Insights

The Most Active Cybersecurity Investors in the Middle East (2026)

Who really funds Gulf cybersecurity: the VCs with named deals, plus how ADIA, PIF and Mubadala reach cyber as LPs and co-investors. Israel now separate.

By Alexej Pikovsky  ·  Updated

The most active cybersecurity investors in the Middle East are a short list, and honesty about how short it is separates this piece from every other one. On the sovereign side, Saudi Arabia's Prosperity7 Ventures backed Horizon3.ai in January 2026, Aramco's Wa'ed Ventures backed Resemble AI, and PIF's Sanabil joined a Series A in the sovereign-AI firm 1001. Among independents, Abu Dhabi's Shorooq Partners led a seed round in Corgea. In deal-making, Abu Dhabi's G42 bought CPX, which then bought Dubai's SpiderSilk. That is close to the whole named-deal list, and it sits against a hard asymmetry: Israel is most of the region's cyber capital and now has its own dedicated piece, while the Gulf's confirmed cyber-VC activity is mostly thesis, mandate and announcement, and its sovereign wealth funds hold what cyber exposure they have one layer back, as LPs and co-investors in the funds that write the checks.

I read this from an operator's seat, because I run growth for MSPs and cyber firms and spend my time on where money actually moves rather than where the press release says it does. This is the regional companion to the most active cybersecurity VCs globally and the private equity firms buying cyber, and it sits on the same base as the cybersecurity market map. There are sister pieces on the UK, Europe and Israel too. The Middle East is the hardest of the set to write straight, because the gap between the capital available and the capital deployed into security startups is wide, and most coverage papers over it.

So here is the honest cut before anything else. Several of the region's biggest names show no named cybersecurity startup deal in the 2023 to 2026 window at all: Raed Ventures, Global Ventures, ADQ and its DisruptAD arm, the Qatar Investment Authority, Mumtalakat, Oman Investment Authority, Kuwait Investment Authority, and Mubadala as a direct investor. They have the capital and the stated interest. They have not written the checks into cyber companies, at least not on the public record. A founder chasing those logos on the strength of a thesis deck is likely to waste a quarter unless a named cyber mandate has turned into deployed capital; their cyber exposure, where it exists, runs indirectly through the funds they back, which the sovereign wealth fund section below unpacks.

The Gulf's named cybersecurity deals: close to the whole shortlist
InvestorTypeNamed cyber moveWhenCheck
Prosperity7 VenturesAramco growth fund (Saudi)Backed Horizon3.ai (autonomous pentesting)Jan 2026Undisclosed
Wa'ed VenturesAramco VC (Saudi)Backed Resemble AI (deepfake detection)Mar 2026Undisclosed
Sanabil InvestmentsPIF venture arm (Saudi)Joined 1001 Series A (sovereign-AI, infra security)Jun 2026Undisclosed; the round was $30M
Shorooq PartnersIndependent VC (UAE)Led Corgea seed (AI vulnerability remediation)Nov 2024Led $2.6M
G42 / CPXSovereign-linked (Abu Dhabi)Bought CPX; CPX then bought SpiderSilkOct 2024 / May 2025Undisclosed
STVIndependent VC (Saudi)Early SpiderSilk backer (exited via CPX)Exit May 2025Unverified
du VenturesCorporate VC (UAE)$50M fund with an explicit cyber mandate; no named deal yetJun 2026Fund launched

Gulf sovereign and sovereign-linked capital

This is where the money is, and where the direct cyber deals are rarest. The sovereign funds move at scale, but almost all of that scale points at infrastructure, national programs and their own captive operators rather than at startup cap tables. The handful of exceptions are worth naming precisely.

Prosperity7 Ventures

Aramco's diversified growth arm, a fund of roughly $7 billion, and the source of the clearest sovereign cyber-startup deal of the cycle. In January 2026 Prosperity7 invested in Horizon3.ai, the autonomous-pentesting company behind NodeZero, framing the deal around securing AI datacenters and critical infrastructure. The check size was not disclosed. Prosperity7 self-reports more than 40 companies globally across security tech, which is a company claim rather than an independently verified count, so treat it as the fund's own framing.

Sanabil Investments

The Public Investment Fund's venture and growth arm, and one of the largest single sources of VC capital in the region. Its cyber exposure is mostly adjacent rather than pure. Through its accelerator with 500 Global, cybersecurity sits on the target sector list. The one named deal to characterise carefully: in June 2026 Sanabil joined a Lux Capital-led $30 million Series A in 1001, a sovereign-AI company building for critical infrastructure in the GCC. That is infrastructure-security-adjacent AI, not a pure cybersecurity play, and it is worth calling it what it is.

Wa'ed Ventures

Aramco's Saudi-focused VC, a $500 million fund writing tickets up to $20 million, with around $270 million deployed across 75-plus startups. Its named cyber move: a strategic investment in Resemble AI, the deepfake-detection company, in March 2026, following Resemble's own $13 million strategic round from backers including Google's AI Futures Fund and Sony Innovation Fund. Wa'ed's check size was not disclosed. The fund also earmarked a separate $100 million for Saudi AI in October 2024, which is a different allocation and should not be read as cyber.

PIF direct, through SITE

The biggest sovereign cyber capital story in the region is not a VC deal at all. SITE, the Saudi Information Technology Company, is a wholly PIF-owned national cyber operator founded in 2017 and a Tier-1 managed-SOC provider. PIF hired Morgan Stanley and Riyad Capital, first reported in October 2025, to prepare a SITE IPO, with a Tadawul listing expected in 2026. A sovereign wealth fund taking its captive cyber company public is a different kind of signal than a seed check. It tells you where the region's sovereign conviction actually sits: in building and owning national capability, then floating it, rather than in backing early-stage founders.

G42 and CPX

Abu Dhabi's G42, part of the IHC group chaired by Sheikh Tahnoon bin Zayed, is the region's most active cyber consolidator. In October 2024 it acquired the Abu Dhabi cyber firm CPX for an undisclosed sum. In May 2025 CPX itself acquired the Dubai cyber-AI startup SpiderSilk, again undisclosed, which handed a partial regional VC exit to SpiderSilk's earlier backers, STV among them. That is the closest thing the Gulf has to a live M&A engine in cyber.

One due-diligence note, kept to the sourced facts. G42's CEO Peng Xiao and a number of its staff previously worked at DarkMatter Group, the UAE firm at the centre of Reuters' Project Raven reporting, which described ex-NSA operatives working for the UAE; separately, three of those Americans signed a 2021 US Department of Justice deferred-prosecution agreement with a $1.7 million forfeiture. G42 denies any connection to DarkMatter on the record.

The operators and builders, not funds

A large share of the region's cyber capability is state-owned or telco-owned and built in-house rather than invested through a fund. These are the platforms, and it is worth separating them cleanly from the investors so nobody counts a national SOC as a VC.

sirar by stc

An stc subsidiary in Saudi Arabia running managed detection and response, SOC and DDoS protection, with claimed capacity of more than 14 Tbps. It ranked first in the MEA region and eleventh globally in the MSSP Alert Top 250 in 2023. This is a delivery operator, not a check-writer.

Help AG

Now part of e& enterprise, Help AG was acquired by Etisalat, with the deal completing in February 2020 for an undisclosed value. Founded in 2004, it runs 200-plus specialists and SOCs across the UAE and Saudi Arabia. Another operator, folded into a telco.

Taqnia Cyber

A PIF-owned cyber subsidiary established in 2015, focused on industrial cybersecurity and localising R&D inside the Kingdom. State-owned builder, not a venture investor. Grouping these three together makes the point: much of what looks like Gulf cyber activity is national capability being built and operated, not startups being funded.

The independent Gulf VCs with real deal flow

Strip out the sovereigns and the operators, and a small set of independent regional VCs is where the actual startup cyber deals live. One firm leads it.

Shorooq Partners

The most active cyber-adjacent Gulf VC right now, based in the UAE, managing roughly $350 million to $500 million (sources conflict on the exact figure). In November 2024 it led Corgea's $2.6 million seed round for AI-powered vulnerability remediation, alongside Y Combinator, Propeller, Decacorn and angels including Jawed Karim and Sam Kassoumeh, the SecurityScorecard co-founder. Shorooq's partner Tamer Azer put the thesis plainly, that the Middle East remains underserved in cybersecurity. The firm now runs two vehicles here, because it was also appointed fund manager of du Ventures.

du Ventures

The newest and most explicitly cyber-labelled corporate VC in the Gulf. In June 2026 the operator du, through EITC, launched a $50 million CVC fund with Shorooq as fund manager, naming cybersecurity among its focus sectors. There is no named cyber portfolio company yet. What makes it worth watching is the mandate: it is the clearest stated cyber commitment from a Gulf vehicle in this cycle, and it is run by the region's most active cyber VC.

STV

The largest VC in the Middle East, Saudi-based, stc-anchored and founded in 2017, with more than $1.4 billion in assets. Its one named cyber connection is historical: it was an early SpiderSilk backer per deal coverage, exiting when CPX acquired the company in May 2025. The size of STV's stake and its entry terms are unverified, so this counts as a documented exit rather than an active cyber thesis.

BECO Capital

A Dubai firm with $495 million across four funds and the earliest cyber thesis in the region. BECO made the first MENA cybersecurity deal, a 2016 seed in MYKI, since exited. There is no named 2023 to 2026 cyber deal, so BECO is historical context: proof the region has been circling cyber for a decade without building sustained deal flow.

Two more sit at thesis level only. The Dubai Future District Fund, roughly Dhs 1 billion (around $272 million) from DIFC and the Dubai Future Foundation, names cybersecurity as a target sector across its 35 investments but shows no named cyber portfolio company. Hub71, the Mubadala-backed Abu Dhabi landing pad, runs a cybersecurity accelerator vertical through a Techstars program offering AED 250,000 in cash plus 250,000 in-kind, which is infrastructure rather than investment.

Israel is most of the region's cyber capital, which is exactly why it now gets its own piece rather than a paragraph here: the full asymmetry, the funding scale, the venture-creation model and the Gulf-to-Israel flows are laid out in the most active cybersecurity investors in Israel.

The sovereign wealth funds, and where their money actually sits

The five big Gulf sovereign wealth funds barely appear in the named cyber deals above, and that is not an accident. ADIA, Mubadala, PIF, QIA and KIA are not prominent direct cyber investors. ADIA, Mubadala and PIF reach cybersecurity the way institutions their size reach most things, as limited partners and co-investors in the private equity and venture managers who actually write the cyber checks; QIA describes exactly that program on its own site, and KIA, covered last, is where even that trail goes dark. The catch is that fund-by-fund LP registers are confidential, so the honest evidence is deal-level: the transactions where a sovereign fund's name sits in the same signed press release as the PE firm's. Those receipts exist, and they are enough to show the mechanism even while the full LP book stays private.

The plumbing is standard. An anchor LP writes an outsized first-close commitment that lets a manager launch a fund, usually for better fee and governance terms. Co-investment rights then let that LP put more money directly into specific deals alongside the fund, often fee-free. Separately managed accounts run a manager's strategy to one LP's mandate. GP stakes buy a slice of the management company itself. A&O Shearman's 2025 Middle East report found nearly 80 percent of regional institutional investors plan to raise their private-markets allocations, with a stated preference for exactly these lower-fee, higher-control structures, and it puts the region at the front of the move into direct GP stakes. That report talks about regional LPs in general and names none of the five funds, so read it as backdrop rather than fund-specific proof.

ADIA

The Abu Dhabi Investment Authority is the largest of the five and the world's third-biggest sovereign fund, at roughly $1.19 trillion by Global SWF's count, with a private equity target range that Private Equity International reports it held at 12 to 17 percent of the portfolio. ADIA has spent years shifting toward direct minority stakes, which is why it shows up by name in specific deals rather than as a disclosed LP in blind-pool funds. The clearest receipt is the 2021 to 2022 McAfee take-private, where a wholly owned ADIA subsidiary is named in the same signed announcement as Advent, Permira and Crosspoint Capital, a cybersecurity-only PE firm, on a $14 billion-plus cyber take-private. It ran the play again on Qlik, the data and analytics software firm, where an ADIA subsidiary led a minority investment alongside Thoma Bravo, the buyout shop with the deepest cybersecurity portfolio of any. Both are direct co-investments in single deals, not LP stakes in Crosspoint's or Thoma Bravo's funds, and that distinction matters: the co-investments are the visible tip, and the LP book underneath stays confidential.

Mubadala

Mubadala closed 2025 at AED 1.4 trillion, about $385 billion, up 17 percent on the year, with private investments its single largest bucket at 42 percent of assets. Its biggest cyber-adjacent footprint runs through SoftBank. In 2017 Mubadala committed $15 billion to SoftBank Vision Fund 1, whose portfolio included the endpoint-security firm Cybereason, a reported pass-through I would recheck against Cybereason's own funding history before attaching a dollar figure to it. On the direct side, Mubadala took a minority co-investment in Medallia alongside Thoma Bravo's take-private, the same repeat-co-investor pattern ADIA shows. Mubadala also productizes the mechanism itself: its Mubadala Capital Solutions arm sells third parties the separately managed accounts and evergreen vehicles that big LPs use to get custom private-markets exposure. Medallia is experience-management software rather than cyber, so treat it as evidence of how Mubadala invests, not as a cyber bet.

PIF

The Public Investment Fund reports total assets that trackers put anywhere from about $925 billion to $1.21 trillion at the end of 2025, depending on the count and the date, so a $900 billion-plus floor is the safe read. PIF owns the single largest anchor-LP commitment in venture history: $45 billion into SoftBank Vision Fund 1 in 2017, the fund's biggest LP by a wide margin, and the route by which a PIF dollar reportedly reached names like Cybereason without PIF ever writing a cyber check itself. Its venture arm Sanabil, and Sanabil's own cyber-adjacent deal, are covered earlier in this piece, so I will not repeat them. One Sanabil detail belongs here though: it is one of the rare Gulf vehicles to voluntarily publish its manager list, which IBTimes reported includes Andreessen Horowitz, Insight Partners and KKR, with Sanabil committing around $2 billion a year across those relationships. Insight Partners is the cyber-relevant name on the list, given its security portfolio. No per-manager dollar split is public, so the list confirms the relationships without pricing them.

QIA

The Qatar Investment Authority runs about $557 billion by 2025 disclosures, and it is unusually explicit about the mechanism. Its own How We Invest page says the private equity program encompasses fund commitments, co-investments and direct equity transactions, and that QIA maintains limited-partner relationships with leading global buyout, growth-equity and venture-capital managers. The receipt here is a cautionary one. In May 2023 QIA led a $250 million round in Builder.ai alongside Insight Partners, exactly the co-investment-alongside-a-top-manager pattern the thesis predicts. Then Builder.ai collapsed into insolvency in 2025 amid a fraud investigation, taking QIA, Insight, Microsoft and SoftBank down with it. So the deal proves the mechanism and warns about the diligence in the same breath. It was AI software rather than cyber, and a direct co-investment rather than an LP stake in an Insight fund.

KIA

The Kuwait Investment Authority is the world's fifth-largest sovereign fund at just over $1 trillion, and the most opaque of the five. It publishes no asset-class allocation ranges the way ADIA, Mubadala and PIF do, and I found no disclosed KIA cybersecurity deal, direct or indirect. Claims that KIA prioritizes AI or cyber circulate in aggregator content with no primary source behind them, so I am not going to state them as fact. Worth separating from KIA is Kuwait's other big pool of state capital, the pension fund PIFSS, which runs GP-stakes investing through its New York vehicle Wafra and took a stake in Ardian in late 2025. That is a related but distinct mechanism from KIA itself, and no cyber-specific Wafra deal turned up. KIA is where the LP thesis runs out of public receipts, and the honest move is to say so.

Reading the mechanism forward, and labeling this as reasoning rather than a disclosed fact: given their scale, their documented habit of co-investing alongside exactly these managers, and the fact that funds this size dominate the LP base of the biggest cyber-active managers, it is a fair inference that ADIA, Mubadala and PIF hold LP positions in several of the ten largest cybersecurity-active PE and VC firms, Thoma Bravo, Vista, Insight and the Vision Fund among them. The fund-by-fund registers are confidential, so that stays an evidence-based inference about the plumbing, not a claim about any specific undisclosed position. You can see the same gravity in the physical moves: General Atlantic opened an Abu Dhabi office anchored by Mubadala Capital, and KKR opened one in late 2025, both to sit closer to sovereign LP money.

So for a cyber founder or fund, the read is simple. Gulf sovereign money is real, but you almost never reach it by pitching a sovereign fund a seed deck. You reach it indirectly, by raising from the PE and VC managers these funds anchor, or directly through their venture arms, Prosperity7, Wa'ed, Sanabil and the Shorooq and du vehicles covered earlier, which are the ones that actually write startup checks. The sovereign balance sheets sit one layer back, as LPs and co-investors, and that is where their cyber exposure quietly lives.

Market context, and the data gap that tells the story

The single strongest number in this whole market comes from a government, not a fund. Saudi Arabia's National Cybersecurity Authority puts the Kingdom's cyber market at SAR 15.2 billion in 2024, up 14 percent year on year, split 32 percent public and 68 percent private, with products at 51 percent and services at 49 percent. That is a regulator counting its own market, which makes it the most reliable figure on the page.

Around it, the UAE stood up a Cybersecurity Council in 2020, published a National Cybersecurity Strategy for 2025 to 2031, and is cited at roughly $2 billion in government outlay. Qatar, via an IPA Qatar report with Microsoft and EY-Parthenon, cites more than $1.64 billion in cyber spend, the fastest-growing in the region, and no QIA startup deals to match it. The pattern repeats: large national spend, thin venture activity.

Regional VC overall ran about $1.9 billion in FY2024, and $1.5 billion across 310 deals in H1 2025 by MAGNiTT's count, up 92 percent and the strongest first half since 2022; MAGNiTT later put the full 2025 year at around $3.8 billion. Here is the tell. MAGNiTT publishes sector splits for fintech and for AI. It publishes no MENA cyber-sector VC breakdown, because there is not enough dedicated cyber deal flow to break out. The absence of the data is itself the finding: cyber as a distinct VC category in the Gulf is still too small to measure.

What it means if you are raising in the region

The practical read is that the region is long on capital and short on cyber conviction, so target it accordingly. If you are an early-stage cyber founder, the independents are your realistic first call: Shorooq has the only repeatable cyber thesis, du Ventures has the freshest mandate, and both run out of the same shop. Everything sovereign is better approached as strategic or infrastructure capital, tied to a national program or a critical-infrastructure use case, than as classic startup venture money. Prosperity7, Sanabil and Wa'ed have each done one, and each deal had an infrastructure or national-AI angle rather than a pure product bet.

Read the labels honestly and you save yourself time. A sovereign fund naming cyber in a strategy document is not the same as a sovereign fund with a cyber check-writing habit, and on the current evidence most of them are the former. If your company needs a deep security-specialist network, that still lives in Israel and the US, mapped in the global VC piece. If you want Gulf capital, bring an infrastructure story, a national-priority angle, or a regional go-to-market that a sovereign can use, and approach the two independents first. The money is here. The cyber habit is still forming.

FAQ

Do Gulf sovereign funds invest directly in cybersecurity startups?

Mostly no. The named exceptions are narrow: Prosperity7 backed Horizon3.ai in January 2026, Wa'ed backed Resemble AI in March 2026, and Sanabil joined a Series A in the sovereign-AI firm 1001 in June 2026, Prosperity7 and Sanabil with infrastructure or national-AI angles; Wa'ed with a deepfake-detection angle. Beyond those, most sovereign cyber activity is indirect: building and owning national operators like SITE, or fund-of-funds exposure such as Mubadala's $100 million into six Israeli VC firms. Several large names, including ADQ, QIA, Mumtalakat and Mubadala as a direct investor, show no named cyber startup deal on the public record.

How big is Saudi Arabia's cybersecurity market according to its own regulator?

The National Cybersecurity Authority puts it at SAR 15.2 billion in 2024, up 14 percent year on year. The split is 32 percent public and 68 percent private, and roughly even between products (51 percent) and services (49 percent). Because it is the regulator counting its own market, it is the most reliable single figure in the region, and it dwarfs the venture activity around it.

Is G42 connected to DarkMatter?

There is a documented personnel overlap. G42's CEO Peng Xiao and a number of staff previously worked at DarkMatter Group, the UAE firm at the centre of Reuters' Project Raven reporting, which described ex-NSA operatives working for the UAE; separately, three of those Americans signed a 2021 US Department of Justice deferred-prosecution agreement with a $1.7 million forfeiture. G42 denies any connection to DarkMatter on the record. Both facts are sourced; neither goes beyond what the reporting states.

Are ADIA, PIF and Mubadala investors in cybersecurity?

Not as direct startup backers, but yes indirectly, as limited partners and co-investors in the private equity and venture managers who write the cyber checks. The public receipts are deal-level: an ADIA subsidiary co-invested in the McAfee take-private alongside the cyber-only PE firm Crosspoint Capital, and again on Qlik alongside Thoma Bravo; Mubadala committed $15 billion to SoftBank Vision Fund 1 and co-invested in Medallia alongside Thoma Bravo; PIF anchored SoftBank Vision Fund 1 with $45 billion. Fund-by-fund LP registers are confidential, so those co-investments are the visible tip of exposure that mostly stays private. QIA's own site confirms it runs an LP program with global buyout and venture managers, and KIA is the most opaque of the group, with no disclosed cyber deal at all.

Are Gulf funds investing in Israeli cyber after the Abraham Accords?

Only indirectly, and less than the headlines suggest. The one verified route is Mubadala's $100 million commitment to six Israeli VC firms in January 2022, a fund-of-funds move with no public line-item cyber allocation. A UAE $10 billion fund for investments in Israel names cyber among its sectors but has no evidenced cyber deployments, so it stays announcement-stage. No Gulf sovereign name appears in the Wiz or Cyera cap tables.

Which Gulf fund has the most explicit cybersecurity mandate in 2026?

du Ventures, launched in June 2026 by the UAE operator du through EITC as a $50 million corporate VC fund with Shorooq Partners as manager, names cybersecurity among its focus sectors. It has no named cyber portfolio company yet, but the mandate is the clearest stated cyber commitment from a Gulf vehicle this cycle, and it is run by Shorooq, the region's most active cyber-adjacent VC and the firm that led Corgea's seed.