Microsoft’s Rima Semaan on redefining cybersecurity in the UAE

As cyber threats grow more sophisticated and relentless, Microsoft is leading the charge with a new wave of AI-driven solutions designed to detect, prevent, and neutralise attacks before they escalate. At GISEC 2025, the region’s premier cybersecurity event, Microsoft UAE unveiled cutting-edge innovations—including an AI-powered phishing detection and triage agent — marking a significant shift toward proactive security.

In this exclusive interview, Rima Semaan, Data & AI lead at Microsoft UAE, shares how intelligent agents, responsible AI, and large-scale skilling initiatives are transforming cybersecurity.

From real-time alerts and identity protection to the bold goal of training one million people in AI and security by 2027, Semaan reveals how Microsoft is shaping a safer digital future for the region.

What are you showcasing at GISEC?

At GISEC this year, we’ve showcased one of our most exciting innovations in cybersecurity: an AI-powered phishing detection and triage agent. Phishing continues to be one of the most prevalent and impactful attack vectors globally, with Microsoft identifying nearly 30 billion phishing attempts last year alone.

This agent is part of a broader effort to empower security teams by automating the identification and triage of phishing attacks in real-time. By doing so, it allows organisations to focus on more strategic tasks — like strengthening their cybersecurity frameworks — rather than spending valuable time on manual, repetitive work.

In essence, what we’re showing is a shift from reacting to incidents to preventing them before they escalate, while also making security operations more efficient and scalable. This is part of our broader vision to help organisations not only manage threats but also proactively strengthen their defenses.

What security trends can we expect to see this year?

This year, we’re seeing a few key security trends emerging across the industry, driven largely by AI and automation. There are three primary areas we expect to see a lot of focus on:

1. Phishing and identity protection: As we’ve already discussed, phishing remains a major threat. This year, we’re seeing the rise of AI-powered agents that help organizations automatically detect and triage phishing attacks, improving efficiency while reducing the burden on security teams. Additionally, identity protection is more crucial than ever, especially with the increasing number of identity-based attacks globally.
2. Data security and protection: With more data being generated and stored across various platforms, AI is becoming essential for securing sensitive information. We’ll see AI play a major role in automating data security measures and enhancing organisations’ ability to protect against threats in real time.
3. AI-Driven cybersecurity strategy: AI is not just about responding to attacks — it’s helping organisations proactively defend by analyzing trends, vulnerabilities, and potential threats across multiple domains. This will help companies build a more resilient cybersecurity strategy.

Now, putting it in perspective, according to a recent cybersecurity report from the UAE Cybersecurity Council, there are 200,000 cyberattacks happening daily. We’re seeing this mainly in sectors like government, energy, and critical infrastructure. As a result, more organisations are focusing on strengthening their AI security strategies to both prevent attacks and respond quickly and efficiently.

It’s also important to note that cybersecurity is a team sport. While having the right tools and strategies is crucial, skilling up the workforce is just as important. That’s why we’re focusing on empowering organisations with knowledge — teaching teams to identify threats and act accordingly is essential for reducing risks. We’re seeing a greater emphasis on responsible AI and ensuring AI systems are governed by humans to provide accurate, actionable insights.

To summarize, the major trends we expect to see this year are: AI-powered threat detection, identity protection, data security automation, and a greater focus on upskilling and responsible AI to handle the scale of attacks we’re facing.

How can enterprises in the UAE defend against the latest security threats and how is your company contributing?

Enterprises in the UAE need to take a comprehensive approach to cybersecurity to defend against the growing threat landscape. One alarming statistic is that the number of attacks per day is in the hundreds of thousands, with reports showing that every cyberattack in the region costs around $8m — significantly higher than the global average of $4.45m per attack. This underscores just how costly and impactful these attacks can be.

To effectively defend against these threats, organizations must focus on three key areas:

1. Strengthening their cbersecurity strategy: This includes implementing a zero-trust security model, which minimizes access to sensitive data and systems, ensuring that only authorised users can access critical resources. It’s all about limiting the attack surface and reducing vulnerabilities.
2. Doubling down on AI and automation: With the scale and complexity of attacks growing, AI-driven security solutions are essential. Organizations need to leverage AI to proactively detect and prevent attacks before they escalate, keeping up with the scale and speed of modern threats. This is where our AI-powered solutions come in, helping enterprises stay ahead of attackers.
3. Emphasising responsible AI and secure AI systems: As AI plays a more prominent role in cybersecurity, it’s crucial that AI systems are secure, transparent, and governed by human oversight. Our solutions incorporate responsible AI to ensure they are both effective and ethical, providing protection while keeping humans in control of the decision-making process.

In summary, enterprises in the UAE should adopt a secure-first approach, invest in AI-powered tools, and ensure responsible governance of AI systems. At Microsoft, we’re helping organizations implement these strategies by providing cutting-edge AI solutions that enable real-time threat detection and prevention, as well as helping them strengthen their cybersecurity frameworks with proactive measures.

What are some of the security innovations we can expect from Microsoft in the next 12-18 months?

In the next 12-18 months, we’re seeing significant innovation in the cybersecurity space, particularly with the infusion of AI across all layers of security. One of the key areas we’re focusing on is the development of AI-powered agents, which are designed to help security teams be more proactive and efficient. These agents are transforming how we approach threat detection and mitigation.

For example, we’re rolling out a phishing detection agent, which is already making waves, and we’re also previewing a security alert agent within our Purview platform. This agent provides real-time alerts to the right security personnel, notifying them of suspicious activity such as unauthorized data access, helping mitigate risks before they escalate.

Another exciting innovation is our Threat Intelligence Briefing Agent, which is integrated into Microsoft Security Copilot. This tool gives cybersecurity professionals daily updates on what’s happening within their organisation, enabling them to take proactive measures to address potential threats.

The overarching trend here is clear: Everything we’re working on revolves around creating intelligent agents that empower security teams with predictive capabilities. These agents aren’t just reacting to incidents —t hey’re preventing them by acting on behalf of humans, with human oversight ensuring the right decisions are made. This approach enables a more streamlined and proactive cybersecurity strategy, helping organisations stay ahead of threats.

What is the anticipated growth of this industry?

The growth of the cybersecurity and AI industry in the region is substantial. Every organisation is increasingly investing in this space, recognizing the importance of integrating cybersecurity and AI into their strategies. In fact, I recently read that 98 per cent of organisations have already incorporated cybersecurity and AI as key components of their business strategies. This is a remarkable statistic, and when you extrapolate that across the region, it points to a massive market—worth billions of dollars.

The demand for advanced cybersecurity solutions to combat evolving threats is driving this growth, and the industry’s potential is enormous. As more businesses prioritize these technologies to safeguard against cyber threats, we can expect the market to expand rapidly in the coming years.

What are your plans to uplift the security industry in 2025 and the years ahead?

Our plans for 2025 and beyond are ambitious and focused on empowering organizations and individuals in the region to tackle evolving security challenges.

First, we’re committed to driving innovation with our suite of security solutions. We aim to help organizations maximize the potential of these technologies to enhance their cybersecurity measures. A key focus is skilling — we recognise the importance of equipping individuals with the knowledge and tools to defend against cyber threats.

As part of this, we’re launching the Microsoft Security Academy alongside our AI Skilling Academy. These initiatives are part of our larger goal, announced through AI Nation, to skill one million people in AI and cybersecurity by 2027.

We’re also focusing on public-private partnerships, working closely with organizations and security councils in the region to push the boundaries of security AI innovations. These collaborations are crucial to ensuring that the cybersecurity landscape remains robust and adaptive to future threats.

Finally, we’ll continue our innovation journey, ensuring that our AI-first technologies are built on secure foundations across all platforms. This will help ensure that as the industry evolves, we are not only leading the way in innovation but also maintaining strong security standards at every step.