As organisations across the Middle East deepen their digital transformation, the region’s cyber threat landscape is becoming more intricate and harder to manage. Smart cities, cloud-first strategies and expanding fintech environments are creating vast entry points for attackers. Artificial intelligence (AI) is emerging as a central pillar of defence, but according to Mark Morland, executive vice-president for MENA, Greece & Cyprus at Obrela, its role is often misunderstood.
“There’s a growing belief that AI can run security on its own,” Morland said. “In reality, it accelerates detection and triage, but it still needs human context to understand priorities, regulations or an attacker’s real intent.”
Obrela’s Digital universe report for the first half (H1) of 2025 shows that during the first half of the year, the company analysed 16.8 petabytes of telemetry from more than half a million endpoints. That activity produced over 876,000 alerts, yet only 11,351 were confirmed as genuine attacks.
“AI helps narrow the funnel,” Morland said, “but skilled analysts are the ones who turn that volume into actionable decisions. Without structure and continuous tuning, AI can introduce its own complexitymodel drift, false positives, and inconsistent behaviour. It’s powerful, but it needs governance and human oversight.”
Regional context is where that oversight becomes indispensable. Obrela’s data shows that the Middle East accounted for 18.27% of all attacks observed in the first half of 2025, with more than a third of threats tied to industry-specific behaviours and a significant portion originating from suspicious internal activity. Telecoms, retail and shipping each displayed distinctive patterns that global AI models cannot detect without local adaptation.
“Threats in the Gulf don’t look the same as in Europe or the US,” Morland said. “AI models need to reflect how attackers behave in this region, their languages, infrastructure and the way they blend in with local systems. A one-size-fits-all model simply won’t catch that.”
The result, he said, is that the most resilient security operations centres will be hybrid by design, combining AI-driven acceleration with human judgement: “AI will become a genuine intelligence layer as behavioural baselining improves, but humans will still be responsible for validating outputs, interpreting nuance and ensuring decisions align with risk.”
This hybrid SOC approach is particularly important in sectors such as energy, finance and government, where data sovereignty requirements and OT/IT convergence introduce additional layers of complexity. Morland believes the region must continue to strengthen its cyber talent pipeline, ensuring analysts can interpret AI outputs, investigate anomalies and command incidents with regional awareness.
“AI works best when it’s woven into workflows, not bolted on,” he said. “Machines assist with detection, but humans lead the investigation to ensure fast and accurate containment.”
For Middle Eastern enterprises, the message is clear: AI is transforming cyber security, but its value depends on the expertise guiding it. As Morland puts it: “AI can predict, automate and scale, but only humans can understand the bigger picture.”
More broadly, Obrela’s report showed that the threat landscape continues to grow more complex than ever, with brute force attacks (27%), vulnerability scanning (22%) and malicious indicators (20%) dominating the alert landscape. This, said the report, indicated that cyber criminals are turning towards scalable and automated methods to work alongside stealthier actions such as fileless and in-memory attacks.