A new report from cybersecurity firm KnowBe4 reveals a critical gap in AI governance across the Gulf, with 24% of organizations in the UAE and Saudi Arabia deploying autonomous AI agents with little to no formal oversight. This unregulated adoption has led to a rise in “Shadow AI,” where employees use unapproved tools, exposing companies to significant security risks in a region rapidly embracing artificial intelligence.
Quick Facts
- 24% of UAE & Saudi firms run ungoverned AI.
- 41% of staff use unapproved “Shadow AI” tools.
- 52% of employees admit deepfakes could fool them.
The Rise of Shadow AI and Human Risk
The study, titled “From Agentic Risk to Human Wins,” highlights a growing disconnect between official company policy and employee behavior. When official AI tools are restricted or unavailable, 41% of staff admit to sourcing their own, creating a blind spot for security teams. This trend has tangible consequences, as 52% of security leaders confirm that unsanctioned software and AI applications have negatively impacted their security posture in the last year.
Compounding the issue is the persistent factor of human error. The research found that 54% of cybersecurity leaders believe simple human mistakes—not sophisticated cyberattacks—have had the largest negative impact on their organization’s security over the past 12 months. Furthermore, 44% of employees confess that time pressures and workplace distractions lead them to make security errors, even when they are aware of the correct protocols.
Deepfakes and AI Attacks Test Regional Defenses
The sophistication of AI-generated content is creating a new layer of threats. A striking 88% of employees surveyed now find deepfake voice and video content too convincing to easily discern from reality. More than half (52%) admit they could be tricked by a deepfake scam in a work environment.
This concern is shared by security professionals, with 36% identifying AI-enabled attacks as a primary driver of future human-related security risks. While a majority of security leaders (76%) report feeling well-prepared for these emerging threats, a larger number (84%) concede that improvements are necessary to ensure AI tools and agents operate within approved company policies.
From Checklists to Culture: A New Security Mindset
The report suggests that the most effective defense is not a technical one, but a cultural one. Organizations that treat cybersecurity as an integral part of their company culture, rather than just a functional department, are achieving better security outcomes. In these environments, 82% of employees state they feel safe reporting security mistakes without fear of reprisal.
This cultural approach is critical as AI agents increasingly function like colleagues and decision-makers within workflows. The findings show that when a strong security culture is in place, employees are far more likely to be proactive partners in an organization’s defense.
About KnowBe4
KnowBe4 is a provider of the world’s largest security awareness training and simulated phishing platform. The company’s solutions help organizations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics. Its platform is designed to build a more resilient and secure human firewall.
Source: KnowBe4


