Appknox, a leading mobile application security testing platform, offers both automated and manual testing solutions to help organizations safeguard their mobile ecosystems. In addition to its core services, the company has expanded its capabilities with specialized offerings such as fake app protection through its newly launched product, Storeknox. The platform also integrates AI-powered features for privacy assessments, software composition analysis, store monitoring, and more, delivering comprehensive mobile application security. Appknox talks to GEC Media at GISEC 2025,
What are you showcasing at GISEC 2025?
We’ve just launched our new product, Storeknox, right here at GISEC. It’s specifically designed for companies looking to monitor mobile applications across app stores. Visibility in app stores is often limited, and this solution helps companies identify their apps and detect any impersonations.
For example, if there’s a fake WhatsApp, the real company would want to know. Store Knox helps protect against such fake apps and even identifies if malware is present within any version of their application listed in public stores — including Google Play, Apple App Store, and third-party platforms.
What cybersecurity trends are you seeing in the Middle East and Africa?
Mobile app usage has exploded over the last five years — starting during the COVID era. Everyone wanted to offer mobile apps to improve convenience, especially in the MENA region. But in the rush to release features and accelerate time to market, security often took a backseat.
As a result, many apps today are vulnerable and form one of the weakest links in an organization’s overall cybersecurity posture. Mobile apps have now become a critical part of the supply chain — and an increasingly attractive target for attackers.
How is Appknox approaching AI-driven cybersecurity?
We like to say we use “Security for AI and AI for Security.” We’re leveraging AI in two ways:
- To improve our own testing capabilities:
We’ve built proprietary ML models trained on data from testing over 250,000 applications — including 20,000 in just the past year. This enables us to detect vulnerabilities faster and more accurately. For instance, our AI has helped us reduce static and dynamic testing times from hours to under 90 minutes — and we aim to bring this down to under 30 minutes by year-end. - To defend against AI-generated threats:
AI is now used not just by defenders but also by attackers. We’re focused on detecting vulnerabilities that could be exploited by AI — including phishing, obfuscated code, and AI-generated application flaws. We also analyze AI-written code, as developers now increasingly rely on generative tools, which can introduce security risks unintentionally.
Any major recent partnerships or customer wins?
While I can’t name specific companies due to NDAs, I can share that we’ve onboarded some of the largest government entities in the region — including a major electricity and water utility in Saudi Arabia, a leading oil and gas company, and the top FMCG player in the Kingdom.
Additionally, we recently closed a deal with one of the biggest telecom providers in the MENA region. We’re also expanding beyond government and banking into retail, FMCG, and e-commerce, as mobile app adoption continues to rise.
Where do you see major security gaps over the next 12–18 months?
Focusing on application security — which is our domain — the biggest challenge is that security is often treated as an afterthought. In this region, especially, there’s a tendency to focus on compliance-driven security rather than real-world security.
The pace of digital transformation is rapid, and regulators are doing great work, but compliance alone won’t be enough. We need to move toward proactive, continuous protection. That includes embracing DevSecOps practices and investing in VAPT, RASP, and runtime monitoring as part of the SDLC — not after deployment.
How does this year’s GISEC compare to previous editions?
There’s been a notable increase in engagement from channel partners this year. We’ve met several new partners and had meaningful discussions with prospective enterprise customers. The ecosystem is maturing, and there’s a lot of positive momentum.
Final message to the CISO community in the region?
Don’t just aim for compliance — aim for security that reflects real-world risks. Be aware of often-overlooked attack vectors like IoT and mobile apps, and ensure they are continuously tested. Think beyond firewalls and signatures — build a culture that includes secure coding practices, continuous monitoring, and application-layer defenses. Bring security into the DNA of your digital operations.
