Artificial intelligence is reshaping the cyber threat landscape, with increasingly sophisticated scams targeting businesses across the UAE and raising concerns among cybersecurity experts about corporate preparedness.
A recent global study by insurer QBE found that 21 per cent of organisations in the UAE experienced an AI-related cyber incident over the past year. Although lower than the global average of 29 per cent, experts warn that the complexity and realism of AI-enabled attacks are increasing at a rapid pace.
Cybersecurity specialists say the challenge is no longer limited to identifying poorly crafted scam messages. Modern attacks often resemble legitimate business communication, making them far more difficult to detect.
Sam Tayan, Regional Vice President for META at cybersecurity company Illumio, said artificial intelligence has transformed how cybercriminals operate.
“AI-powered scams are getting harder for businesses in the region to spot because they no longer look like scams. They look like business as usual,” he said.
Among the most widespread threats is AI-generated phishing. Traditional phishing attempts often contained grammatical mistakes and generic wording that made them easier to identify. AI tools now enable criminals to create polished, highly personalised messages that closely imitate the writing style and tone of trusted colleagues, clients or executives.
Illumio estimates that AI-assisted phishing accounts for more than 90 per cent of digital breaches in the UAE. The company also reported a 32 per cent increase in phishing incidents during the first quarter of 2026.
Business email compromise has emerged as another major concern. In these schemes, cybercriminals impersonate suppliers, partners or senior company officials to persuade employees to authorise payments or release sensitive information. Artificial intelligence allows attackers to generate convincing emails, invoices and supporting documents that mirror authentic corporate communications.
Deepfake technology is creating additional risks. Criminals are increasingly using AI-generated voices to impersonate company leaders through phone calls or voice messages. Employees may receive instructions that sound convincingly authentic, requesting urgent fund transfers, confidential data or security credentials.
Human resources teams are facing challenges of their own. AI-generated identities and synthetic job candidates are becoming more common, with technology capable of producing realistic resumes, fabricated employment histories and even live video interview appearances. In some cases, companies may unknowingly recruit individuals using false identities.
Procurement and finance departments are also vulnerable to AI-generated invoice and contract fraud, where fake documents closely resemble legitimate supplier paperwork and are used to redirect payments or manipulate transactions.
Experts say the disappearance of traditional warning signs has made cyber defence more difficult.
“Things like poor grammar, awkward phrasing and generic wording used to give these attacks away,” Tayan said. “Now messages are well written, localised and timed to fit real business activity.”
The QBE study highlighted preparedness concerns, revealing that nearly one-third of UAE organisations surveyed lack cyber insurance, while 27 per cent do not have an incident response plan.
Cybersecurity professionals advise businesses to assume some attacks may succeed and focus on reducing their impact through stronger verification procedures, multi-factor authentication, staff awareness training and tighter access controls.
