QuantumGate’s Eibrahym Sultan outlines how quantum threats, AI-driven attacks, and rising regulatory pressure are transforming cybersecurity strategies across the UAE and Saudi Arabia.
Enterprises in the UAE and Saudi Arabia are now confronting a dual challenge: preparing for future quantum decryption threats while also keeping pace with AI-powered attacks that are reshaping adversarial behaviour at unprecedented speed. This shift is compelling organisations to re-evaluate how they protect long-lived data, secure their cryptographic foundations, and strengthen their resilience strategies.
Eibrahym Sultan, Director of Growth at QuantumGate, spoke to Daniel Sheperd, Online Editor, about why the region must accelerate its post-quantum cryptography (PQC) migration, the impact of “harvest-now, decrypt-later” threats, and the growing expectation for identity-first and crypto-agile security models. Sultan highlights the critical interplay between visibility, readiness, and innovation at a time when both quantum and AI-driven adversaries are advancing rapidly.
Interview Excerpts:
With BlackHat MEA 2025 becoming a key platform for security innovation, what key insights or announcements will QuantumGate be highlighting during the event?
A core focus for us this year is education—helping the market understand the urgency and practical steps of the post-quantum cryptography (PQC) migration journey. Around the world, and increasingly across the GCC, governments are issuing directives that require organisations in government, semi-government and critical private-sector industries to begin transitioning their cryptographic systems. At Black Hat, we are highlighting why this migration is essential, how organisations should structure it, and how QuantumGate’s tools support each stage of the transition. Our aim is to demystify PQC for the region and give enterprises clarity on enabling a secure, compliant, future-ready cryptographic environment.
What emerging cybersecurity trends do you see shaping enterprise security strategies across Saudi Arabia and the wider GCC?
One of the strongest trends we’re seeing is the rising recognition of quantum-enabled threats. The global acceleration in quantum computing—driven by large players IBM, Google and major research groups in China—means organisations are now seriously considering the real-world consequences. There is consensus that once practical quantum computers emerge, they will be capable of breaking today’s widely used public-key cryptography. Enterprises in Saudi Arabia and the GCC are therefore reassessing their long-term data protection strategies. This is exactly where QuantumGate’s portfolio becomes relevant: we provide the tools that allow organisations to understand and map their cryptographic assets, identify risks, and start preparing for a quantum-resilient future today.
The shift toward post-quantum security is gaining urgency globally. Why do you believe Middle East enterprises must begin their migration now, and what risks do they face if they delay?
Two forces make early migration non-negotiable: first, the rapid rise in sensitive data and second, the emergence of “harvest-now, decrypt-later” attacks. Over the past decade, organisations have accumulated unprecedented amounts of data with long confidentiality requirements—medical records, banking information, citizen data and other critical assets. This data must remain secure not only today, but decades into the future. Threat actors are already harvesting encrypted data now, with the intention of decrypting it once quantum computers mature. Even if the data cannot be exploited today, a future breach could have enormous consequences. That is why waiting five or ten years is not an option. Enterprises must act now to ensure their data cannot be retroactively compromised.
AI-powered attacks are evolving rapidly. How is this transformation redefining threat landscapes and influencing how CISOs prioritise investments in resilience?
AI is fundamentally reshaping adversarial behaviour. Attacks have become more dynamic, automated and sophisticated. As a result, CISOs are being forced to rethink both their budgets and strategy.
Several priorities are emerging:
- Identity-first security frameworks are becoming essential.
- Strong authentication and zero-trust models are now baseline requirements.
- Crypto resilience and crypto agility are gaining urgency because the underlying cryptographic primitives must adapt as threats evolve.
- Continuous validation and discovery across the security estate is increasingly critical.
- Long-term data security is becoming top-of-mind, especially as AI accelerates attacks on identity, data and critical infrastructure.
“The threat landscape is moving fast—and CISOs must ensure their organisations can adapt just as quickly.”
What role does QuantumGate play in helping organisations future-proof their cybersecurity architectures—particularly as quantum threats and AI-driven adversaries converge?
QuantumGate delivers a comprehensive suite of products designed to help enterprises future-proof their entire cryptographic environment and security foundations. We cover both post-quantum protection and broader enterprise security needs.
Our portfolio spans five major areas:
- Cryptographic asset discovery and inventory
Most enterprises only understand 20–30% of their cryptographic footprint. Our discovery tool generates a full cryptographic bill of materials, highlighting vulnerabilities, deprecated algorithms, weak keys, and expired certificates. This is the foundation for any PQC migration strategy. - QSphere -Quantum-resistant VPN
A next-generation VPN that integrates quantum-safe encryption to protect data in transit today while preparing for future quantum decryption risks.
- QSphere- Quantum-resistant data encryption
A cryptography platform that encrypts, signs, and verifies data to ensure confidentiality, integrity, and authenticity across files, email, and messaging. It protects data at rest and in transit using both classical and post-quantum encryption. - Salina– Passwordless, password-free access
Salina delivers passwordless access for users while integrating with legacy systems. It removes passwords from the login experience and automates password management, reducing phishing and credential-related risks. - Secure VMI – Virtual MobileInfrastructure
A secure, isolated mobile workspace that runs alongside the user’s personal environment. It keeps corporate data and applications fully separated and protected with enterprise-grade controls. If a device is lost or compromised, the work instance can be locked, wiped or redeployed immediately.
Together, these solutions allow organisations to build a security architecture capable of resisting both quantum and AI-driven adversaries—protecting their data, identities, and infrastructure well into the future.
