Vulnerabilities by the minute: TrendAI’s UAE debut and the race to secure agentic AI

CybersecurityAI
Written By Sindhu V Kashyap

When a company with 40 years in cybersecurity replaces the name that built its reputation, the move invites scrutiny, and the leadership behind Trend Micro’s enterprise rebrand spent much of its launch briefing addressing the obvious question head-on. Trend Micro’s enterprise security business launched in the UAE this month as TrendAI, unveiling the identity on Ain Dubai, against a backdrop of national AI ambition that gives the timing its logic.

The launch arrives as the UAE accelerates its push to become a global AI hub, with industry estimates suggesting artificial intelligence could contribute close to 14% of national GDP by 2030, equivalent to roughly $96 Billion. That momentum, the company argues, is opening new opportunities for enterprises while simultaneously widening the governance and security gap that its own global research has begun to quantify. A TrendAI study of 3,700 business and IT decision makers found that 67% of organisations have felt pressured to approve AI deployment despite security concerns, and 57% said AI is advancing faster than they can secure it.

A name change the company presents as a change of DNA

The first question, by the company’s own account, is always whether the rebrand simply tracks the hype cycle. Salah Suleiman, Managing Director, South Gulf, TrendAI, addressed that directly. “The very first question people ask is, why the name change? Is it because everybody’s talking about AI and we changed the name?” he said. “It is not that reason.” The shift, he argued, reflects a structural change in how the enterprise business operates, with the consumer and enterprise arms having diverged into separate lives. “It is a pure change of the DNA of how you work, how you market, how our employees are packaged, what you can do,” Suleiman explained, describing a transformation built around the AI aspect of the business.

The argument rests on a pattern the company traces across its own history. “Every decade, we saw that there was a new technological change,” Suleiman said, pointing to the company having secured cloud workloads early and built protection against email compromise when that was the dominant vector. The agentic AI era, by this account, is the next such inflection.

“TrendAI is not just the name. We do adopt AI ourselves as a strength,” he added, noting that AI is now embedded in the platform itself. “That’s why we are using AI to strengthen our defence and to protect AI.” The same intent runs through the company’s tagline, AI Fearlessly, which Suleiman described as enabling innovation without halting it: “We don’t want to stop the innovation, but we want to make sure that we are covering the risk.”

Why the company is bracing for vulnerabilities at machine speed

The most striking claim in the briefing concerned the velocity of what is coming. “We are predicting that next year it will be vulnerabilities per minute,” Suleiman said, describing a volume no conventional security operation could absorb. The point is sharpened by the gap between discovery and repair. “Currently it takes around ninety-six days for the customer to patch,” he noted, arguing that the industry’s focus on discovery understates the harder problem of remediation at scale. “Discoveries, when they are announced, how are you able to patch these discoveries? That gap is where the more important aspect is.”

This is where TrendAI locates much of its contribution, and the position has recently found external support. The sheer volume of incoming vulnerabilities makes comprehensive patching impossible, a reality Suleiman noted has now been reflected in fresh guidance from US cyber authorities. “They said you will have all these new vulnerabilities, you cannot patch all of them, so you need to prioritise,” he said. “We’ve been talking about this for more than a year.” The platform’s value, on his account, lies in using AI to rank exposures and anticipate which attack paths will be exploited. “TrendAI gives us that capability to prioritise and remediate, and we are able to predict what is going to happen in the future.”

The partnership with Anthropic and the logic of fighting AI with AI

Among the more concrete developments is TrendAI’s entry into Anthropic’s Project Glasswing, which Suleiman dated to roughly two weeks before the launch. The initiative focuses on identifying and addressing vulnerabilities in critical software systems, and the company has moved from a more cautious external posture into the programme itself. “First it was very few types of companies, and now we have become a part of Project Glasswing,” he said, adding that TrendAI is using Anthropic’s newer models as part of that work. The company is separately evaluating Claude Opus 4.8 to help security teams detect vulnerabilities faster and participates in Anthropic’s Cyber Verification Program.

The reasoning behind the partnership is that defending against AI-generated attacks requires operating at AI speed. The sophistication that once separated capable attackers from amateurs has narrowed, Suleiman argued. “Attackers are having access to the same as the defenders,” he said. “Now it is only a person with the imagination, and with AI you can create a very sophisticated attack.” The defensive answer, in his account, has to match that pace through breadth of telemetry and dedicated models rather than human analysts working in isolation. “We are getting telemetry, all the sensors which are required in an organisation, from email to network, everything,” he explained, pointing to the company’s security AI models as the mechanism for keeping the contest even. “If attackers are creating these new patterns, Trend is having these models which are trying to stop the attack.”

Governance as the layer the industry has yet to solve

The subject that drew the most candour was the one the company acknowledged remains unsolved: how to govern autonomous agents. Asked how an organisation manages trust when employees begin supervising agents rather than people, and how it contains an agent that deletes data or sends communications it should not, Bilal Baig, Vice President, Solution Engineering, TrendAI, was direct about the gap. “The most important aspect of any agentic AI system is the governance, which is not there yet,” he said.

The approach Baig proposed treats an agent as either a piece of software requiring patching and updates or a quasi-human actor requiring an identity and an owner. “Software requires patching, updates,” he said. “Or as a human agent, which requires an identity. Who owns that agent?” Either way, accountability becomes central, and malicious or out-of-character behaviour, including agent-to-agent communication, has to be observable and stoppable. “Any malicious activity which is outside of their natural growth, you should be able to stop that, and that’s where the AI guardrails come into play,” Baig explained. He accepted that a kill switch would become essential as agent populations grow. “It has to be. There are no two ways about it.” The scale driving the urgency came from a conversation in Taiwan, where a chief executive described a mandate to deploy a billion agents. “We’re talking about one company creating a billion agents,” Suleiman said, a figure that turns access control from a housekeeping task into an architectural challenge.

Sovereignty and localisation as a regional priority

The launch also carried a clear regional dimension. Baig positioned the UAE as one of the most ambitious AI markets globally and stressed that sovereignty considerations are now closely tied to security ones, with TrendAI investing across jurisdictions to bring its flagship Vision One platform onshore. For environments that cannot use public cloud, the company offers a private, on-premise deployment, and extends that to a fully air-gapped option. “We can run it in a completely air-gapped environment, meaning your data does not go outside the organisation,” Baig said, describing threat intelligence delivered within the customer’s own perimeter.

That regional commitment extends to people and infrastructure. The company described teams across the Gulf with offices, technical staff and customer-success resources in individual markets rather than a single regional hub. “Every country has human resources, functioning, the employees, and we have been investing a lot,” Baig said, identifying the UAE brand launch as the first in a sequence that will see flagship data-centre launches follow in Saudi Arabia and South Africa. On the persistent cybersecurity talent gap, he pointed to the company’s practice of being customer zero. “The customer zero is us before we go to customer one,” he explained, describing every product as internally tested and repetitive tasks handed to agents before any of it reaches a client.

A bet on focus over enthusiasm

Pressed on whether the speed of AI adoption is outpacing the workforce’s ability to use it safely, Baig declined to treat legacy systems or unprepared teams as a fundamental barrier. “We call everything that is not AI a legacy system,” he said, arguing that the learning curve is accelerating alongside the technology. The distinction he drew was between organisations using AI superficially and those that grasp the underlying infrastructure. “It is very different than just doing the prompts,” he explained. “You need to understand the back end, the infrastructure, how the AI ecosystem works.”

The organisations that will fare best, in his view, are those that appoint dedicated AI leadership rather than treating the function as a secondary responsibility. “People who have a dedicated team for AI will be successful,” Baig said. Visibility comes first in every customer conversation, because sanctioned tools sit alongside the unsanctioned ones that employees adopt quietly.

“The first question everybody is asking us is, I want to know the visibility,” he noted, pointing to shadow AI use inside organisations. The fastest movers, on his reading, will pair that visibility with governance from the outset, an argument Suleiman framed through the analogy that ran through the briefing. “You can’t build the airport and then decide where the security checks are,” he said. “While building the airport, you design the security checks.”

Sindhu V Kashyap

Global Technology Journalist & Multimedia Storyteller | Covering Founders, Investors & Leaders Reshaping Tech | Writer · Interviewer · Moderator · Editor

Previous

The Genie Is Out of the Bottle: Why the AI Agent Explosion Is Rewriting Enterprise Security Faster Than Anyone Can Patch
Next

The Deepfake Wire Transfer Has Become Routine, and Most Finance Functions Are Defending the Wrong Perimeter