As organizations in the Middle East deepen their digital transformation, the region's cyber threat landscape is becoming increasingly complex and difficult to manage. Smart cities, cloud strategies and the expanding fintech landscape are creating vast entry points for attackers. Artificial intelligence (AI) is becoming a central pillar of defense, but its role is often misunderstood, according to Mark Moreland, Obrela's executive vice president for MENA, Greece and Cyprus.
“There is a growing belief that AI can manage security “on my own,” Moreland said. “It actually speeds up detection and triage, but it still needs human context to understand the priorities, rules, or true intentions of the attacker.”
Found Digital Universe Report for the first half (H1) of 2025 shows that the company analyzed 16.8 petabytes of telemetry from more than half a million endpoints in the first half of the year. This activity resulted in more than 876,000 alerts, but only 11,351 of these were determined to be genuine attacks.
“AI helps narrow the funnel,” Moreland said, “but skilled analysts are the ones who turn that volume into actionable solutions. Without structure and constant tuning, AI can lead to complexity model drift, false positives and inconsistent behavior. It is powerful, but requires management and human oversight.”
The regional context is where this oversight becomes indispensable. Obrela data shows that Middle East They accounted for 18.27% of all attacks observed in the first half of 2025, with more than a third of threats related to industry-specific behavior and a significant portion related to suspicious internal activity. Telecommunications, retail and shipping exhibit patterns that global AI models cannot detect without local adaptation.
“The threats in the Gulf are not the same as in Europe or the United States,” Moreland said. “AI models need to reflect the behavior of attackers in that region, their languages, infrastructure and how they merge with local systems. A one-size-fits-all model simply won't capture that.”
As a result, he says, the most resilient security operations centers will be hybrid in design, combining AI acceleration and human judgment: “AI will become a true intelligence layer as baseline behavior improves, but humans will still be responsible for validating results, interpreting nuances, and ensuring decisions are appropriate for risk.”
This hybrid SOC approach is especially important in sectors such as energy, finance and government, where data sovereignty requirements and OT/IT convergence create additional layers of complexity. Moreland believes the region must continue to strengthen its cyber talent pool, ensuring analysts can interpret AI results, investigate anomalies and manage incidents with regional awareness.
“AI works best when it is woven into workflows rather than bolted on,” he said. “Machines assist in detection, but humans lead the investigation to ensure fast and accurate containment.”
For businesses in the Middle East, the message is clear: AI is transforming cybersecurity, but its value depends on the expertise it drives. As Moreland says, “AI can predict, automate, and scale, but only humans can understand the big picture.”
More broadly, Obrela's report found that the threat landscape continues to become more complex than ever, with the alert landscape dominated by brute force attacks (27%), vulnerability scans (22%) and malware indicators (20%). This, the report said, indicates that cybercriminals are turning to scalable and automated methods to operate alongside more stealthy activities such as fileless and in-memory attacks.
