The vast majority (98%) of organisations in the UAE are deploying agentic AI in at least part of their cybersecurity operations, with 53.2% in full production and 44.8% in the pilot phase of deployment, according to a new survey conducted by Censuswide and commissioned by the global cybersecurity leader, Palo Alto Networks. Furthermore, the trend looks set to continue gathering pace, with 98% of organisations likely to increase investment in agentic AI for cybersecurity in 2025–2026.
This large-scale action in deploying AI for cybersecurity comes as organisations in the UAE see a significant uptick in cyberthreats, with 75% of survey respondents reporting an increase in the volume or complexity of cyberattacks targeting them in 2025 compared to the previous year. And almost all respondents – 99.2% – said they believe that AI agents, defined as AI systems that can operate autonomously, are currently being used by cybercriminals to automate or enhance attacks.
Despite this, survey respondents overwhelmingly believe that agentic AI will reduce cybersecurity risks for their organisation: 89.2% anticipate that agentic AI will decrease risks for their organisation in the next 12 months, while just 2.4% believe it will increase risks.
Meanwhile, the biggest barriers organisations face in adopting or scaling agentic AI in cybersecurity are integration with legacy systems (26.4%), lack of trust in AI autonomy (20.8%), lack of clear regulation (20.4%), limited in-house expertise (18.4%), and cost (13.6%).
“The results of the survey serve as a sobering reminder of the need for organisations in the UAE to move quickly and effectively in using AI-based tools to fight AI-based cybersecurity threats,” said Haider Pasha, Chief Security Officer, EMEA, Palo Alto Networks. “The increase in volume and complexity of threats broadly matches what we see at a global level, and it is reassuring to see organisations in the UAE taking action. However, the conviction of those surveyed that agentic AI will reduce attacks in the next 12 months could indicate a degree of overconfidence, especially when considering that more than a quarter of the CEOs cited integration of legacy systems as a key concern. This underscores the need for organisations to embrace a ‘platformisation’ approach to consolidate cybersecurity functions, reduce complexity and provide robust defence against the most pernicious new threats.”
Other findings
The CEOs surveyed cited various issues as being primary concerns related to agentic AI in cybersecurity, including:
- Legal and regulatory uncertainty (22%)
- Data privacy concerns (22%)
- Unpredictable behavior (18%)
- Unclear business benefit (17.2%)
- Lack of skilled talent (14.4%)
- Ethical risks (6%)
Cybersecurity functions that organisations believe will be most transformed by agentic AI by 2026:
- Incident response (24.8%)
- Identity & access management (22%)
- Attack surface management (20.4%)
- SOC automation (17.2%)
- Threat detection (15.6%)
External support deemed most valuable to organisation in adopting agentic AI responsibly and effectively:
- Regional regulation clarity (24%)
- Access to skills and talent (23.6%)
- Industry partnerships (18.8%)
- Government-led standards (17.2%)
- Case studies from peers (16.4%)
Almost all (98%) of organisations expressed confidence in their current cybersecurity teams’ ability to manage and govern agentic AI systems responsibly with 53.6% saying they were very confident, and 44.4% somewhat confident.
Discussion about this post