Laurence Elbana, Director of Sales ME at CyberArk, highlights that security concerns are slowing AI adoption in the Middle East, pushing organizations to prioritize identity security and governance for responsible integration.
The CyberArk Identity Security Landscape Report highlights security concerns as a key barrier to the adoption of AI agents. How are organizations in the Middle East responding to this challenge?
In the Middle East, particularly in the UAE and Saudi Arabia, organizations are approaching AI adoption with caution due to security concerns. In Saudi Arabia, 52% of businesses identify the risk of AI agents accessing sensitive or critical data as the top barrier to deployment. Similarly, 56% of UAE and 52% of KSA organizations are concerned about the potential for AI agent behavior to be misconfigured or manipulated – whether by internal actors or external threats. These issues are shaping how companies implement AI, with data privacy emerging as a top priority. As businesses strive to balance innovation with risk, secure and responsible AI integration is becoming a key focus across the region.
How can businesses in the region strike a balance between leveraging AI-driven efficiency and maintaining robust cybersecurity controls?
More than half of organizations in the region reported they still prioritize efficiency over strong security, a mindset that needs to shift as AI becomes more deeply integrated and scaled across operations. To strike the right balance, businesses should adopt a security-first approach from the start, focusing on identity and access management for AI agents handling sensitive data. Applying Zero Trust principles ensures that no user or system is trusted by default. When combined with regular audits, AI behavior monitoring, and strong governance, this approach significantly reduces risks like misconfiguration or manipulation. Starting early also prevents security debt and costly backlogs, making it easier and more affordable to maintain robust cybersecurity.
What are the main risks associated with misconfigured or manipulated AI agent behavior, and how is CyberArk helping organizations safeguard against them?
AI agents connected to sensitive systems can open the door to serious security issues such as data leaks, unauthorized access, and privilege misuse, especially if they’re poorly configured or intentionally tampered with. According to CyberArk’s 2025 Identity Security Landscape Report, more than half of organizations surveyed in the UAE and KSA cite concerns around AI agent misuse by internal or external actors.
CyberArk addresses these concerns with a smart, identity-first approach built on Zero Trust principles. Every AI agent, human or machine, is uniquely identified, authenticated, and governed with strict access controls. By enforcing least privilege access, behavior monitoring, and managing the entire identity lifecycle, CyberArk helps reduce the risk of misuse.
This approach gives organizations the confidence to innovate with AI – securely and responsibly.
The report mentions a lack of visibility into privileged accounts. Why is this such a critical concern, and how prevalent is it in the Middle East?
Privileged accounts sit at the core of any organization’s IT environment, giving access to critical systems and data. When visibility into these accounts is lacking, it creates a dangerous blind spot, making it easier for attackers to exploit overprivileged or unused credentials and move laterally without detection.
In the Middle East, organizations are becoming increasingly aware of this challenge. The report shows that 70% of UAE and 64% of KSA companies surveyed recognize that limited visibility into privileged accounts raises their cyber risk. As the region’s digital transformation continues to accelerate, especially with the rise of AI and automation, this concern is more widespread.
To keep pace, businesses are taking proactive steps to tighten identity governance. Strong visibility is key to enforcing least privilege, detecting threats early, and protecting critical assets.
How does CyberArk help enterprises in the region gain better visibility and control over privileged identities in hybrid and multi-cloud environments?
As cloud, AI, and automation reshape IT environments, CyberArk helps organizations in the region regain visibility and control over privileged access with a security-first, identity-centric approach. CyberArk’s Privileged Access Manager automatically discovers privileged accounts, credentials, identity access management (IAM) roles, and secrets across hybrid and multi-cloud environments – including on-prem, operational technology (OT), and industrial control systems (ICS).
These identities are onboarded into a tamper-proof Digital Vault, where access is managed through policy-based controls and credentials are rotated automatically, reducing the risk of misuse and eliminating manual errors. CyberArk also enables continuous monitoring and lifecycle management of both human and machine identities, ensuring the right access is granted – and only when needed.
This end-to-end visibility allows organizations to stay secure while scaling innovation.
In what ways can identity security be a foundational enabler—not just a barrier—for responsible AI implementation across industries in the Middle East?
Rather than acting as a barrier, identity security enables trust, accountability, and control, the very foundations required for ethical and secure AI. Identity security helps organizations ensure that all identities have correct access, with appropriate authentication, least privilege, and activity monitoring in place. Centralizing identity management tools, automating secrets management, and implementing thorough session auditing help businesses maintain oversight of AI systems, even as they scale rapidly. This identity-first approach goes beyond risk reduction – it creates the confidence organizations need to deploy AI responsibly across various industries. In today’s environment, strong identity security is key to safeguarding data, preventing misuse, and enabling AI to deliver real value without compromising safety or ethics.
Are Middle Eastern organizations adapting fast enough to the changing identity security landscape, especially in sectors like government, energy, or finance?
Stricter demands from cyber insurers are pushing identity security up the priority list, with 96% of organizations in the UAE and KSA surveyed by CyberArk facing stricter requirements – and this growing pressure is reflected in spending. Gartner forecasts that information security investment in the MENA region will reach $3.3 billion in 2025, a 14% increase from 2024.
Despite growing investment, many organizations still struggle to align identity security with complex digital environments, especially in high-stakes sectors where fragmented strategies create visibility gaps and access risks. While these trends signal rising awareness, the pace of implementation still needs to accelerate to ensure long-term resilience and to meet both regulatory and insurance-driven expectations.
Based on findings from the report, what immediate steps should CISOs in the Middle East take to strengthen their identity security posture in 2025 and beyond?
A key immediate step for CISOs is to build business resilience through a risk-based approach centered on identity security. This includes authenticating and securing AI agents at scale, managing and limiting access to sensitive data, and controlling AI identity lifecycles to prevent rogue access. CISOs should also focus on consolidating security tools with trusted partners to simplify oversight and management. As AI takes on greater responsibilities and privileged access expands, this identity-first strategy helps organizations anticipate, withstand, and recover from cyber incidents without disrupting operations – strengthening their security posture today and into the future.