Financial
AI-Driven Cybersecurity in MENA Banking: Why It’s Time to Rethink Our Defenses
By Omar Mansur, Managing Director – APAC, Codebase Technologies
In an age where digital transformation is moving faster than ever, banks around the Middle East and North Africa (MENA) are forced to confront a growing and increasingly evolving threat: cybercrime and fraud. It’s not just about an increase in the number of incidents; it’s about smarter threats. Nefarious agents are utilizing more complex methods such as leveraging artificial intelligence (AI) to outsmart traditional IT security systems, using everything from deepfake-powered scams to AI-generated phishing campaigns along with social engineering strategies.
In the UAE alone, about 21% of cybersecurity incidents in recent years targeted banks and financial institutions, second only to government entities (Lemos, 2025). With costly breaches on the rise cybersecurity has become a top board-level concern. However globally, 71% of leaders report that small organizations can no longer adequately secure themselves against the growing complexity of cyber risks (WEF, 2025). It’s a high-stakes game and I have personally seen how AI and cybersecurity has taken the spotlight in board meetings and discussion with clients from across the GCC and Levant regions.
This urgency has forced MENA banks to explore AI-driven security solutions that can match the speed and complexity of modern threats, protecting both their customers and their bottom line. The conversation is no longer “if” we need AI-driven defenses—it’s how quickly we can deploy them, and how can we optimize them to adapt to the ever-changing tactics of nefarious agents
Where We Stand
It wasn’t that long ago that Gen AI in banking was mostly used to train and create chatbots for customer support, but this is changing quickly. In the UAE, over 70% of banks have rolled out or upgraded their AI capabilities, and not just to streamline operations, but to actively combat cybercrime (PwC, 2023). Across multiple projects I have seen an overarching focus on AI being incorporated into all manner of digital solutions, particularly in the MENA region where cyber fraud has become a prevalent issue affecting credibility and customer confidence.
The push is being led by both necessity and ambition. Saudi Arabia and the GCC states are investing heavily in national digital strategies, and banks are stepping up with AI systems to detect fraud, verify identities, and stay ahead of financial crime. As many countries in the Middle East position themselves as financial and fintech hubs, ensuring security for customers and institutions is a prime concern in garnering not only customer confidence but regional credibility. That’s pushed regional cybersecurity budgets to grow by double digits, with MENA’s total spend expected to exceed $3.3 billion in 2025, driven by Gen-AI, cloud adoption, talent gaps, and evolving threats (Gartner, 2024).
A True Strategic Advantage or Just a Security Upgrade?
Artificial intelligence isn’t just helping plug holes in defenses, it’s defining the rules for how security is built into every layer of operations. Integrating AI into banking operations gives banks a real edge in regions where speed really matters. Having worked with several banks across the region, I’ve seen firsthand how traditional security models are starting to break under the weight of elaborate AI based threats.
For banks in the MENA region, where rapid digitalization coincides with heightened cyber threats, adopting AI-driven systems enhances operational resilience, reduces financial losses due to fraud, and boosts customer trust. AI not only fortifies security frameworks, it also fosters innovation, empowering banks to confidently pursue new digital business models and expansion opportunities.
AI defenses monitor account activity 24/7 and can react in seconds to anomalies, reducing the window of time attackers can exploit. AI-based user behavior analytics can spot an account takeover attempt at the moment it diverges from normal patterns and automatically disable the account, preventing fraud before it escalates. Early-adopting banks in the UAE report that AI systems have sharply reduced successful fraud incidents and enabled rapid intervention in potential cyber attacks.
AI isn’t just a nice to have security upgrade, it’s a question of survival.
How are Banks Using AI for Cyber Security
A simple example of successful AI usage in a cybersecurity context is during a next-gen digital onboarding process. With many regulators now strong encouraging or mandating digital onboarding, banks have been able to benefit from using AI-powered systems to prevent fraud before it has a chance to run rampant. Next gen AI-powered onboarding and eKYC minimizes friction for customers looking to open accounts, while providing a secure backend environment to recude the risks for attacks. Such solutions utilize a variety of AI enabled features such as next-gen biometrics, deep ID document validation, Arabic language detection, glare reduction in ID photos, all ensuring a secure authentication and verification of a new customer. An example of this application can be the digital onboarding process implemented by UAE-based Ajman Bank, which has registered a significant reduction in fraud attempts after implementing an AI-based digital onboarding system as part of its digital transformation.
Another strategy for catching instances of fraud is by using AI for anomaly detection. A machine learning model can study what “normal” looks like, in terms of user behavior, transaction patterns, system activity; and flag anything that stands out. This allows banks to see unusual patterns – e.g. a late-night login or peculiar fund transfers, which would evade static rule-based systems. Unsupervised algorithms (like isolation forests or one-class SVMs) and neural network autoencoders sift through vast streams of events to pinpoint such outliers. Such strategies, can be deployed to facilitate analysis over large numbers of accounts, which can then be flagged to a human for additional intervention and review.
This tactic can work hand in hand with automating routine security tasks with AI, making cybersecurity operations more efficient. This not only addresses the talent shortage by doing more with less, but also lowers costs associated with manual monitoring and investigation. AI-based security solutions have been shown to improve incident response times and cut costs by reducing trivial alerts and speeding up analysis. Banks in MENA benefit by reallocating human experts to higher-value activities like threat hunting and fortifying security architecture, while letting AI handle the heavy lifting of round-the-clock surveillance.
Neural networks can analyze huge volumes of transactional data, cross-referencing dozens of variables to catch fraud in ways that traditional systems simply can’t. Banks train neural networks on historical transactions to recognize subtle indicators of fraud that humans might miss. An ensemble of decision trees (random forests) or a deep neural network can analyze dozens of features (transaction size, timing, location, device, user profile) to instantly assess whether a transaction is suspicious. These models adapt as fraud tactics evolve, improving over time. Similarly, neural networks in intrusion detection systems learn to spot network traffic behaviors that resemble known cyberattacks. This leads to faster, more accurate threat detection and frees up human analysts for higher-level decision-making.
Phishing remains a prime concern for many banks as targeting customers can be a much simpler way to compromise a system than to go after the bank itself. In fact, in 2024 there was a sharp increase in phishing and social engineering attacks, with 42% of organizations reporting incidents (WEF, 2025). To mitigate such threats, many cyber security experts are turning to Natural Language Processing or NLP, which has become a dynamic way in recent years that helps banks detect malicious intent in emails, texts, and even chat messages. NLP enables AI to “read” and analyze text for signs of fraud or attack. An NLP-driven system can scan incoming emails to employees and flag phishing attempts based on language patterns and malicious links. Banks use NLP to monitor chat messages and transaction memos for red flags, like someone soliciting account details. By understanding context in language, AI adds an extra layer of defense to catch social engineering and scam attempts that purely numeric data monitoring might overlook.
By deploying these AI-powered strategies in tandem, banks can create a multi-pronged defense system, akin to a digital immune system, ready to tackle a multitude of afflictions. An anomaly detection system might catch unusual account behavior, while an NLP filter flags a related phishing email – together giving a fuller picture of an attack in progress. This intelligent automation amplifies human analysts’ effectiveness, allowing them to focus on verified threats and complex investigations rather than sifting through noise.
Looking Towards a Future of Cyber Resilience
We’re entering a new era in banking security. One where artificial intelligence and generative-AI doesn’t just assist, but actively drives how banks detect, prevent, and respond to threats. The emerging champions won’t be those with the biggest budgets, but those with the clearest strategy, and those who understand that AI is both a weapon and a shield in the modern cybersecurity landscape. One that must be deployed correctly to protect institutions and customers.
When implemented wisely, AI can dramatically boost a bank’s ability to prevent breaches, detect fraud in real time, and operate securely at scale – all essential for maintaining customer trust. At the same time, banks must remain vigilant: as attackers innovate with AI, defensive strategies must keep adapting, and governance must ensure ethical, compliant use of artificial intelligence.
So, here’s a question worth asking at the next board meeting is, are we using AI to its full potential, not just to defend our systems, but to build customer trust, support innovation, and lead the market in resilience?
Financial
WHY THE MIDDLE EAST’S DIGITAL IDENTITY INFRASTRUCTURE NEEDS A DEEPER TRUST LAYER

Stefan Deiss, CEO and Co-Founder, The Hashgraph Group
The Middle East has moved faster on digital identity than almost any other region in the world. The UAE Pass now connects residents to more than 5,000 government and private services. Saudi Arabia’s Absher platform has issued over 28 million unified digital IDs. Dubai has gone fully paperless across 45 government entities.
But these systems were built for a world where the main challenge was convenience: getting citizens online, reducing paperwork, speeding up access to services. The threats they were designed to handle were stolen passwords, forged documents and basic impersonation.
What they were not built for is an environment where artificial intelligence can generate a convincing human face in seconds, clone a voice from a few minutes of audio, and inject a synthetic video feed into a verification check in real time.
What distributed ledger technology actually adds
Most digital identity systems today are centralised. Your credentials sit in a government or enterprise database, and every time your identity needs to be checked, the system queries that database. Sometimes that means scanning your face against a stored biometric template. Sometimes it means pulling up your document records and cross-referencing them. Either way, the process depends on one central store of information being secure, accurate and available.
The model works until it doesn’t. A single database holding millions of identities is a high-value target. An attacker who gets in does not compromise one person. They compromise everyone. And the tools available to attackers are improving fast.
The GCC fraud detection market has reached $1.2 billion. Deepfake attacks on identity systems are surging globally. In May, the Saudi Data and Artificial Intelligence Authority published updated deepfake guidelines that explicitly recommend blockchain-based provenance systems to establish traceable records of original content. The guidelines identify identity impersonation through cloned voices and facial simulations as a major risk, and single out finance, politics and identity verification as sectors requiring priority monitoring.
This is the context in which distributed ledger technology becomes relevant. Decentralised identity flips the conventional model. Instead of credentials sitting in someone else’s database, you hold them yourself, in a digital wallet on your device. When you need to prove something, you present only the specific credential required. The verification is recorded on a distributed ledger, a shared record maintained across a network of independent computers rather than controlled by any single organisation. Nobody owns it, can alter it, and shut it down.
Then there are zero-knowledge proofs. This is a way of proving something is true without revealing the underlying information. You could prove you are over 18 without showing your date of birth. You could prove you hold a valid professional licence without disclosing your name or address. The verifier gets the confirmation they need. You keep everything else private.
There is no single database to breach. The individual controls what information is shared and with whom. And every verification event is recorded permanently, creating an audit trail that regulators, enterprises and individuals can each trust independently.
In Sharjah, decentralised identity infrastructure has been integrated across a smart city ecosystem, making it one of the first urban environments in the world where residents, buildings and services interact through digital credentials rather than centralised databases.
The physical presence problem
There is a further gap that even well-designed digital identity systems do not currently address: physical presence.
Identity verification today confirms who someone claims to be remotely. It checks documents, runs facial recognition, performs biometric matching. What it cannot confirm is that a real human being is actually sitting in front of the screen. A synthetic face, a cloned voice and an injected video feed can sail through remote checks that were designed for an era when faking a human was genuinely difficult. That era is over.
The technology to close this gap exists. Ultra-wideband radar, the same short-range spatial sensing found in consumer devices, can detect physical presence with sub-10-centimetre accuracy. It can pick up vital signs such as breathing and heartbeat as a liveness check. When that presence event is cryptographically bound to a decentralised identity credential and recorded on a distributed ledger, the result is a tamperproof record proving a specific individual was physically present at a given location at a given time, verifiable by any authorised party without exposing personal data.
The applications stretch across sectors. In transport, a traveller approaching a gate at an airport or train station could be verified instantly: identity confirmed, physical presence proven, the event recorded permanently. The same logic applies to stadiums, conferences, concert venues and any gated environment where ticket fraud is a problem.
Why the Middle East is the right place for this conversation
The UAE government has announced its intention to transition 50 per cent of federal sectors and services to agentic AI within two years. When AI agents begin autonomously processing licences, permits, compliance checks and cross-border transactions, the question of who authorised what, and whether a human was genuinely involved at the point of decision, becomes critical. Without a verifiable link between a physical person and a digital action, agentic AI systems become vulnerable to impersonation at a scale that manual fraud teams cannot monitor.
The region also has structural advantages that most other markets do not. Governments in the Gulf are bringing policy, investment and technology deployment together under unified national strategies. Saudi Arabia’s Vision 2030, the UAE’s digital economy strategy targeting 20 per cent of non-oil GDP by 2030, and the broader push toward smart city infrastructure all create an environment where new identity infrastructure can move from concept to deployment far faster than in markets weighed down by legacy systems and fragmented regulation.
What comes next
The digital identity systems the Middle East has built over the past decade are genuine achievements. But they were designed for a world where the person on the other end of a verification check was assumed to be real. That assumption is becoming less reliable every quarter.
The next generation of identity infrastructure needs to do three things. It needs to remove single points of compromise by decentralising how credentials are stored and verified. It needs to give individuals control over their own data through zero-knowledge proofs and selective disclosure. And it needs to prove physical presence at the moment of verification, closing the gap that synthetic media is already exploiting.
About the Author:
Stefan Deiss is Co-Founder and CEO of The Hashgraph Group (THG), a Swiss-based Web3 and AI technology engineering company specialising in enterprise solutions built on the Hedera network.
Stefan brings over two decades of experience in technology and business transformation. He spent 11 years at Orange Business Services before moving to Zurich Insurance Group, and went on to found his own consulting firm in 2013. In 2016, he co-founded The Hashgraph Group, which today operates globally with offices across Switzerland, Abu Dhabi, Hong Kong, and beyond.
Under his leadership, THG has developed a suite of enterprise products including TrackTrace for EU Digital Product Passport compliance, IDTrust for decentralised digital identity, and EcoGuard for sustainability and carbon markets. He is also co-inventor of CITI (Continuous Identity Trust Infrastructure), a patent-pending cryptographic framework that binds physical presence to digital identity.
Financial
QASHIO BRINGS CUSTOMERS EXCLUSIVE ACCESS TO THE FIFA WORLD CUP 2026™ FAN ZONE EXPERIENCE
Qashio, the MENA region’s leading spend management solution, is rewarding its UAE customers with exclusive FIFA World Cup 2026™ fan experiences, including premium viewing access, interactive competitions, and hospitality benefits at Emirates Golf Club’s Footy Central in Dubai. The initiative gives customers the opportunity to experience a dedicated football watch party destination during the world’s biggest football tournament.
Running from 11 June to 19 July 2026, Footy Central will screen live matches alongside themed F&B, interactive games, family-friendly activities, competitions, and matchday entertainment. The programme builds on the global appeal of football’s premier event, which reached more than five billion viewers across all platforms during its previous edition, and reflects Qashio’s value proposition beyond spend management by turning client loyalty into tangible rewards and premium benefits.
The campaign will unlock exclusive access to selected matchday rewards and fan activations for Qashio customers, including F&B vouchers, matchday credits, Viya Points, gaming rewards, and VIP hospitality experiences. Viya Points, the digital reward currency within the Viya App ecosystem, can be redeemed across a premium lifestyle network of 400 venues, extending the value of the campaign beyond the matchday.
Guests can participate in the Ronaldo Header Challenge, where they can test their heading accuracy, while the FIFA Console Zone will host the PS5 FIFA Esports Challenge: Road to the Cup, with guests competing in head-to-head matches for leaderboard positions and daily rewards. Half-time engagement will include lucky draws during key matches, alongside Predict & Win competitions that reward guests for accurate match predictions.
Armin Moradi, CEO and Founder of Qashio, said: “Football is the most popular sport in the UAE among both Emiratis and the broader expat population, which makes the FIFA World Cup 2026™ a powerful moment to celebrate with our customers. Qashio was built to help businesses manage spend with more control and value, and this campaign extends that promise by turning loyalty into memorable experiences for finance leaders and teams across the country.”*
The FIFA World Cup 2026™ customer rewards campaign reflects Qashio’s broader approach to building a spend management platform that combines financial control with meaningful customer engagement. Through rewards, activations, competitions, and hospitality benefits, Qashio is continuing to create value for businesses beyond transactions, while giving customers new ways to engage with one of the most anticipated sporting events in the world.
For more information on the Footy Central experience and partnership opportunities, visit the link.
Financial
How Geopolitical and Economic Disruption Are Reshaping the CRO Role in GCC Banking
As geopolitical uncertainty, tighter liquidity and digital disruption converge, the CRO role is evolving from compliance gatekeeper to strategic business leader.
For much of the past decade, GCC banks operated in an environment defined by strong liquidity, rapid credit expansion and relatively stable macroeconomic conditions. Supported by high oil revenues and ambitious national growth agendas, the region’s banking sector became synonymous with resilience, scale and sustained growth.
That resilience has been tested in recent months and, so far, the sector has responded well. Recent banking data published by the Central Bank of the UAE (CBUAE) and the Saudi Central Bank (SAMA) suggests that customer deposits have continued to grow despite heightened regional uncertainty.

Customer deposits increased by 17% year-on-year as of April 2026, and 2% from February to April 2026 in the UAE, while in Saudi Arabia, the growth in deposits was 11% year-on-year as of April 2026 and 2% from February to April 2026 , reinforcing both markets’ positions as regional safe havens for capital. Growth in monetary aggregates and non-resident deposits further suggests that regional and international investors continue to view GCC banking systems as stable, well-capitalized and resilient.
Importantly, there is little evidence so far of the capital flight or systemic liquidity pressures that some observers initially feared. Instead, the data suggests that the UAE and Saudi Arabia continue to play an important role as regional safe havens for capital, supported by strong banking fundamentals, prudent regulation and proactive central bank intervention.
Central banks have also played an important role. Proactive interventions helped preserve liquidity, support credit expansion and provide targeted relief to sectors facing short-term disruption. In the UAE, banks were able to extend working capital facilities and restructure short-term obligations for fundamentally healthy businesses, helping bridge temporary cash-flow pressures while maintaining confidence across the financial system.
As a result, resilience is no longer simply a measure of capital strength. It has become a strategic capability that underpins the sector’s ability to navigate an increasingly complex operating environment.

However, what is clearer than ever before is that the operating environment around banks is changing rapidly—and as a result, so is the role of the CRO.
The recent regional conflict accelerated that realization. Traditional stress-testing models were largely designed around financial shocks such as market volatility, liquidity tightening, and credit deterioration. What many institutions are now confronting is a far broader challenge, where geopolitical tensions, cyber threats, operational resilience, and credit risk can all influence one another simultaneously.
Across the GCC, this has prompted some banks to reassess whether existing business continuity and resilience frameworks are sufficiently equipped for a far more interconnected risk landscape.
This is particularly relevant in a region where regulatory frameworks have prioritized sovereignty, local data residency, and operational control. Recent events have also created an opportunity for institutions to reassess how these strengths can be balanced with greater operational flexibility and diversification, e.g., for digital data storage.
At the same time, a second structural shift is unfolding more quietly beneath the surface.
According to analysis from FTI Consulting, GCC banks originated close to $1 trillion in new lending between 2020 and 2025 across Saudi Arabia, the UAE and Qatar. Much of this growth took place during a prolonged low-interest rate environment and elevated liquidity conditions, meaning many portfolios, particularly across real estate and mortgage lending, have not yet been tested through a full economic stress cycle.
That could create a more complex operating backdrop for the years ahead.
For banks, the longer-term risk is not simply operational disruption. While business continuity and cybersecurity remain critical priorities, credit risk remains equally important. If short-term disruption were to evolve into a prolonged economic slowdown, pressure could emerge across borrower segments and asset classes, particularly in sectors that have benefited from strong credit expansion in recent years. In certain scenarios, a meaningful correction in real estate markets would have implications not only for borrowers but also for portfolio performance and risk provisioning across the banking sector.
This is precisely the type of forward-looking scenario that CROs must now anticipate, rather than simply respond to.
Modern CROs are increasingly expected to balance resilience, growth, operational continuity and profitability simultaneously, while helping institutions navigate a far more dynamic and interconnected operating environment. More importantly, the CRO can no longer afford to be purely backward-looking.
The institutions likely to outperform over the next decade will be those capable of identifying disruption early, adapting faster and embedding risk intelligence directly into strategic decision-making.
That requires a fundamentally different approach to risk management. One built around predictive intelligence, integrated scenario planning, dynamic stress testing and real-time decision-making.
Artificial intelligence and advanced analytics are becoming increasingly important in that transition.
Some leading regional banks are already investing in AI-enabled underwriting, early-warning systems and advanced collections capabilities that allow them to identify stress signals earlier and make more sophisticated portfolio decisions in real time. Others, however, continue to rely on fragmented legacy systems, manual workflows and reactive operating models.
That gap may become increasingly important during periods of disruption. Institutions that can identify emerging stress earlier, underwrite more effectively and anticipate portfolio deterioration before competitors will inevitably benefit from lower risk costs and stronger resilience outcomes.
Because in this new environment, resilience itself is becoming a competitive advantage.
The banks most likely to succeed will not necessarily be the largest or most conservative institutions. They will be the organizations capable of integrating risk more directly into strategic decision-making, modernizing operational infrastructure and responding dynamically to an increasingly volatile external environment.
The broader lesson for the sector is clear.
The GCC banking industry is entering a new era where resilience can no longer be measured purely through capital strength or regulatory compliance. Increasingly, resilience will be defined by adaptability and the ability to proactively anticipate interconnected geopolitical, operational, technological and economic disruption in real time.
And that shift is fundamentally redefining the CRO mandate across the region.
The institutions that recognize this early and empower their risk functions accordingly will likely be best positioned for the next phase of growth across GCC banking.
-
News11 years ago
SENDQUICK (TALARIAX) INTRODUCES SQOOPE – THE BREAKTHROUGH IN MOBILE MESSAGING
-
Trending8 months agoOPPO A6 Pro 5G Review: Reliable Daily Driver
-
Tech News2 years agoDenodo Bolsters Executive Team by Hiring Christophe Culine as its Chief Revenue Officer
-
VAR1 year agoMicrosoft Launches New Surface Copilot+ PCs for Business
-
Automotive2 years agoAGMC Launches the RIDDARA RD6 High Performance Fully Electric 4×4 Pickup
-
Tech Interviews2 years ago
Navigating the Cybersecurity Landscape in Hybrid Work Environments
-
Tech News12 months agoNothing Launches flagship Nothing Phone (3) and Headphone (1) in theme with the Iconic Museum of the Future in Dubai
-
VAR2 years agoSamsung Galaxy Z Fold6 vs Google Pixel 9 Pro Fold: Clash Of The Folding Phenoms


