KnowBe4 Flags Agentic AI and Deepfake Risks for UAE & Saudi Arabia Firms

KnowBe4 Flags Agentic AI and Deepfake Risks for UAE & Saudi Arabia Firms

KnowBe4’s latest research report, From Agentic Risk to Human Wins: Building a Culture of Security in the Era of Agentic AI, shines a light on a rapidly evolving threat landscape in the Gulf region. The study, which surveyed 4,000 security decision‑makers and employees worldwide—including 800 senior security leaders and 3,200 staff members from organizations with 250 + employees—reveals that autonomous AI agents and deepfake technology are already reshaping how work gets done in the United Arab Emirates and Saudi Arabia. While 84 % of cybersecurity leaders say AI agents are now embedded in everyday workflows, a striking 24 % of firms admit that these tools operate without formal approval or governance. This “Shadow AI” layer functions like an invisible team of digital workers, handling sensitive data and making decisions without oversight, thereby expanding the corporate attack surface faster than security teams can erect protective guardrails. At the same time, deepfake media has become so convincing that 88 % of employees consider it impossible to know what to trust, and more than half acknowledge they could fall victim to a synthetic‑voice or video scam. The combination of ungoverned AI and hyper‑realistic synthetic content creates a perfect storm for social‑engineering attacks, forcing security leaders to rethink both technology controls and human behavior in tandem.

Report Highlights UAE & Saudi Arabia AI Adoption and Governance Gaps

The report paints a detailed picture of AI penetration and the governance shortfalls that accompany it. An overwhelming 84 % of cybersecurity leaders across the two countries confirm that AI agents are already taking actions within organizational workflows—ranging from automating routine ticket triage to generating draft communications. Yet, 24 % of organizations describe this usage as “unapproved or ungoverned,” effectively creating a shadow layer of AI that operates without visibility or policy enforcement. This shadow AI is not merely a theoretical risk; it handles real, sensitive organizational data, making it an attractive target for threat actors seeking to hijack or manipulate automated processes.

Key statistics from the study include:

  • 88 % of employees say deepfake voice and video content is now so realistic it is impossible to know what to trust.
  • 52 % of employees admit they could be tricked by a deepfake scam at work, highlighting a pervasive confidence gap.
  • 41 % of employees source their own agentic AI tools when corporate options are unavailable, exposing firms to additional risk through unsanctioned software.
  • 52 % of cybersecurity leaders report that the use of unsanctioned software and AI apps has actively impacted their security posture over the past 12 months.

Despite these challenges, 76 % of security leaders feel “very well prepared” to handle emerging AI‑driven threats, but 84 % still see a need for improvements to align AI tools with security policies and approved risk limits. The data suggest a paradox: confidence in preparedness coexists with recognition of significant governance gaps that could be exploited by sophisticated attackers.

Governance Gaps Amplify Human Error and AI‑Enabled Attacks

Human error remains the dominant catalyst for security incidents, and the report quantifies its impact in the Gulf context. More than half (54 %) of cybersecurity leaders say mistakes made during routine work have had the greatest impact on their organization’s security over the past year. Time pressure and workplace distractions are cited by 44 % of employees as direct contributors to these errors, often prompting staff to bypass established safe protocols.

AI‑enabled attacks are identified by 36 % of security leaders as a key future risk. The convergence of “Shadow AI” and deepfake‑based social engineering creates a dual‑front threat: attackers can inject malicious prompts into unsupervised AI agents while simultaneously delivering convincing synthetic media to human users. This synergy enables threat actors to compromise both the automated decision‑making layer and the human element in a single, coordinated campaign.

Dr. Martin Kraemer, CISO Advisor at KnowBe4, warned that “leaving almost a quarter of your corporate AI usage ungoverned is a massive open invitation to threat actors.” He emphasized that attackers are moving at machine speed, leveraging deepfakes and prompt injections to target employees and hijack AI agents alike. The report underscores that without clear governance, organizations risk losing visibility into who—or what—is acting on their behalf, making detection and response far more difficult.

Building a Security‑First Culture for Hybrid Workforces

The research highlights a clear path forward: organizations that embed cybersecurity as a cultural attribute, rather than a siloed function, achieve markedly better outcomes. In firms where security is treated as a shared responsibility, 82 % of employees feel safe reporting mistakes, fostering an environment where both human and agentic errors can be identified and corrected quickly. The report recommends shifting from a reactive “track‑the‑failure” mindset to one that actively reinforces positive security behaviors across the entire workforce—including AI agents.

KnowBe4 positions its platform as a practical enabler of this cultural shift. By combining attack simulation, interactive training, and AI‑driven defense agents (AIDA), the solution aims to provide continuous reinforcement of secure habits while simultaneously monitoring and protecting autonomous AI tools. The integrated approach helps organizations close the governance gap, detect prompt‑injection attempts, and improve deepfake awareness through targeted education.

Key Takeaways

  • 24 % of UAE and Saudi Arabia organizations report using autonomous AI agents without approval or governance, creating “Shadow AI” that handles sensitive data unseen.
  • 88 % of employees say deepfake voice and video content is now so realistic it cannot be trusted, and 52 % admit they could be fooled by a deepfake scam at work.
  • 54 % of cybersecurity leaders attribute the greatest cybersecurity impact over the past 12 months to mistakes made during everyday work, while 41 % of employees independently acquire AI tools, increasing exposure to unsanctioned software.

TechInsyte's Take

The findings underscore that AI adoption in the Gulf is outpacing governance frameworks, leaving a sizable portion of the workforce vulnerable to sophisticated social‑engineering attacks. Security leaders should evaluate their shadow‑AI inventory, enforce approval processes for all agentic tools, and invest in training that specifically addresses deepfake detection. As organizations move toward hybrid human‑AI work models, the ability to embed security into everyday behavior will be a decisive factor in limiting risk.

Source: Businesswire

TechInsyte technology intelligence workspace

About TechInsyte

TechInsyte is a B2B technology news and intelligence platform covering major developments across AI, cloud, cybersecurity, enterprise software, semiconductors, startups, policy, and markets. We focus on the signals that matter for decision-makers.

The idea behind TechInsyte is simple. Technology moves fast, and professionals need clear information without unnecessary noise. New platforms emerge, security risks evolve, enterprise software changes, and the AI shift continues to reshape how companies operate. We help readers understand those developments in a practical and business-focused way.

Our coverage focuses on meaningful technology updates, product launches, enterprise strategy, funding activity, regulatory change, infrastructure trends, and the broader forces shaping the technology industry. The goal is to keep every article clear, relevant, and useful for professionals who need to know what happened, why it matters, and what it could mean next.

TechInsyte is built for readers who want sharper context, cleaner coverage, and a more focused view of technology without the clutter.