As organisations across the Middle East and North Africa accelerate their digital transformation strategies, cybersecurity leaders are facing a new paradox: the speed of AI development has outpaced traditional security models.
Maher Jadallah, Vice President for MENA at Tenable, calls this the “AI speed paradox”, a challenge that is forcing the cybersecurity community to rethink how they protect rapidly evolving environments. “We’ve reached a point where AI development is moving so fast that the security implications often aren’t fully considered,” says Jadallah. “When it comes to security, there is a danger that the horse won’t just bolt through the open gate but charge through it and may even destroy the gate entirely.”
According to Jadallah, the widespread integration of generative AI (GenAI) into enterprise applications is creating a new attack surface. While GenAI offers significant business advantages, it also introduces vulnerabilities, especially when security controls are absent or underdeveloped.
Tenable’s response is proactive. In September, the company launched ‘AI Aware’, a solution designed to detect AI-specific exposure across applications, plugins, and libraries. It’s part of a broader strategy to embed security into every layer of the AI lifecycle, from secure coding and vulnerability scanning to dynamic analysis and remediation.
Unified Cyber View
Tenable’s presence at GISEC 2025 centres on one theme: “see and fix risk before it becomes a threat.” With a fragmented cyber landscape plagued by siloed tools, Jadallah believes traditional approaches to risk management no longer work. “The war against cyber risk won’t be won with security strategies that stand divided,” he notes.
The company is showcasing Tenable One, an AI-powered exposure management platform that provides a unified risk view across all digital assets and attack pathways. By breaking down siloes, Tenable One helps organisations prioritise the exposures that matter most—before they’re exploited.
This year, Tenable’s platform capabilities received a significant boost with the acquisition of Vulcan Cyber. The integration allows Tenable to expand its third-party ecosystem with over 100 integrations, enhance AI-powered risk prioritisation, automate remediation workflows and lay the groundwork for advanced exposure AI capabilities.
The goal? Enable security teams to operate more efficiently, proactively, and intelligently, from endpoint to cloud.
Rethinking Risk in an AI-Driven Future
GISEC’s 2025 theme, “Securing an AI-Powered Future”, resonates deeply with Tenable. Jadallah views GenAI not just as a threat vector, but also a powerful enabler for defenders. “GenAI is like Google Translate for cyber defenders. It can help us analyse, prioritise and act faster.”
The potential lies in context-rich analysis. By merging data from disparate security tools, GenAI can uncover patterns and present findings in simple, actionable terms. For blue teams and SOC analysts, this means faster decisions and more effective incident response.
But the risks are real. Tenable’s 2025 Cloud AI Risk Report revealed that 70 per cent of cloud AI workloads have unremediated vulnerabilities, highlighting critical blind spots in security hygiene. Notably, 30 per cent of workloads were found to contain CVE-2023-38545, a high-profile vulnerability in the widely used curl library.
To address these concerns, Tenable has introduced Data Security Posture Management (DSPM) and AI Security Posture Management (AI-SPM) features in its cloud platform, extending visibility and control to cloud-native and hybrid AI environments.
Prioritise Proactively, Not Reactively
In closing, Jadallah offers a pointed reminder to organisations investing in cybersecurity today. “You can’t put the genie back in the bottle.” Once attackers breach your defences, it’s game over.
Instead of waiting for incidents to occur, he advocates for preventive, attacker-informed security strategies, ones that focus on chaining risks, identifying attack paths, and closing gaps before they can be exploited.
Perhaps the most urgent misconception, says Jadallah, is that organisations need more tools. In reality, many already rely on over 100 disconnected security products—a setup that fragments data and obscures risk. “Organisations aren’t helpless—they’re just buried in disjointed datapoints.”