The Security Reckoning: How Anomali's Ahmed Rubaie Is Betting Big on AI, Unified Data, and the Middle East

Written By The Source Code Editorial

Ahmed Rubaie's first lesson in technology came not from a computer but from a production line. As a student funding his tuition on a factory floor, he ran out of things to think about after two days at the machine. He watched: the flow of parts, the logic of the line, and the rhythm of the process.

"After two days, I had run out of things to think about, so I watched the work," Rubaie recalled. "Plenty of jobs wanted a clear process — some wanted a robot. That is how I still explain AI. It is the same mechanisation instinct, only for white-collar work."

It is a story the Anomali CEO returns to often, not out of nostalgia, but because it encodes the operating principle behind everything he has built since: get the process right first, then let technology scale it. In an industry crowded with vendors promising silver bullets, it is a deliberately unglamorous philosophy. And right now, he would argue, it is precisely the one the market needs.

Process Before Platform

Before Anomali, there was Ariba, Rubaie's first Silicon Valley posting, at a time when cloud computing was still treated with institutional suspicion. "People thought we were mad," he recalled. "It was never only about technology; it was about shifting risk. Instead of owning infrastructure and headcount, you pay as you go."

The software looked like a procurement tool. The real value, he quickly understood, ran through the CFO's office. That instinct to follow the money and design the machine that moves it faster became the template for every role that followed, including his eventual move into cybersecurity, first as an investor, drawn by the gap between the volume of threat signals enterprises were generating and the human capacity to make sense of them.

"Our job is to give customers context so they can protect their environment," Rubaie explained. "Context is the difference between a dashboard and a decision." Running a security company converted that intellectual curiosity into something closer to urgency. The threat landscape, in his view, has not simply evolved. It has industrialised.

"Cybercrime is no longer just an individual hacker operating manually. It is increasingly automated, precise, scalable, and in some cases AI-driven itself. Security must evolve from reactive to predictive."

Why Most Enterprise AI Projects Fail

The timing could hardly be more loaded. Global cybersecurity spending is projected to exceed $300 billion annually by 2026, according to industry analysts, yet breach rates continue to climb. The enterprise AI market, meanwhile, is expanding at breakneck speed, but Rubaie's read on that momentum is more cautionary than celebratory.

He estimates that approximately 95% of AI projects in large enterprises are currently failing. The cause, in nearly every case, is not the model. It is the data underneath it.

"When AI fails in enterprise environments, it is rarely because the model itself is inadequate," Rubaie explained. "It is because the model is operating on fragmented, siloed, inconsistent, and poorly governed data. Most organisations operate decades-old technology stacks. There is no unified data fabric."

The problem compounds acutely in security, where a bad signal is not a misfired marketing email. It is a breach that can sit undetected for years. "By the time you read about an incident, it did not happen yesterday," Rubaie noted. "Artefacts can sit in a network for years. Most tools only keep ninety days."

Anomali's architecture is built around that gap. The platform holds and queries long data histories, running what Rubaie describes as retroactive forensic searches at scale, correlated against billions of live events. The second failure mode, he added, is architectural: organisations treat AI as a technology project rather than a business transformation, deploying tools bottom-up without enterprise-level alignment.

"Clean data, accessible data, governed data, structured ingestion pipelines. These are prerequisites. Without that foundation, AI projects collapse under their own complexity."

A Distinction the Market Is Missing

A key confusion running through the AI investment boom, Rubaie believes, is the conflation of AI-native and AI-enhanced. AI-native refers to foundational infrastructure: hyperscale data centres, sovereign compute, foundational model development. AI-enhanced is where enterprises actually derive operational value: embedding AI into workflows across IT, finance, operations, and security.

"Many organisations are pouring capital into infrastructure investment and calling it business transformation," Rubaie warned. "That is a serious error."

He adds a third dimension that he considers critically under-discussed: securing AI itself. Three parallel conversations are now emerging: securing AI systems, using AI to improve cybersecurity operations, and protecting the broader AI ecosystem from adversarial exploitation. None, he stressed, are fully solved.

The convergence of CIO and CISO agendas is, in his view, both inevitable and long overdue. "Running thirty tools on one side and twenty-five on the other to solve the same problems is waste. The arc runs from systems of record to systems of intelligence to systems of action."

More for Less: A Financial Institution Case Study

For organisations uncertain about the scale of disruption they are signing up for, Rubaie offers two modes. The first, which he describes as polishing the Chevy, positions Anomali as an optimisation layer on top of existing stacks, improving ingestion, filtering, and correlation without demanding a full rip-and-replace.

The second, for organisations with the appetite for it, is more radical. One large global financial institution replaced a sprawl of seven or eight separate security tools with the Anomali platform, added an agentic AI layer for analysts, and normalised the data pipeline across petabytes of information. The outcome: budget cut by more than half, detections up approximately 90% year-on-year.

"That is disruptive architecture delivering more for less," Rubaie noted. "The test is simple: does the tool change what an analyst does in the next hour? If it does not, it is ornamental."

Opening the Platform: The MSSP Programme

The managed security services market is one of the fastest-growing segments in cybersecurity, worth an estimated $50 billion globally and expanding rapidly as enterprises outsource security operations amid a widening talent gap. Into that dynamic, Anomali launched its Managed Security Service Provider Programme in November 2025.

The programme enables MSSPs to deliver security services across multiple clients through a single, multi-tenant platform built on an open security data lake. True multi-tenancy and federated search are built in from the ground up, a direct answer to the fragmented, per-client-instance model that still dominates the space.

Alexandre Depret-Bixio, SVP for Anomali's MENA Operations, framed the offer at launch: "By giving MSSPs an open data lake foundation, we're enabling them to store, retain, and analyse telemetry from multiple customers in one place, without lock-in, while maintaining strict data separation."

Anomali Copilot, the company's agentic AI, operates across the full multi-tenant environment, enriching alerts, prioritising threats, and surfacing contextual insights per client. MSSPs can retain and query more than seven years of hot storage, a significant differentiator in a market where most platforms cut off at 90 days.

The commercial logic is direct: MSSPs that consolidate onto the platform can reduce investigation times, eliminate manual processes, and scale analyst capacity through AI rather than headcount, a compelling pitch in an industry where the global cybersecurity workforce shortage is now estimated at nearly four million roles.

The Middle East Bet

The MSSP launch followed closely on the October 2025 deployment of Anomali's full platform on AWS infrastructure locally within the UAE, enabling Gulf enterprises to access Anomali's cloud-native stack while keeping data within the country's borders, a compliance requirement under the UAE's Personal Data Protection Law.

"This provides enterprises with a trusted local choice," CTO Wei Huang noted at launch. "Organisations can now swiftly benefit from cloud-based cyber defence, tailored to their data and compliance needs."

The Middle East is not a secondary market in Anomali's strategy. The region's accelerating digital transformation, driven by national programmes like Saudi Vision 2030 and the UAE's own AI strategy, creating fertile ground for next-generation security architecture. At the same time, Gulf critical infrastructure has become an increasingly attractive target for state-aligned threat actors.

What Comes Next

Rubaie expects 2026 to bring deeper enterprise experimentation with interoperable agentic AI across IT and business workflows, though he is measured about maturity timelines. "The question is not whether agentic AI will exist. It is whether organisations choose to participate strategically or get dragged along reactively."

On the question of AI’s broader societal impact, he is neither dismissive nor alarmed. Automation on production lines eliminated repetitive roles but shifted human work up the value chain. AI, he argued, follows the same arc. He tells his own family (a surgeon, a financier, a future dentist) to look for the gains available now rather than waiting for policy to sanction what is allowed.

"Those of us who build in the valley should be judged by the actions we enable, not by the gloss of a dashboard," Rubaie reflected. "Get the process right and technology will scale it. The line has changed since the ladder plant. The habit has not."

The Source Code Editorial
Previous

Pure Storage Becomes Everpure and Intends to Acquire 1touch in AI Data Push
Next

TII Puts Its Homegrown Quantum Computers in the Cloud — and Opens Access to the World