RIYADH: As generative artificial intelligence reshapes industries and transforms daily life, it is also fueling a new generation of cybercrime — smarter, faster, and harder to detect. Across the Gulf region, governments and tech leaders are working hard to stay one step ahead.
At the heart of this regional defense is Saudi Arabia’s National Cybersecurity Authority and its Cybersecurity Toolkit, which offers a template to shield critical infrastructure and public services from digital threats.
“The Cybersecurity Toolkit offers public and private sector organizations a comprehensive suite of tools to enhance cyber readiness and reduce cyber risks,” Zainab Alamin, vice president of national digital transformation at Microsoft Arabia, told Arab News.
Available in Arabic and English, the toolkit is part of the NCA’s mission to embed cyber resilience across the Kingdom.
But the NCA’s efforts go beyond templates. Its national cybersecurity portal, HASEEN, helps manage and develop cyber services, while the CyberIC Program cultivates homegrown expertise to defend Saudi systems from evolving threats.
“Recognizing the importance of public awareness, the authority also launched the National Cybersecurity Awareness Campaign, which aims to raise cybersecurity awareness among all segments of society,” said Alamin.
And the investment is substantial. “Saudi Arabia has significantly increased its investment in cybersecurity, with spending reaching SR13.3 billion ($3.5 billion) in 2023, underscoring the Kingdom’s commitment to safeguarding its digital infrastructure,” she added.
But while Saudi Arabia is stepping up, so are cybercriminals. Generative AI has made it drastically easier to forge realistic emails, clone voices, and generate deepfake videos, giving fraudsters a dangerous new edge.
“As AI models improve, the output becomes more authentic, contextually accurate, and emotionally manipulative — making it increasingly difficult for traditional detection systems and even well-informed users to distinguish real from fake,” said Alamin.
Gone are the clumsy phishing emails littered with typos. Today’s scams are polished and personalized. “AI is transforming impersonation scams by making them more convincing, more scalable, and harder to detect,” said Alamin.
Microsoft Arabia’s latest Cyber Signals report revealed the extent to which criminals are exploiting generative AI.
“In this new wave of fraud, AI is being used to produce everything from hyper-realistic images and fake videos to cloned voices, personalized phishing messages, and even entire fraudulent websites,” said Alamin.
The threat is not theoretical. “Imagine receiving a voicemail that sounds exactly like your manager asking you to urgently transfer funds, or an email that looks and reads just like one from your bank, complete with branding and a personalized message,” said Alamin.
“These are no longer far-fetched scenarios; they are happening right now.”
Deepfakes can hijack video calls. Voice clones mimic family members or executives. Even phishing links now use language models to tailor tone and content.
“Thousands of phishing emails can now be tailored with just a few prompts, mimicking tone, language, and even regional nuances,” said Alamin.
In response, Microsoft is deploying its own AI-powered defenses. From April 2024 to April 2025, its systems blocked $4 billion in fraud attempts and prevented over 49,000 fraudulent partnership enrolments.
“We also work closely with law enforcement and industry partners to share threat intelligence and combat criminal misuse of AI,” said Alamin. “Scammers are evolving fast, but so are we.”
Microsoft’s platforms, such as Defender for Cloud and Entra, use AI to detect and neutralize cyber threats across email, chat, and cloud infrastructure.
DID YOU KNOW?
• Generative AI enables hyper-realistic phishing, voice cloning, and deepfakes, making scams harder to detect.
• Gulf nations are aligning cybersecurity strategies with global standards amid rising risks and shared digital ambitions.
• Saudi Arabia’s National Cybersecurity Authority offers a toolkit to help bolster digital protection across sectors.
Edge, the company’s browser, now offers typo and domain impersonation protection, as well as a “Scareware Blocker” to shut down alarming pop-up scams.
“In addition, our identity and access management tools, like Microsoft Entra, help organizations enforce Zero Trust principles, ensuring that no one is trusted by default, whether human or AI-generated,” said Alamin.
Yet the battle is not just technical — it’s also behavioral. “In the age of AI-assisted scams, both individuals and organizations need to adopt a more proactive, layered approach to cybersecurity. This means combining technology, awareness, and policy to build digital resilience.”
Education remains key. “Scammers often try to short-circuit your judgment with fear or pressure. A perfect example of this is ‘limited-time’ deals and countdown timers when online shopping,” said Alamin.
Other signs of AI-generated deception include overly formal language, generic greetings, or unusual phrasing. “If something ‘feels’ off, trust your instincts and immediately stop engaging,” she added.
For deepfakes and voice clones, look for unnatural lip-sync, poor lighting, or glitchy visuals. Subtle typos in domain names or email addresses can also be giveaways. And always verify communications that involve sensitive information — especially money.
“If you receive a call, video, or email that seems unusual — even from someone you know — double-check it via another trusted channel,” said Alamin. “Also, avoid direct bank transfers or cryptocurrency payments, which lack fraud protections.”
Saudi Arabia is not alone in its response. Gulf nations, from the UAE to Oman, are advancing cybersecurity frameworks aligned with global standards. The UAE recently launched its Green Bond and Sukuk Framework, with cybersecurity embedded in its digital finance architecture.
Microsoft’s regional partnerships reflect this shared urgency to modernize defenses without stifling innovation.
“Tools that generate text, synthesize voice, or create hyper-realistic imagery can empower innovation in education, accessibility, and customer service,” said Alamin. “However, in the wrong hands, they can be weaponized for scams, misinformation, and manipulation.”
That dual-use challenge is at the heart of the cybersecurity conundrum. “A key challenge is intent. AI doesn’t have ethics, but its users do.”
