How Corgea is leveraging AI to redefine cyber security in the Middle East

Ahmad Sadeddin knows what it takes to be a serial entrepreneur. The Jordanian, who has a strong background in product management and cyber security , moved to the US in 2017. That decision was influenced by the successful acquisition of a start-up he founded, Riskopy, by US-based business spend management company Coupa. Riskopy was a third-party risk data provider that helped companies assess the risks associated with their business partnerships. Following that acquisition, Mr Sadeddin wasted no time in launching his third venture, a cyber security start-up called Corgea, specialising in artificial intelligence -driven vulnerability detection and remediation. Drawing on his expertise and insights gained from his previous endeavours, he identified key areas within the data and IT security segment that could benefit from innovation and improvement. “Before founding Corgea, I was motivated by the conviction that addressing traditional cyber security threats through conventional methods is insufficient. It is imperative to transition to utilising AI in order to effectively combat these threats,” Mr Sadeddin says. Corgea, which has its headquarters in San Francisco and is focused on the US and Middle East, offers an artificial intelligence-powered suite designed to address a “critical issue in modern cyber security”, he says. That includes automating the detection, triaging and remediation of vulnerabilities in source code, including complex logic bugs. The term "triage" originates from the French word "trier", which means to select, or categorise. In cyber security, triage is a methodical process used to identify, prioritise and manage security threats according to their level of severity. This process is essential in effectively addressing and mitigating potential risks to an organisation's digital assets. By categorising threats based on their impact and urgency, cyber security professionals can efficiently allocate resources and respond promptly to the most critical issues. Logical bugs, on the other hand, are vulnerabilities that can be exploited by attackers to carry out malicious actions. AI is revolutionising industries, and cyber security is no different. The rapid growth of AI in cyber security highlights the increasing importance of leveraging advanced technologies to protect sensitive data and tackle evolving threats. The global market for AI-based cyber security products is forecast to reach $134 billion by 2030, from $15 billion in 2021, growing at a compound annual growth rate of around 28 per cent between 2022 and 2030, according to a report by Acumen Research and Consulting. AI is used in cyber security by leveraging the software to enhance human expertise in swiftly detecting emerging forms of malware traffic or hacking attempts. Thanks to recent advancements in computing power, AI in cyber security is now a feasible solution even with relatively small datasets, the report says. Due to its ability to analyse vast amounts of data and identify patterns, AI is well-suited for tasks such as accurately detecting real attacks better than humans, Morgan Stanley said in a September report. Having this “intelligence would provide cyber security organisations with a significant edge in preventing future attacks. Stopping breaches before they occur would not only help protect the data of individuals and companies, but also lower IT costs for businesses”, said its AI and Cybersecurity: A New Era report. “AI is a rapidly growing field within the realm of cyber security. The application of AI and large language model (LLM) was relatively unheard of just a few years ago. However, it has now taken centerstage for organisations in the Middle East,” Mr Sadeddin explains. Corgea's platform "utilises the latest advancements in AI to identify vulnerabilities that may have gone unnoticed in the past, such as business logic flaws and authentication vulnerabilities”, he adds. In addition, it has the capability to minimise false positives and automatically generate the necessary code fixes to enhance the security of applications. False positives, in simple terms, refer to alerts that inaccurately suggest the presence of a vulnerability. Mr Sadeddin says this innovative technology enables security teams to uncover hidden risks, reduce alert fatigue, and accelerate software development processes. “The importance of this technology cannot be overstated, especially as businesses operating in regulated industries are facing heightened legal scrutiny and escalating fines for security breaches and non-compliance with cyber security regulations.” Corgea was founded in June last year, and “even though it is an early-stage start-up it's been successful in onboarding some local clients in Saudi Arabia, and the UAE and we are planning to set up our Development Centre in Jordan shortly,” says Mr Sadeddin. In the region, he says, the start-up is seeing traction with enterprises in the financial services, consultancy, energy and telecom, and aims to establish a strong foothold in the Middle East while maintaining momentum in the US and Europe. “We’re focused on partnerships with regional enterprises and government entities, providing tailored solutions for their security needs,” he adds. Countries in the Middle Eastern are rapidly embracing digitalisation, which involves the widespread adoption of connected digital technologies and applications by consumers, businesses, and governments. While digitisation offers numerous benefits, it also exposes organisations to significant risks posed by cyber threats orchestrated by online criminals and hacktivists. The average cost of a data breach in the Middle East rose by 8.4 per cent annually to $8.75 million in 2024, according to a study by IBM. The region is the second most expensive in the world for data breaches, after the US, where the average cost is $9.36 million. In recent years, the region has seen a notable rise in phishing and smishing attacks. According to a survey conducted by cyber security firm Proofpoint in February, 92 per cent of organisations in the UAE reported experiencing at least one successful phishing attack in 2023, up from 86 per cent in 2022. There is a strong focus on cyber security and privacy at both executive and board levels in the Middle East, according to PwC’s 2025 Global Digital Trust Insights report. Leadership in this region is more actively engaged in these matters compared to their global counterparts. The Middle East's cyber security market is projected to reach a value of $31 billion by 2030 as governments and enterprises take measures to protect their infrastructure, data from consultancy Frost & Sullivan showed last year. In September, the UAE was named as a global leader on the Global Cybersecurity Index 2024, for its efforts to bolster cyber security measures. The index is compiled by the International Telecommunication Union, a specialised agency of the UN dedicated to information and communication technology. The Emirates is one of 46 countries in the top ranking, alongside fellow Gulf countries Saudi Arabia, Oman, Qatar and Bahrain, as well as the US, UK, Germany and France, according to the index. The UAE Cabinet established the Cybersecurity Council in November 2020 amid a surge in threats and attacks on computers and the internet around the world. The council is responsible for legislation to strengthen cybersecurity, subject to Cabinet approval. “The Middle East is currently undergoing rapid digital expansion, resulting in high-value targets and a rise in the complexity of cyber attacks. Many cyber security companies providing services in the Gulf and the wider Middle East are struggling to address the fundamental issue of securing data,” says Mr Sadeddin, who obtained a master’s degree in insurance and risk management at MIB School of Management in Italy. “Several GCC countries have implemented data localisation requirements, which mandate that data must be stored within the country's borders. Corgea's AI-driven cloud infrastructure guarantees full compliance with regional data protection laws, ensuring that data and operations remain within the country's borders. This is essential in reducing risks related to cyber security concerns.” He says the introduction of the Cyber Resilience Act in the EU and the establishment of the National Cybersecurity Authority in Saudi Arabia are clear indicators of the evolving regulatory landscape, compelling businesses to adopt more sophisticated security measures. Going forward, Mr Sadeddin says his company is optimistic about the potential for growth in the region. Drivers include rapid adoption of AI in solving critical security challenges, increasing volume and complexity of cyber threats, and demand from enterprises for tools that reduce alert fatigue and accelerate remediation. “We estimate the region could generate between $1 million to $3 million in revenue in the next 12 to 24 months. The reason we're bullish on the region is because of how underserved it is with cyber security solutions that leverage AI, the regulatory landscape that supports our business and the advanced threats putting pressure on teams,” he says. The start-up raised $2.6 million in seed funding earlier this month, led by the UAE-based venture capital firm Shorooq Partners, with participation from investors such as Y Combinator, Propeller, Decacorn Capital, Unbound Ventures, and various angels such as Jawed Karim, co-founder of YouTube and Y Ventures, and Sam Kassoumeh, co-founder of SecurityScoreCard. The start-up’s next goal is to secure Series A funding, which will enable it to expand its engineering and sales teams, invest in product development, and facilitate growth in high-potential regions such as the Middle East and the United States. The company is also looking to expand its team, which currently consists of four staff members. “For the Middle East, we aim to hire a mix of technical and sales talent to support our expansion and serve customers locally. We're starting to hire in Jordan to help serve and support the region due to the size of the companies and the need to have support in their time zone,” Mr Sadeddin says. Entrepreneurship is about solving real problems with relentless focus and perseverance. It’s a journey of continuous learning, building resilience, and surrounding yourself with a team that believes in your mission. Success comes from deeply understanding your customers’ pain points and iterating quickly to deliver value. Funny enough, Snyk. Back in 2015 I was experimenting with the public CVE list of vulnerabilities to help companies find vulnerabilities in their stack. I was discouraged by a friend. Leadership through uncertainty, prioritising ruthlessly, and the art of storytelling for fundraising and sales. Invest earlier in building a wider product. Product development and knowing where to stop is really an art. AI will dominate – both as a tool for defenders and attackers. Businesses must adopt AI-powered solutions to stay ahead. To make Corgea the global leader in AI-powered security, empowering every developer to ship secure code effortlessly. Company Name: Corgea Started: June 2023 Founder: Ahmad Sadeddin Based in: San Francisco, with operations across UAE and Saudi Arabia Number of staff: 4 Investment stage: Seed Amount raised so far: $2.6 million Investors: Shorooq Partners, along with Y Combinator, Propeller, Decacorn Capital, Unbound Ventures, and angel investors such as Jawed Karim and Sam Kassoumeh

How Corgea is leveraging AI to redefine cyber security in the Middle East

Generation Start-up: With YouTube co-founder among its backers, the company plans to expand into the UAE, Saudi Arabia and the wider Middle East