The ongoing geopolitical tensions involving Israel, the United States, and Iran underscore a challenging reality for security leaders in the Middle East: geopolitical instability not only increases the risk of external attacks but also alters internal risk dynamics in ways many organizations are ill-equipped to handle.

As businesses navigate the complexities of remote work, dispersed access patterns, supply chain dependencies, and the increasing reliance on AI-powered tools, insider risk management has become more intricate, unpredictable, and difficult to detect using conventional methods. In this landscape, AI emerges as not just an enhancement for cyber security, but as a robust tool for managing uncertainties on a grand scale.

Mazen Adnan Dohaji, senior vice-president and general manager of IMETA at Exabeam, explains that while conflict does not necessarily result in a higher number of malicious insiders, it does create increased operational noise when security teams need clarity the most. “The real challenge for defenders is not simply that conflict creates more cyber risk; it’s that it introduces more noise, edge cases, and ambiguity precisely when security teams need to make faster decisions,” he states.

This differentiation holds significant importance, especially in the Middle East, where organizations strive to balance digital transformation initiatives with increasing concerns about sovereignty, resilience, and cyber preparedness. During periods of geopolitical stress, even routine behaviors can suddenly appear abnormal—such as users logging in from unusual locations, contractors requesting temporary privileged access, or employees engaging with both sanctioned and unsanctioned generative AI (GenAI) tools in ways that remain under the radar of security teams.

Standard insider threat programs, which traditionally rely on rigid rules and manual investigations, often struggle to adapt to this changing landscape. As a result, behavior—not merely alerts—emerges as the key signal for analysis. “Security teams should focus less on expanding watchlists and more on understanding how normal behavior evolves under stress,” advises Dohaji.

Importantly, Dohaji posits that security teams do not need to establish separate strategies to address AI risk and insider risk; they increasingly represent intertwined challenges in today’s environment. This is where AI-driven user and entity behavior analytics (UEBA) becomes critical. Through machine learning, organizations can establish baselines for typical activities performed by employees, contractors, service accounts, and privileged users.

Such technology enables security teams to detect subtle anomalies—potential indicators of misuse, coercion, credential compromise, or data exfiltration. “Machine learning can create baselines for both human and non-human activity, identify subtle deviations, and escalate risk as small signals aggregate across identities and entities,” emphasizes Dohaji.

Since insider risk rarely manifests as a singular dramatic event but rather unfolds through a series of explainable yet unusual actions, the ability of AI to connect these seemingly innocuous dots becomes invaluable. Security teams can view these actions in the aggregate, gaining insights that might otherwise remain obscure.

As companies in the Middle East face an uncertain future marked by geopolitical shifts, the role of AI in managing insider risk becomes paramount. Organizations are urged to adopt forward-thinking strategies that leverage AI’s capabilities to gain clarity amid chaos, enabling more efficient and effective decision-making processes in periods of heightened risk.

This proactive approach may not only fortify a company’s security posture but could also enhance its overall resilience in navigating the turbulent waters of global instability. In a time when the boundaries of threat are rapidly expanding, businesses must harness the power of AI not only to guard against external threats but to protect their most valuable assets—their people and their data.