UAE’s CPX acquires Wa’ed-backed spiderSilk to bring offensive cyber-AI in-house

Founded in 2019 by Rami El Malak and Mossab Hussein, the startup has built an autonomous threat intelligence and exposure management platform used by public and private entities across MENA.

Author

Jamie Lane
May 08, 2025

🛡️ UAE-based CPX has acquired spiderSilk, a Dubai-born cyber-AI startup known for simulating offensive cyberattacks to identify vulnerabilities in enterprise systems. The acquisition marks a major milestone for the region’s cybersecurity and deeptech landscape.

  • Founded in 2019 by Rami El Malak and Mossab Hussein (a well-known white-hat hacker and former Careem PM), spiderSilk has built an autonomous threat intelligence and exposure management platform used by public and private entities across MENA.

Notably, investors — Global Ventures and Dara Holdings — will continue supporting CPX’s leadership in driving the company’s continued growth post-acquisition.

⏪ Background

spiderSilk began with vulnerability research that made global headlines — exposing flaws in platforms like WeWork and MoviePass.

That early work laid the foundation for a commercial platform: Resonance (exposure management), autonomous SOC agents, and a threat intel system powered by a global cyber knowledge graph.

  • The company’s last raise was a $9 million Series A in 2023, led by Wa’ed Ventures. Previous backers included Global Ventures, Dara Holdings, and Magnus Olsson (Careem).

The size of the problem

While cyber budgets are expanding across the Gulf, most regional spending still flows to global vendors — and reactive, defensive postures.

There’s a gap in homegrown, AI-driven, offensive-grade tooling that can simulate and defend against modern threats. spiderSilk was built to fill that gap.

📖 What does the company do?

spiderSilk offers:

  • Resonance: a platform to detect, visualise, and resolve security exposure across enterprise systems

  • Autonomous agents: for threat detection and SOC operations

  • AI-powered intel tools: built on a continuously updated, global vulnerability graph

Its tech stack is used by governments, enterprises, and infrastructure operators, making it one of the region’s few deeptech players with significant real-world deployments.

🔍 Strategic logic

For CPX — Abu Dhabi’s end-to-end cyber and threat management operator – the deal fills a major product gap: offensive-grade AI cyber capabilities.

The acquisition strengthens its positioning as a full-spectrum security player, and accelerates its expansion into Saudi, GCC, and North America.

🔮 Outlook

This is a landmark exit for MENA cyber — and one that reflects an emerging playbook: strategic absorption by state-backed operators, not just IPOs or acqui-hires.

As the region doubles down on sovereignty, infrastructure security, and R&D localisation, deeptech founders may find that the biggest exits are now domestic.