT security must embrace human and machine identities, the latter of which include AI. To prevent credentials thieves logging in at will, we must look at a futureproof, identity-centric approach to OT security.
OT IDENTITY SECURITY PRINCIPLES
For this, we turn to Privileged Access Management (PAM), which goes beyond mere account management to the control, monitoring, and auditing of every authentication transaction. Identities of all seniorities and types are placed under 24-7 surveillance for a modern, secure-bydesign OT environment that is no longer isolated from the corporate identity estate. This gives security professionals more options for managing OT identity risk. Everything improves – operations, IT, OT, security, compliance –when tackling the risks that identities pose in an ICS-rich business.
1. VISIBILITY
Every identity – human, machine, and AI – must be cataloged and categorized. Humans include internal employees and external suppliers or partners. The survey must also discover all service accounts, SSH keys, device credentials, and machine-to-machine secrets. Any entity that is given access to any area, sensitive or otherwise, of the IT or OT network, must be subject to scrutiny. There are tools for discovery and visibility that offer operability across IT and OT. These are essential, because any overlooked identity has the potential to become an attacker’s beachhead.
2. JUST ENOUGH ACCESS
The principle of least privilege gives only those rights needed for a human or machine entity to perform a designated task. Just-in-time (JIT) access bestows these rights for a limited time-window; when the window expires, so do the rights. These practices must be applied to employees, vendors, and the full range of M2M interactions. By narrowing windows of exposure, we choke off opportunities for would-be attackers. The principle of least privilege cuts down the number of paths open to them, and JIT access gives them shortened periods in which to elevate their entitlements.
3. NO MORE LEGACY REMOTE ACCESS
Security teams must enforce identity-secure remote access. VPNs, remote-desktop, and static vendor access are risky legacies. When moving to a modern OT environment, we must treat all remote sessions as we would any other – as privileged access, subject to standard controls and monitoring. Implement measures such as MFA and watch for behavioral anomalies such as anomalous log-in times.
4. NETWORK SEGMENTATION
Even if the organization follows all security best practices, perfect identity hygiene may remain evasive. OT solutions that leverage the Purdue model can limit cross-system
layered access while isolating vendor sessions. The purpose is to prevent lateral movement and DOS attacks, so architecture must be designed for micro-segmentation and if necessary, granular controls applied even to the level of individual workloads.
5. NEVER STOP SURVEILLING
Round-the-clock monitoring is essential. Frequent auditing will allow the business to assess its identity risk. Unfortunately, there is no patch for identity vulnerability. Without constant vigilance, dormant accounts can arise from offboarded employees or expired vendor contracts. Continuous discovery and entitlement analysis will make for a more mature risk posture.
As UAE advances toward We the UAE 2031, identity security must anchor industrial cyber resilience strategies."
A SECURE SUPPLY CHAIN
Identity-centric PAM is the backbone of modern OT security and yields measurable returns on investment. Businesses reduce risk by eliminating previously unseen pathways to privilege. This is because, under such conditions, a compromised identity has a limited blast radius – a comforting notion for those tasked with protecting critical infrastructure.
As for business continuity, OT environments’ highavailability, safety-critical systems are better protected by identity-centric PAM, from nefarious access, so uptime is maximized and the probability of catastrophic failure and subsequent financial loss is vastly reduced. All these
measures put the organization on a strong compliance footing, having put in place robust identity controls and auditable access models.
It is time for the nation’s enterprises to move away from OT security as a reactive, patching exercise. Identity now vies for the number-one spot in attack-vector preferences. The way forward is a relentless pursuit of PAM maturity – a journey every OT-centric enterprise must take to face the current threat landscape. A mature identity posture comes through migration from “patch-and-protect” to a proactive, zero-trust culture that allows the organization to take part in the lucrative future promised by Operation 300bn and “We the UAE 2031”.
HOW AI IS RESHAPING CYBERCRIME IN THE MIDDLE EAST
The evolution of digital crime over the last three decades has occurred in distinct and increasingly dangerous waves, from the era of artisanal phishing in the late ‘90s to industrialized ransomware and complex supply-chain attacks in the early 2020s. The landscape has now shifted into what Group-IB defines as the ‘fifth wave’, with cybercrime now defined by the weaponization of Artificial Intelligence.
In the Middle East, a region where digital transformation and national AI strategies are outpacing much of the world, this shift is both a technical evolution and an industrial revolution for those in the realm of cybercrime. For regional businesses, this transition fundamentally alters the risk profile, moving cybersecurity from the server room to the boardroom as a primary pillar of business continuity.
GROUP-IB CYBER INSIGHTS
THE REMOVAL OF THE HUMAN BOTTLENECK
What distinguishes the fifth wave from everything that preceded it is that it sees AI removing the human bottleneck altogether. Historically, cybercrime could only grow as fast as a human could write code, manipulate a victim, or coordinate a team. Today, AI handles that work instantly and relentlessly.
AI has moved from a curiosity engine to the core operational infrastructure of modern criminal tradecraft. Group-IB’s latest research highlights a staggering 371% surge in dark web forum posts featuring AI keywords since 2019. In the Middle East, where rapid digitization is a priority, the agility of criminal communities in absorbing these tools presents a direct threat to the regional economy.
THE INDUSTRIALIZATION OF DECEPTION
For Middle East businesses, the most immediate impact is the total collapse of the economic and skill-based barriers to entry for attackers. Advanced crimeware is now packaged and marketed like a legitimate SaaS business, complete with pricing tiers and customer support.
According to Group-IB’s Weaponized AI report, access to malicious large language models, or ‘Dark LLM,’ can be purchased for as little as $30 per month. Even more unsettling for regional organizations is the rise of Deepfakeas-a-Service. In underground markets, threat actors can purchase ‘synthetic identity kits’, offering AI video actors and cloned voices, for as little as $5 USD.
This means the amateur hacker no longer exists. A novice with a credit card now possesses capabilities that once required a state-sponsored team. Criminals can harvest just ten seconds of audio from a public webinar to create a voice clone indistinguishable from a legitimate executive. In a region like the Middle East, where business is built on trust and personal relationships, this industrialization of deception is a direct assault on the mechanics of regional trade.
IDENTITY AS A PROGRAMMABLE COMMODITY
In today’s digital world, identity is now a programmable commodity. Adversaries are making voice, face, and documentation synthesis a core part of their arsenal. Once identity becomes a commodity, fraud shifts from exploiting system vulnerabilities to taking advantage of human psychology and the very trust that holds regional partnerships together.
The organizational impact is already measurable and severe. In a case recently documented by Group-IB, a financial institution was assisted in identifying 8,065 deepfake-driven KYC bypass attempts within an eight-month period in 2025. This led to the detection of 5,702 fraudulent accounts that were essentially created by AI. For businesses, this proves an uncomfortable truth: seeing or hearing a colleague or client is no longer sufficient proof of their identity. Bypassing KYC allows criminals to open bank accounts and move or launder stolen funds at machine speed, creating a shadow financial infrastructure that is increasingly difficult to disrupt.
THE SHIFT TO MACHINE-SPEED CRIME
The region is now entering a stage where AI-driven attacks move faster than human defenders can blink. Historically, an attack required a human operator to move through a network, providing defenders with a window of hours or even days to react. Today, as AI becomes the core operational infrastructure for criminals, that window for businesses is shrinking to seconds.
When an attack moves at the speed of an algorithm, a human-led Security Operations Center (SOC) is already too late. It is clear that when an algorithm is driving the deception, the response must also be algorithmic. This forced evolution requires a shift from ‘box-buying' security to Intelligence-Led Defense, where behavioral biometrics and fraud intelligence identify the micro-inconsistencies that a deepfake cannot hide.
THE REGIONAL GOVERNANCE GAP
What makes the Middle East a unique case is the strategic challenge of the region lacking a unified, risk-based AI law (like the EU AI Act) that directly confronts high-risk uses such as impersonation and fraud. Criminals are acutely aware of these jurisdictional gaps and are further emboldened by the fact that AI-enabled attacks leave fewer traditional forensic traces than ever before.
Current regional regulations often focus on ethical principles and data protection. While these are vital, they do not yet
address the mechanics of AI-driven crime. This regulatory lag allows threat actors to operate with a degree of impunity, making the role of private-sector intelligence even more critical for survival.
THE PATH FORWARD: STRENGTHENING THE RESILIENCE FRAMEWORK
To survive and thrive in the fifth wave, Middle East organizations must move beyond reactive controls and post-incident response. Group-IB advocates for three fundamental strategic shifts that will boost resilience and provide a formidable defensive structure against all kinds of cyber challenges.
1. Predictive Intelligence: In the fifth wave, security can no longer rely on alerts triggered after damage is done. Organizations must shift from reacting to incidents to anticipating attacker behavior, using predictive insights to understand which techniques, fraud schemes, and impersonation tactics are likely to emerge next. The ability to forecast threats, rather than merely respond to them, will define which businesses remain operational when attacks move at machine speed.
We are no longer fighting hackers, but automated industries of AI powered, machine speed deception."
2. Cyber-Fraud Fusion: The silos between cybersecurity and fraud prevention teams must be demolished. In the fifth wave, a deepfake-driven wire transfer and a malware intrusion are often two limbs of the same AI-driven body. Organizations that merge these teams will gain a decisive advantage in preventing fraud before damages occur.
3. Adversary-Centric, Intelligence-Led Defense : In the fifth wave, effective defense must focus on the adversary, not just the tools. Cybercriminal operations now work like organized businesses. Attacks are planned, tested, packaged, and sold well before they target someone. By basing security strategies on intelligence that shows attacker infrastructure, tactics, and goals, organizations can shift from reacting to incidents to predicting adversary behavior. This allows them to disrupt attacks before they reach large-scale production.
AI has not changed the motives of cybercriminals, but it has fundamentally changed the mechanics of crime. We are no longer defending against individuals, but against an automated, globalized industry of digital weaponry.
For the Middle East to realize its visionary digital future, leaders must recognize that cybersecurity is not a cost hole or a line item in an IT budget. In fact, cybersecurity is now a core part of the execution infrastructure of the modern state. The question for businesses in the region is no longer if they will be targeted by weaponized AI, but whether their defenses can think, adapt, and react as fast as their attackers.
ERICSSON
THREAT TALKS
POWERING THE INTELLIGENT, SECURE FUTURE
5G networks are expanding rapidly, while 6G research is moving from concept to reality, placing cybersecurity at the center of next-generation connectivity. From smart cities and autonomous systems to critical national infrastructure, networks now carry far more than data, they carry responsibility. Petra Schirren, President of Ericsson Gulf, believes security must evolve at the same pace as technology. Through AI-driven defense, automated assurance, and secure-bydesign architectures, Ericsson is strengthening protection across every layer of the network. In this exclusive conversation, she explains how trust, resilience, and reliability are being built into future-ready systems, ensuring the digital world remains connected, protected, and worthy of public confidence.
As 6G advances, security must evolve through AI, automation, and secure by design architectures."
SCHIRREN
PETRA
President
Ericsson Gulf
ERICSSON GULF
As 5G matures and early 6G research accelerates in 2026, how is Ericsson strengthening network security to address more complex cyber threats and safeguard critical infrastructure?
At Ericsson, we are building on the security foundations of 5G while preparing for the expanded challenges of 6G. 5G's virtualization and software-defined architectures require automated, full-stack security assurance to ensure that security policies are enforced from edge to core, and across virtualized network functions. This means continuous compliance checks, real-time threat monitoring and automated risk assessment as part of everyday operations, giving operators confidence that policies and protections are actively upheld. At Ericsson we have launched Ericsson Security Manager (ESM) which provides automated, endto-end security visibility and continuous security assurance for 5G networks, tightly integrated with Ericsson and multivendor environments.
Looking ahead to 6G, network security will be defined by open standards and renewed threat analyses as new use cases and technologies come into play, requiring proactive threat modelling and more dynamic security controls. This combination, from operational assurance today to foundational security research for future networks, helps
safeguard critical infrastructure as connectivity evolves. Ericsson is actively shaping 6G research and standardization, with a strong focus on ensuring that future security challenges are addressed through standards-driven, secureby-design network solutions.
With telecom networks now supporting smart cities, autonomous systems, and industrial automation, what new security priorities are shaping Ericsson's strategy for a safer connected world?
Telecom security now extends far beyond traditional voice and data to systems that directly impact people, industry and public services. Networks must support massive device populations while protecting low-latency services and isolated traffic flows that serve smart cities, industrial automation and autonomous systems. Ericsson’s capabilities like network slices can isolate critical services from general traffic, maintaining availability and preventing cross-service impact. Continuous operational security assurance means constant monitoring, threat detection and risk mitigation across all environments.
The sheer scale and diversity of connected devices and interfaces mean the ecosystem must work collaboratively with partners, regulators and operators to share threat
THREAT TALKS
intelligence and align security practices. The aim is to make security an integral part of everyday network operation, enabling innovation with confidence and reducing systemic risk across the connected world.
AI is increasingly used in both cyberattacks and network defense. How is Ericsson leveraging AI-driven security to stay ahead of evolving threats while ensuring transparency and trust?
AI is now central to effective network defense because it can sift through massive volumes of data in real time to spot abnormal patterns that may indicate emerging threats. We integrate AI into security operations to enhance threat detection, behavior-based anomaly analysis and automated response, helping networks adapt faster than conventional manual approaches.
But AI is not used in isolation. Transparency and trust are maintained by ensuring that AI-based decisions are explainable and auditable, with human oversight where needed. This combination of machine speed and human judgement helps defend against sophisticated threats while maintaining accountability and alignment with regulatory expectations.
Ericsson leverages AI-driven security through platforms like EIAP to detect threats early and automate response, while ensuring transparency through policy-based, explainable, and operator-controlled security actions.
Data privacy regulations and digital sovereignty policies are becoming stricter worldwide. How is Ericsson helping operators balance compliance, performance, and innovation in this changing regulatory environment? Many markets are becoming more conscious of data privacy and sovereignty. Ericsson helps operators deploy network
architectures that let them control where sensitive data resides while still innovating with advanced services. This includes flexible support for on-premises, hybrid and cloud-native models so operators can meet local regulatory requirements without sacrificing the performance gains of modern architectures.
We also embed privacy and security into product and network design through strong encryption, access controls and policy-based data governance. These features enable operators to adopt capabilities like automation and AI while still complying with local requirements, making compliance part of the network’s DNA rather than an afterthought.
Supply chain security and trusted vendor ecosystems have become central to telecom resilience. What measures has Ericsson taken to strengthen hardware, software, and partner security in 2026 and beyond?
Supply chain security starts with secure hardware and software development processes and extends through deployment and operation. We apply secure-by-design principles across products and services, with rigorous testing, vulnerability management and lifecycle security controls that help ensure components remain protected as they evolve.
Clear security expectations are also placed on our suppliers and partners, supported by audits, compliance checks and transparency into third-party components. This builds a secure ecosystem, which helps reduce systemic risk across global networks and provides operators with greater assurance that their infrastructure remains resilient and trustworthy well into the future.
Looking ahead, what role do you see telecom security playing in building public trust in next-generation connectivity, and how is Ericsson positioning itself as a long-term guardian of digital infrastructure?
Telecom security is essential to public trust because networks now underpin critical services across society. From healthcare and emergency response to energy systems, transport and government services, connectivity has become part of national infrastructure that people depend on every day.
Telecom security now underpins national infrastructure, demanding resilience, transparency, and continuous operational assurance."
As a result, security is needed for social and economic stability. At Ericsson, we see security as a long-term responsibility and a shared commitment with operators, governments and industry partners. We invest continuously in security research, standards and operational security capabilities that span from today's 5G networks to future 6G platforms. By embedding security into everything we build and supporting operators with resilient, transparent and trusted solutions, Ericsson aims to act as a long-term guardian of digital infrastructure and help ensure that nextgeneration connectivity is worthy of public confidence.
CYBERKNIGHT
THREAT TALKS
THE HIDDEN WAR ON CRITICAL INFRA STRU CTURE
As digital transformation accelerates across the Middle East, operational technology, or OT, has emerged as one of the most critical yet often overlooked pillars of cybersecurity. From oil refineries and power plants to water facilities and transportation systems, OT environments form the backbone of national infrastructure.
In this exclusive conversation, Sachin Mohan, Territory Head for GCC, OT/IOT Cybersecurity at CyberKnight, shares insights into why OT security is now a strategic priority, the blind spots that continue to expose industrial systems, and how Zero Trust and AI are reshaping cyber defense in critical environments.
MOHAN
OT cybersecurity is often less talked about than IT security. What makes it critical for Middle East enterprises and industrial environments today?
OT cybersecurity is often less talked about than IT security because it traditionally focuses on isolated, air-gapped industrial control systems for physical processes in factories, refineries, and utilities, rather than data and office networks. But in the Middle East today, especially in 2026, it is critically important for enterprises and industrial environments due to the region's heavy dependence on OT in core sectors like oil and gas, energy, power grids, water desalination, manufacturing, and transportation, which directly support economic output, national security, and daily life.
Rapid digital transformation and IT-OT convergence are connecting legacy systems to modern networks, massively expanding the attack surface and exposing vulnerabilities in aging equipment that was not designed for internet threats. At the same time, geopolitical tensions across the region, including ongoing conflicts and rivalries, make OT a prime target for state-sponsored actors, who use pre-positioned malware, hybrid cyber-physical attacks, or sabotage to disrupt operations, often as part of broader strategic conflicts.
The MEA OT security market reflects this urgency, projected to grow from about $4.36 billion in 2025 to around $9.65 billion by 2030 at a CAGR of over 17 percent, driven by regulatory mandates, national resilience strategies, and the need for zero-trust models.
Going forward, with the growth of the OT security market, we are committed to raising awareness with our partners and customers.
What are the most common blind spots or vulnerabilities you see in OT systems, and why do they persist?
There are many blind spots in today’s OT systems, such as:
1. The air-gap myth creates false confidence. Even supposedly isolated systems have hidden convergence points via USBs, engineering workstations, supply-chain infections, or remote connections during maintenance.
2. Poor asset visibility and inventory. Many organizations lack complete, real-time visibility of connected devices, especially deeper in Purdue Levels like SCADA, HMI, and PLCs, where visibility often drops to under 15 percent, according to recent studies.
3. Legacy systems with unpatched vulnerabilities. Decadesold equipment running outdated firmware cannot be patched without halting production, leaving long-term exposure that is difficult to resolve.
Operational technology
security now defines national resilience, where zero trust and AI safeguard critical infrastructure from disruption."
CyberKnight uses a Zero Trust approach for OT security. Can you walk us through how this works in real-world industrial or critical infrastructure settings? In practice, it works through these key steps: First, we start with comprehensive asset visibility and discovery, using passive, non-disruptive tools to map every OT device, PLC, HMI, sensor, and endpoint across Purdue Levels 0–3, including legacy systems that often
THREAT
lack modern inventory. This identifies “crown jewels,” such as critical control assets, without risking production downtime.
Next, we enforce strict identity and access controls with multi-factor authentication, least-privilege principles, and contextual verification for every user, device, or application attempting to interact with OT resources.
We then implement micro-segmentation at the network, application, and device levels to create granular zones, preventing lateral movement if a breach occurs in IT or an edge device.
Continuous monitoring and analytics form the backbone. AI-driven tools provide real-time visibility into OT traffic, detect deviations from normal behavior, and enable automated responses, such as quarantining suspicious devices, all without interrupting safety-critical operations.
Finally, we layer in data protection and automation/ orchestration for rapid incident response, aligned with regional regulations like UAE's DESC or Saudi Arabia's NCAOTCC standards.
AI is transforming cybersecurity. How is it helping organizations detect and respond to OT threats faster than before?
AI is transforming OT cybersecurity by enabling much faster detection and response to threats in industrial settings like oil refineries, power plants, or water facilities. Traditional tools rely on static rules and signatures that often miss subtle or unknown attacks, but AI uses machine learning to build a dynamic baseline of normal OT behavior, analyzing real-time network traffic, sensor data, and process variables at machine speed.
This allows organizations to spot anomalies such as unusual commands, firmware changes, or lateral movement from IT to OT zones in minutes or seconds, slashing mean time to detect from days or weeks to near real-time, while significantly reducing false positives.
AI automates prioritization, correlates events across IT and OT, predicts attack paths, and triggers actions like isolating devices or blocking flows via micro-segmentation, all without disrupting critical operations or compromising safety. In the Middle East’s high-stakes energy and infrastructure sectors, where geopolitical threats and rapid convergence accelerate risks, AI acts as a force multiplier for limited teams, enabling proactive containment before physical impacts, such as shutdowns, occur.
Overall, it shifts OT security from reactive to predictive, reducing dwell time and potential damage in an era of faster, AI-enhanced attacks.
Looking ahead, which emerging technologies or trends do you believe will define OT cybersecurity in the next three to five years in the region?
Security by design is becoming a priority. Organizations across critical infrastructure sectors are integrating security measures from the procurement and engineering phases, embedding features such as zero-trust architecture, hardware controls, and cyber-informed engineering to block vulnerabilities rather than retrofitting defenses post-deployment.
Unified IT-OT convergence and zero-trust architectures will become standard. “Never trust, always verify” will extend across Purdue Levels 0–3 with micro-segmentation, continuous verification of devices and users, and just-intime access. This is especially crucial for remote vendor connections in GCC facilities and smart city integrations, addressing persistent silos and legacy exposures while aligning with regional regulations like Saudi Arabia’s NCA OTCC and the UAE’s DESC.
AI-driven threat detection and response will become central, enabling proactive anomaly identification in SCADA and ICS systems while also countering increasingly sophisticated attacks that defenders must address.
HASSAN MAKKI
Area Sales Director
Genetec
WHY PHYSICAL SECURITY NEEDS TO BE PART OF
IT’S NETWORK STRATEGY
For years, physical security systems operated in their own world, apart from IT. Video surveillance and access control systems ran on closed networks managed mostly by facilities and physical security teams.
Today, those same systems are interconnected, running on IP networks, right alongside business applications and data. In other words, they’re part of the IT landscape and the attack surface. Despite this shift, many organizations and their IT teams still consider physical security to be outside their scope of responsibility. That gap leaves blind spots in network visibility and cybersecurity.
WHY THE DISCONNECT STILL EXISTS
Physical security started as an operational function focused on protecting people and property, while IT focused on managing data and connectivity. As devices became digital, the systems converged, but in many organizations, the teams did not.
Many facilities and physical security teams still purchase and maintain cameras or access control systems independently, without looping in IT. They may not have the tools or expertise to handle firmware updates, certificate renewals, or network segmentation. Meanwhile, IT teams may not know how many connected devices are on their networks or what risks they pose.
WHEN PHYSICAL SECURITY BECOMES A CYBER PROBLEM
Physical security devices might not look like computers, but they function like them. They have IP addresses, firmware, and credentials that must be secured. If ignored, they can become easy entry points for attackers.
The most common weaknesses are the same ones IT professionals have fought for years: unchanged default passwords, outdated software, expired certificates, and devices left unmonitored for months or years. For example, once a bad actor compromises a single connected camera, they can move laterally through the network, potentially reaching unrelated, sensitive business systems.
The moment physical security runs on the same network as corporate IT without proper network segmentation, exposure increases dramatically.
THE GROWING ATTACK SURFACE
Implementing video surveillance and access control systems delivers significant benefits, including centralized visibility and data-driven insights. But every new device also expands the attack surface.
Each sensor and camera becomes another endpoint that needs to be monitored and protected. Without clear ownership or consistent oversight, vulnerabilities multiply quickly.
That’s why IT needs to take an active role in securing these systems.
WHERE TO START: FUNDAMENTALS THAT MAKE A DIFFERENCE
The good news is that securing physical security devices
doesn’t require reinventing the wheel. Many of the same best practices IT already uses apply here, too.
1. Use different passwords: Often, integrators set the same password for every camera in a system to make setup and maintenance easier. The downside is that if that one password is leaked, every camera becomes vulnerable. Whenever possible, use different passwords and certificate-based or multifactor authentication.
2. Stay current on firmware and software: Firmware updates often include critical security patches. Schedule updates regularly rather than waiting for an incident to prompt them.
3. Encrypt device communications: Use encryption like HTTPS to secure data in transit. Unencrypted streams can be intercepted or manipulated, especially in systems that transmit sensitive video or access data.
4. Segment the network: Place physical security devices on their own virtual local area network (VLAN), separate from core business systems. That way, even if a camera or badge reader is compromised, the attacker can’t easily move to critical assets.
5. Schedule regular maintenance and audits: Firmware, certificates, and access credentials should be reviewed and updated on a defined schedule. Building these steps into IT workflows helps reduce vulnerabilities over time.
BUILDING COLLABORATION BETWEEN IT AND SECURITY TEAMS
No one expects physical security teams to suddenly become cybersecurity experts, or for IT to learn the ins and outs of video surveillance or access control overnight. The goal is collaboration, which starts with shared visibility.
IT can help provide insight into which devices are connected, identify existing vulnerabilities, and track where data is flowing. In turn, physical security teams can provide context on which systems are missioncritical, when maintenance windows are available, and what operational requirements need to be met.
SOME PRACTICAL WAYS TO STRENGTHEN THIS PARTNERSHIP:
• Include IT and cybersecurity departments early in the procurement process: Cybersecurity teams can define operational needs, while IT sets cybersecurity standards.
• Create clear ownership for updates and credentials: IT can handle the technical side
of patching and certificate renewals, while security teams focus on monitoring and operating the physical security system.
• Establish shared security policies: Even if physical security systems aren’t covered by ISO 27001, using the same best practices, such as strong authentication, encryption, and regular audits, helps keep security consistent across the whole organization. When both groups are aligned, updates happen faster and risks are reduced.
DESIGNING THE NETWORK WITH SECURITY IN MIND
When managing physical security devices, it’s important to design systems that are secure, efficient, and resilient from the start. These systems come with unique demands that traditional IT infrastructure wasn’t always built to handle.
• Bandwidth and latency: Video traffic is data-heavy and unpredictable. Network planning needs to account for how much bandwidth cameras consume, especially in large deployments.
• Storage management: Choosing between on-premises, cloud, or hybrid deployments depends on the organization’s needs. For example, some companies may keep recent footage on local servers for quick access while archiving older video in the cloud for scalability. Cloud platforms can also simplify updates and reduce the need for on-site maintenance.
• Redundancy: Security systems can’t go dark. Redundant links and failover paths ensure critical functions stay online even if a network segment fails.
• Privacy and compliance: Regulations such as the EU’s GDPR classify video as personally identifiable information (PII). This means footage must be stored securely and retained only as long as necessary. Organizations operating in multiple jurisdictions must also align storage policies with local privacy laws.
LOOKING AHEAD
The line between physical security and cybersecurity is becoming increasingly blurred. Cameras, sensors, and access readers are now as connected as laptops and smartphones. These systems fall under the scope and expertise of both IT and physical security teams, whose collaboration can strengthen defenses across the entire organization, keeping people safe, operations running, and risks contained.
UNMANAGED AI AGENTS ARE THE NEW CYBERSECURITY THREAT
In the Middle East, organisations are scaling AI far faster than they are expanding their human workforce. PwC estimates that AI could contribute more than US$320 billion to regional economies by 2030, and much of that value is expected to come not from pilots, but from AI agents embedded directly into day-to-day operations. By contrast, human hiring across many sectors remains tightly controlled, heavily regulated, and deliberate.
That imbalance matters. When a new employee joins your organisation, a lot happens before they ever open their laptop. Contracts are signed. A manager is assigned. Access is approved. Roles are defined. Someone, somewhere, is accountable for what that person does and what they can see.
Now imagine hiring hundreds of new workers overnight. No contracts. No managers. No clear record of what they can access or what decisions
they’re allowed to make, yet they’re operating inside your systems, moving data, and acting on your organisation’s behalf. That, in effect, is how many organisations are deploying AI agents today.
Across enterprises, AI has moved well beyond experimentation. Autonomous and semiautonomous agents are being embedded into everyday workflows, helping draft documents, analyse data, trigger actions and, increasingly, make decisions. They’re often described as digital assistants, but in practice they behave more like an army of digital interns. They’re fast and capable, but still learning the boundaries of the organisation they’ve just joined. For the region, the agentic AI challenge, therefore, isn’t adoption. It’s management.
DELINEA CYBER INSIGHTS
AI agents need identity, ownership, and accountability before organisations can safely scale their autonomous digital workforce."
AMPLIFIED RISK
In most organisations, and especially those that operate in highly regulated, reputation-sensitive markets, the cost of an untraceable decision is magnified. When something goes wrong, boards aren’t asking whether AI was innovative. They’re asking who approved it, who owns it, and who is accountable. This is where a familiar governance gap quietly opens.
WHEN AI STOPS BEHAVING LIKE SOFTWARE
Traditional identity and access models were built for two types of actors: humans and predictable machines. Humans log in, follow roles and report to managers. Machines run repetitive tasks with tightly scoped access. Agentic AI fits in neither category.
Some AI agents act on behalf of employees, using delegated access to draft emails, pull reports or interact with applications. Others operate independently with their own credentials, autonomously accessing systems and data to complete tasks. From a business perspective, both can trigger real outcomes yet neither fits neatly into existing governance structures.
When access is shared, inherited or unclear, visibility
disappears. And when visibility disappears, accountability soon follows.
WHAT HR GETS RIGHT THAT IT NEEDS TO BORROW
HR would never allow anonymous employees. Every hire has a clearly defined lifecycle that covers when they join, move, and eventually leave. Along the way, their access is reviewed, their performance is monitored, and their role evolves all under clear managerial oversight.
AI agents deserve the same discipline. Before an AI agent is allowed to operate, organisations need to know it exists. That sounds obvious, yet many enterprises are already running multiple agents and large language models without a clear inventory (an issue increasingly compounded by shadow AI). Discovery is critical: the digital equivalent of knowing who is on your payroll.
Onboarding comes next. Just as HR assigns an employee number, job title and manager, AI agents need unique identities, clearly defined ownership and explicit permissions. Without that, every action becomes harder to trace, explain or defend.
Roles matter, too. HR doesn’t give interns unrestricted access to sensitive systems, and neither should IT. AI agents should be granted only the privileges they need for the tasks they perform, and nothing more. That access should be reviewed regularly, based on what the agent actually uses, not what it might need “just in case”.
Finally, there’s offboarding. When an employee leaves, access is revoked. When an AI agent is retired, paused or abandoned, the same should happen. Otherwise, organisations are left with orphaned identities that remain active, powerful, and worryingly, forgotten. The uncomfortable truth is this: many organisations govern AI with far less rigour than they apply to junior staff.
THE HIDDEN RISK OF “AI ACTING AS EMPLOYEES”
For employees, AI assistants are quickly becoming indispensable. They draft, summarise, analyse and automate at a pace no human can match. But when assistants act indistinguishably from their users, oversight becomes almost impossible. If an AI assistant accesses sensitive data on behalf of an employee, who did it — the employee or the agent? If it triggers a transaction or modifies a record, who is responsible?
IT has faced this problem before. Administrative accounts were separated from personal ones for clarity. By isolating identities, organisations reduced risk, improved traceability and limited exposure. The same logic applies to AI. When assistants and autonomous agents have their own clearly defined identities, organisations can distinguish human intent from machine execution and apply appropriate controls to both.
IDENTITY IS HOW ORGANISATIONS STAY HUMAN AT SCALE
Most leaders would never allow a new employee, no matter how capable, to wander the office unsupervised, rummaging through filing cabinets, sitting in on board meetings and signing documents. Yet that is effectively what happens when AI agents are deployed without identity, ownership and boundaries.
AI agents are joining the workforce whether organisations are ready or not. They already operate like interns, analysts and administrators. What’s missing is not intelligence, but supervision. To turn this into a true advantage, while mitigating the inherent risk, organisations must manage these AI workers like people, assigning them clear identities, defined roles and visible accountability.
AI POWERS INNOVATION WHILE POWERING THE
NEXT CYBER ATTACKS
During a presentation at GITEX last October, Dr. Mohammed Al Kuwaiti, head of cyber security for the UAE government, highlighted that the UAE faces more than 200,000 cyberattacks per day. This statistic is extremely alarming, and while many of these attacks would have been incited by social engineering/phishing campaigns targeted at humans, the concerning prospect for the future is that advancement of AI will enable bad actors to fully automate cyber attacks, with no human involvement required, at an unprecedented speed and scale.
With over 200,000 daily cyberattacks in the UAE, AI driven “vibe hacking” is accelerating automated threats at scale. Organisations must shift beyond prevention toward cyber resilience, integrating secure data platforms, connected detection, and rapid recovery to survive tomorrow’s attacks."
PATRICK SMITH
PURE STORAGE CYBER INSIGHTS
AI AS A WEAPON AND “VIBE HACKING”
In summer 2025, Anthropic, the company behind the Claude family of large language models (LLMs), reported that agentic AI had become "weaponised” to perform cyber-attacks and is now embedded into cyber criminality. Dubbed “vibe hacking,” attackers are using LLMs and other AI tools to automate and scale cyberattacks. Automated phishing, adaptive malware, and AI-generated ransomware are becoming mainstream.
Anthropic’s warnings have been echoed by the UAE Government Cybersecurity Council which has warned that AI is making cyber fraud harder to detect and that AI-driven phishing now accounts for 90% of digital breaches.
In the wake of the emerging and inevitable AI threat landscape, what can organisations do?
The reality is that as AI accelerates the sophistication, scale, and automation of cyberattacks, traditional cybersecurity tools, focused only on prevention and detection, are no longer enough. This means that organisations must not only plan to prevent an attack, but also how to recover from one, quickly and safely. This leads us to cyber resiliency.
CYBER RESILIENCE EMERGES AS A CRITICAL STRATEGY
The concept of cyber resilience integrates the traditional prevention and detection of attacks with lightning fast recovery. It is based on a comprehensive approach that includes built-in security at the data storage level, connected threat detection and dynamic response and recovery. Given the breadth of capabilities required to deliver holistic cyber resilience, it is ideally delivered through an ecosystem of best of breed vendors backed by integrated products and tested architectures.
A SECURE DATA PLATFORM
Ensuring that the foundation of the data environment has a strong security posture is essential in preventing an attack or minimising the attack surface. Timely remediation of vulnerabilities, multi-factor authentication, simple and efficient snapshots of data that are comprehensively protected, both immutable and indelible, all contribute to a secure foundation, providing confidence that a recovery point is available. Being able to run the platform with automated configuration, managed by policy and with effective compliance checking to avoid human error that compromises the integrity of the data, is important.
CONNECTED THREAT DETECTION
Understanding the broad technology landscape is essential; separating signal from noise to quickly identify malicious activity is the domain of extended detection and response (XDR), security and information event management (SIEM) and security orchestration automation and response (SOAR) solutions. Ensuring that the underlying storage platform integrates with these platforms is key in providing insight and correlation with the rest of the connected environment. Feeding telemetry from the storage environment into these platforms gives them the ability to automatically trigger and tag snapshots if anomalies are identified.
DYNAMIC RESPONSE AND RECOVERY
Should the worst happen and an attack succeed in disrupting the IT environment, a Secure Isolated Recovery Environment (SIRE) is an essential part of the recovery process. Having a data set that is beyond the reach of attackers, disconnected from the rest of the estate, provides an environment for forensics, cleaning and recovery of the affected environment for a businesses’ most critical services. Time is valuable in this process, so the ability to restore and analyse quickly with a highly performant storage platform is key to the success in restoring the business. The recovery environment will typically support multiple layers of capability aligned with the criticality of different business services to meet the restoration targets.
DON’T BE CAUGHT ON THE WRONG SIDE OF THE DIGITAL DIVIDE
The accelerated speed of cyber threats means that the time to respond is shrinking rapidly. Organisations need to be able to recover in hours instead of days or weeks if the worst happens.
We face a digital divide between those organisations that possess effective cyber resilience as a strategic differentiator and those that don’t. As recent hacks have shown, consequences of an ineffective strategy include significant financial losses, reputational damage, and downtime.
Don’t get caught on the wrong side of the digital divide. A good first step towards developing cyber resilience is to focus on deploying an interconnected ecosystem to deliver a secure data platform, connected threat detection and dynamic response and recovery.
VARUN UPPAL
Founder & CEO
Shinobi
EPISODIC SECURITY THE END OF
In 1988, Robert Morris unleashed what would become the first major internet worm, bringing down thousands of systems and exposing the fragility of our nascent digital infrastructure. That incident didn't just create headlines, it created an entire industry. Offensive security was born from necessity, driven by the realization that the only way to stay ahead of attackers was to think like them.
Nearly four decades later, we've built sophisticated offensive security practices: penetration testing teams, red teams, bug bounty programs, and vulnerability research labs. Yet despite these advances, we're approaching an inflection point where our traditional offensive security model - episodic, compliancedriven, and fundamentally human-powered, is
becoming dangerously inadequate for the world we're building.
And the threat is no longer theoretical. In November 2025, Anthropic disclosed the first documented AI-orchestrated cyber espionage campaign, statesponsored attackers weaponized AI agents to autonomously execute 80-90% of attack operations against approximately 30 major organizations, operating at "physically impossible request rates" that no human team could match. The attackers used standard tools and known vulnerabilities; what made them devastating was AI-driven speed, scale, and relentless automation. While we debate the future of AI in security, attackers have already deployed it.
SHINOBI CYBER INSIGHTS
THE PRACTITIONER'S PERSPECTIVE
I've witnessed the evolution of offensive security from multiple vantage points. As a vulnerability researcher and penetration tester early in my career, I saw firsthand how ethical hacking could materially improve the security posture of applications and infrastructure. The impact was undeniable. When you demonstrate to an engineering team exactly how an attacker could compromise their system, it transforms abstract security requirements into concrete, actionable fixes.
Later, as a CISO, this principle became the cornerstone of my security strategy: “offense is the best defense”. Time and again, investments in offensive security, particularly building internal red teams, delivered the highest ROI of any security initiative. Unlike traditional security tools that generate thousands of alerts and false positives, offensive security testing provided unambiguous signal: here's the vulnerability, here's how it can be exploited, and here's the business impact if we don't fix it.
The signal-to-noise ratio was incomparable. While security scanners and automated tools created uncertainty and alert fatigue, penetration testing delivered concrete proof of exploitable weaknesses. This clarity made it possible to secure executive buy-in, prioritize remediation efforts, and demonstrate meaningful risk reduction to the board.
THE SCALABILITY CRISIS
But here's the uncomfortable truth: offensive security doesn't scale. It relies on highly skilled practitioners who are in perpetually short supply. The work is largely manual, time-intensive, and requires deep expertise that takes years to develop. A comprehensive penetration test of a modern web application might take two to three weeks of continuous effort from an experienced tester, and that's assuming the application doesn't change during testing.
This creates a fundamental mismatch with modern software development. Applications today aren't static artifacts that get tested once and deployed. They're living systems that evolve continuously. DevOps practices have given us the ability to push updates multiple times per day. Microservices architectures mean a single "application" might actually be dozens of interconnected services, each updating on its own cadence.
The typical response? Annual penetration testing, usually timed to satisfy compliance requirements. This approach made sense when applications had major releases once or twice a year. Today, it's security theater. An application might undergo hundreds of changes between annual tests, any one of which could introduce critical vulnerabilities. We're essentially securing software by looking in the rearview mirror.
WHY AI DEMANDS CONTINUOUS OFFENSIVE SECURITY
If the current mismatch between security testing cadence and software velocity is problematic, the AI era will make it catastrophic. We're witnessing an unprecedented acceleration in both the volume of software being created and the velocity of changes to existing applications.
AI-powered development tools are enabling developers to write code faster than ever before. More significantly, they're democratizing software development itselfindividuals and teams that previously couldn't build complex applications are now shipping production code. The number of applications requiring security testing is exploding exponentially.
Simultaneously, the pace of change within each application is accelerating. Updates that once took weeks now take hours. Entire features that might have been months-long projects are being prototyped and deployed in days. Each change represents a potential security risk.
Here's the inescapable conclusion: only AI can secure applications created by AI. Human-powered offensive security, regardless of how skilled the practitioners, cannot keep pace with AI-accelerated development. The math simply doesn't work. We need autonomous offensive security that can test continuously, adapt to changes in real-time, and scale effortlessly across thousands of applications.
FROM CAPTURE THE FLAG TO PRODUCTION SECURITY
In late 2023, as AI models began demonstrating increasingly sophisticated capabilities, we posed a provocative question: could we build an AI agent as skilled as human hackers?
Shinobi started as a thought experiment. Could an AI agent compete in capture-the-flag tournaments, the training grounds where human hackers develop their skills? We approached it systematically. Over the course of 2024, Shinobi played the vast majority of CTF tournaments available online, working through the same exercises and challenges that human hackers use to learn offensive security techniques.
But CTFs, while valuable for training, are simplified environments. Real-world applications are messier, more complex, and harder to compromise. So we pushed further. We had Shinobi sit for a popular web application hacking certification exam, one that typically takes experienced security professionals three hours to complete. Shinobi finished in under 30 minutes.
That's when we knew we had something that could transform how organizations approach offensive security.
CONTINUOUS OFFENSIVE SECURITY IN PRACTICE
When Shinobi entered the market as a continuous offensive security platform, the response validated everything we'd hypothesized. Penetration testing teams, drowning in ever-growing backlogs, immediately saw Shinobi as a force multiplier. Projects that had to be descoped due to lack of testing capacity could now be delivered in hours. Teams moved from risk acceptance, that uncomfortable compromise where you acknowledge vulnerabilities but lack resources to test for them, to "verify everything."
The more surprising validation came from an unexpected source: software engineering teams. For the first time ever, developers and quality assurance teams had access to elite offensive security capabilities without waiting weeks for security team availability. They could test their own code using the same sophisticated techniques employed by the world's top penetration testers.
This democratization of offensive security testing proved our thesis. There's massive unmet demand for continuous security testing integrated directly into the software development lifecycle. Half of Shinobi's customers are engineering organizations, not security teams. They're developers who recognize that security testing can't be an afterthought or a quarterly checkpoint. It needs to be continuous, automated, and available on-demand.
Today, Shinobi stands as the only AI-powered penetration tester in the market capable of comprehensively testing web applications, APIs, mobile applications, and other AI agents. This breadth matters because modern applications aren't monolithic, they're ecosystems of interconnected services, each requiring security validation.
SECURING DIGITAL TRANSFORMATION ACROSS META
From inception, we knew we wanted to focus on the Middle East, Turkey, and Africa region. These regions are at a crucial inflection point, investing heavily in digital transformation initiatives while simultaneously building the security foundations to protect those investments.
We're witnessing firsthand how critical it is for businesses in this region to get security right from the start. Many organizations are developing proprietary software for the first time, modernizing legacy systems, or adopting AI-powered applications. They can't afford to repeat the mistakes that
bolted security on as an afterthought. They need security-first approaches that scale with their ambitions.
These organizations also deserve better than the noise created by legacy security tooling - endless dashboards of alerts, most of which represent theoretical risks rather than exploitable vulnerabilities. They need the clarity that only offensive security testing can provide: concrete demonstration of real risks with actionable remediation guidance.
To accelerate our regional presence, we partnered with CyberKnight, a distributor with proven success bringing innovative early-stage cybersecurity technologies to market. CyberKnight's deep regional expertise and strong execution have amplified Shinobi's presence significantly, creating a powerful multiplier effect as we continue expanding across the region.
THE PATH FORWARD
We stand at a crossroads. The episodic, compliance-driven approach to penetration testing served us well when software releases were measured in months or years. But we've entered an era where applications evolve continuously, where AI accelerates both development and deployment, and where the attack surface expands faster than human security teams can assess it.
The fundamental principle remains sound: offense is the best defense. What must change is how we deliver offensive security. It must be continuous, not episodic. It must scale automatically with development velocity. It must be accessible to development teams, not just specialized security practitioners. And it must provide the same high signalto-noise ratio that made traditional penetration testing valuable—concrete proof of exploitable vulnerabilities, not theoretical risks.
This transition won't happen overnight, and it won't eliminate the need for human security expertise. But it will fundamentally transform how that expertise is applied, from manual testing of individual applications to oversight of continuous autonomous testing across entire portfolios.
For CISOs and security leaders, the question isn't whether to adopt continuous offensive security - it's when. Every day that passes under the old model represents accumulated risk from untested changes. The gap between your last penetration test and your current application state grows wider. And in the AI era, that gap will only accelerate.
The future of offensive security is autonomous, continuous, and AI-powered. The future is now.
Trending
INSIGHTS and UPDATES across our socials.
ةجئار
THE LARGEST TECH & STARTUP SHOW IN AFRICA
1,800 EXHIBITING COMPANIES
700+ STARTUPS
$350 BILLION AUM
