Navigating the AI-Infused Cybersecurity Landscape in the GCC
As the Gulf Cooperation Council (GCC) pivot towards more AI-driven digital economies, a significant disconnect has come to light. Organizations are rushing to implement machine learning technologies but often overlook the cybersecurity threats already lurking within their own networks. Rob Lee, the Chief AI Officer and Chief of Research at SANS Institute, sheds light on the findings from the SANS 2025 GCC Cybersecurity Threat Landscape Report and the duality of AI: while it can enhance security measures, it also introduces new vulnerabilities.
The Core Objective of the SANS 2025 Report
At the heart of the SANS 2025 GCC Cybersecurity Threat Landscape Report lies a crucial aim: to provide a detailed overview of organizational behaviors across the region. Much like any systematic threat analysis, the goal is to understand how companies interpret data and identify which metrics are essential for strategic decisions. It’s easy for the term “cybersecurity” to be diluted into marketing buzzwords; however, the reality is a constantly evolving field that requires attention and adaptation.
By grasping these shifts, organizations can better analyze their standing relative to their peers. Leaders must confront tough questions: Are our vulnerabilities unique, or do they reflect a wider systemic issue? Are we aligned with industry trends, or missing critical insights? Such analyses are vital as they provide empirical data that can help organizations tweak their security strategies in line with emerging trends.
The Visibility Gap in Cyber Attacks
One fascinating statistic from the report is that roughly one-third of survey respondents expressed a lack of awareness regarding the number of attacks they have faced. This visibility gap raises troubling questions about the detection capabilities in the region. Understanding the extent of threats is crucial because, as they say, “you cannot defend against what you cannot see.” Unfortunately, the industry often exhibits a reluctance to admit to this “digital blindness.”
With the rise of AI-enhanced threats, the landscape of cyber warfare is changing rapidly. The sophistication and speed of attacks are increasing, making the visibility gap even more critical. Many networks lack the telemetry needed to differentiate between significant warnings and irrelevant data—a challenge reminiscent of airport security, where familiar threats are prioritized over emerging dangers.
Moreover, organizations might inaccurately believe they possess a clear view of the threat landscape, providing a false sense of security. Without reliable metrics, organizations risk benchmarking against peers who are equally misinformed, achieving only a superficial understanding of their vulnerabilities.
Divergent Risk Perception Among Organizations
The report highlights an alarming discrepancy in how organizations perceive cyber risk. Approximately 25% of respondents rated their cyber risk as “very low,” while the same percentage categorized it as “high.” Such contrasting views indicate varying levels of cybersecurity maturity across organizations facing similar environmental threats.
The group that perceives risk as “very low” may include a few well-prepared organizations, but it likely consists of many that are simply unaware of the dangers they face. This visibility issue aligns closely with previous observations about gaps in awareness. Conversely, those rating their risk as “high” may be more attuned to the volume of threats or have experienced recent breaches.
This polarity suggests a lack of consensus on how to assess cyber risks within the GCC. Without unified benchmarks, the region struggles with collective cybersecurity resilience, making collaborative efforts even more challenging.
Allocating Security Budgets Wisely
A pertinent finding in the report is that more than 25% of respondents allocate less than a quarter of their security budgets to detection and response. Given that ransomware remains a top threat, this raises the question of where the remaining budget is being allocated.
Organizations frequently invest in outdated perimeter defenses, compliance-driven solutions, and legacy hardware, often neglecting the evolving sophistication of cyber threats. Many still chase initial access techniques instead of focusing on lateral movements and post-breach activities. Those who effectively navigate the threat landscape tend to have optimized their budgets toward detection and response efforts.
The Rise of Shadow AI
An emerging security concern is “Shadow AI,” where employees leverage unauthorized AI tools, often exposing sensitive information. As organizations defend against AI-powered attacks, they must also manage the risks stemming from internal AI usage. Unfortunately, the cybersecurity field may be focusing too heavily on external threats while underestimating the internal risks posed by unsanctioned AI deployment by employees.
Organizations face a triple challenge: monitoring external AI-infused attacks, deploying AI for defense, and securing internal AI frameworks. This multifaceted approach requires different skill sets. Strikingly, only 22% of organizations have sought AI/ML training, indicating a dangerous lack of preparedness.
A Shifting Priority Toward Security Architecture
While cloud security specialists and penetration testers are in high demand, security architects seem less sought after. This discrepancy is surprising, especially considering that security architecture is deemed a critical area for training and skill development. Hiring managers, however, often prioritize tactical roles that offer immediate solutions over strategic positions that maintain the organization’s security framework.
The short-term focus on hiring visible problem-solvers like penetration testers often leads to a cycle of accumulating technical debt. Without robust architectural planning, organizations find themselves repeatedly addressing predictable vulnerabilities rather than implementing proactive measures.
Addressing Vulnerabilities in Critical Systems
With many organizations unable to patch industrial control systems without interrupting operations, dealing with vulnerabilities in these settings has become increasingly complex. Older systems, often built on outdated infrastructure, don’t allow for traditional patching methods. As a result, organizations must pursue compensating controls, risk-based prioritization of critical assets, and enhanced monitoring to detect issues as they arise.
Additionally, the talent gap in critical sectors makes it even more challenging for organizations to find experts who can navigate both legacy systems and modern security protocols. In a climate where vigilance is not merely a strategy but a necessity, organizations need to adapt or risk severe repercussions.
The Importance of Regular Threat Monitoring
Surprisingly, nearly one-third of organizations in the GCC check for regional threats only quarterly. As the report notes, this delay could significantly increase exposure to dangers, particularly given the rapid evolution of attack strategies. AI technology has the potential to compress attack timelines, making it imperative for organizations to adopt continuous monitoring rather than infrequent assessments.
The GCC remains a prime target for sophisticated nation-state actors, necessitating robust, proactive measures. The report underscores that organizations performing daily or weekly monitoring are in a much better position to detect and respond to threats, while others risk allowing substantial breaches to occur unnoticed.
With the landscape of cybersecurity evolving at such a rapid pace, the insights from the SANS 2025 GCC Cybersecurity Threat Landscape Report serve as a crucial reminder for organizations to reassess their strategies and improve their visibility and preparedness in the face of emerging AI risks.
