Everyone's bracing for AI agents to "go rogue." In the GCC, the risk that actually bites is quieter, and it starts the moment your agent can act.
Today I'm launching Janreth, a cybersecurity company. The first product red-teams AI agents and maps what it finds to the regulator's actual rulebook. Here's the problem that made me build it, and how it works.
The moment an agent can act, it stops being "a feature"
A chatbot answers questions. An agent does things: it calls a tool, queries a database, moves money, decides whether to approve a person. The instant your system can take an action on someone's behalf, it crosses a line: from a product feature into a regulated actor.
Picture a support agent that can issue refunds. Give it a budget and tool access and it's genuinely useful. It is also, quietly, now making financial decisions, holding customer data, and acting without a human in the loop: three different regulators' concerns in one feature you built in an afternoon.
In the GCC that line is crowded. The same agent can pull cybersecurity rules, data-protection rules, and, if it touches money, anti-money-laundering rules into scope at the same time, across ADGM, CBUAE, DIFC, Dubai, and UAE Federal law. Five regulators, one deployment, and most teams ship without knowing which obligations they just triggered.
It isn't that the rules are hidden. It's that nobody has connected this technical behavior to that specific obligation. A developer reads a rulebook and sees legal prose. A compliance officer reads an architecture diagram and sees an engineering artifact. The agent sits in the gap between them.
Why I built it
I come at this from two sides that don't usually sit in one place.
I break systems for a living: penetration testing, red teaming, offensive security. That's the attacker's view: how a system actually gets exploited, not how the diagram says it should behave.
And I build agentic systems hands-on. That's the builder's view: where an agent's autonomy, memory, and tool access really live, and where they break.
Put those together and you see the agent the way an adversary and an engineer both would. That is exactly the vantage point you need to say, credibly, "here is the threat, and here is the rule it puts you on the hook for."
What Janreth does
You paste a plain description of your system: what the agent does, what it can touch. Janreth does two things.
First, it finds the agentic threats that architecture implies, grounded in the OWASP agentic threat taxonomy. Not a generic checklist, but the specific ways this kind of agent fails.
Then it maps each threat to the obligations it pulls into scope: the GCC regulators' actual requirements (264 of them across the five), plus the OWASP Agentic Top 10, MITRE ATLAS, AIVSS, and STRIDE. The output is a board-ready report: what's at risk, which rule it touches, what to fix first.
The design is deliberate about one thing: it doesn't invent. The threat-finding is an open, grounded read of your system; the obligation mapping is deterministic and traceable. Which brings me to the part I care about most.
Sourced, not asserted
AI tools love to sound certain. Ask one about a regulation and it will happily cite an article that doesn't exist. For a compliance tool, that is disqualifying: a confident wrong citation is worse than no answer at all.
So Janreth runs on a rule: every mapping traces to a primary source (the regulator's own rulebook), and every figure, like indicative fine exposure, is flagged as an advisory estimate to verify with counsel, never stated as fact. It supports a decision; it does not replace your counsel's sign-off.
And because "trust me, it's accurate" is exactly the kind of claim I don't accept from anyone else, I published the accuracy scorecard. You can see how the engine performs before you rely on it. Proof beats promise.
What I'd want you to take from this
Even if you never touch Janreth: the next time you ship an agent, ask the quiet question before the loud one. Not "what if it goes rogue?" but "the moment this can act (call that tool, move that money, decide about that person), which obligations did I just take on?" In the GCC, the answer usually spans more regulators than you would guess.
That gap, between what an agent technically does and what the rulebook requires of it, is the thing I have spent the last six weeks building a company to close.
It is live today. I am building Janreth in public from here: the wins, the misses, and what I learn red-teaming agents along the way. If you build or ship in this space, follow the build.