CQR launches AI-powered industrial cybersecurity platform
Saudi-built OT cybersecurity platform targets critical infrastructure protection
#SaudiArabia #cybersecurity - Al Khobar-based operational technology cybersecurity firm CQR has launched FENNEC, a locally designed AI-powered platform designed to deliver up to 90 percent reduction in compliance effort for critical infrastructure operators. The next-generation system combines full-stack OT (operational technology) visibility with embedded AI monitoring to protect industrial facilities such as oil and gas fields, water utilities and manufacturing plants. FENNEC natively supports compliance frameworks including NCA OTCC, Saudi Aramco’s SAEP-99, IEC 62443 and ISO 27001 standards. The platform integrates compliance automation, real-time threat detection, protocol-aware monitoring and risk management into one modular system, shifting industrial cybersecurity from reactive posture to active defence for legacy infrastructure environments.
SO WHAT? - FENNEC has been developed to address a fundamental challenge facing critical infrastructure operators in Saudi Arabia and the Middle East. Traditional IT security tools are proving ineffective in the AI era, failing to protect legacy operational technology systems that underpin essential services, creating vulnerability gaps as governments escalate cybersecurity mandates. FENNEC’s locally engineered approach reflects growing recognition that industrial cybersecurity requires platforms that can align tightly with regional compliance frameworks and data sovereignty requirements.
Here are some key points about the new platform:
CQR launched has FENNEC, a next-generation cybersecurity platform designed to protect the industrial backbone of Saudi Arabia and other critical infrastructure in the region.
FENNEC is the first Saudi-built platform to combine full-stack operational technology visibility with embedded AI monitoring, designed specifically for the region’s most complex and strategic OT environments from oil and gas to water utilities and manufacturing.
The platform delivers up to 90 percent reduction in compliance effort through automated evidence gathering, bilingual audit reporting and pre-configured policy templates, with pilot deployments in Saudi energy and industrial facilities reporting 90 per cent reduction in audit preparation time.
FENNEC natively supports compliance frameworks including Saudi National Cybersecurity Authority’s OTCC, Saudi Aramco’s SAEP-99, IEC 62443 and ISO 27001 standards, enabling asset owners to achieve full visibility into compliance gaps across zones and assets from deployment.
Unlike IT-centric monitoring systems, FENNEC was designed specifically for OT and IoT infrastructure, discovering and reporting vulnerabilities at software and firmware levels that lead to previously unidentified risks in industrial control systems.
The platform’s built-in AI monitoring and security operations centre modules deliver continuous detection and response for both connected and air-gapped environments. Automatic alerts correlate and map to MITRE ATT&CK for industrial control systems framework.
FENNEC enables zero-trust enforcement and micro-segmentation without additional hardware or production downtime. Meanwhile, all telemetry remains under customer control in alignment with national data sovereignty policies for critical infrastructure operators.
Al Khobar-based CQR was recently accepted into the NVIDIA Inception Programme, a global initiative supporting innovative startups.
ZOOM OUT - In February 2025, CQR announced its successful $3 million funding round, led by UAE investment firm Shorooq, which enabled the company to accelerate scaling and expand its AI capabilities. Founded in 2023 by Naser Aldossary, CQR has pioneered a shift from traditional service-heavy operational technology cybersecurity models to scalable, AI-driven product-based solutions designed for critical infrastructure including oil and gas, manufacturing, power plants and smart cities. The company’s expansion strategy aligns with Saudi Arabia’s Vision 2030 priorities around cybersecurity sovereignty and industrial protection.
[Written and edited with the assistance of AI]
Outstanding analysis of the protocol-specific monitoring gap in OT security. Your point about FENNEC's 90 percent compliance reduction speaks to something deeper than automation, its the architectural shift from evidence-gathering theater to continuous control verification. Most platforms still bolt IT-centric detection onto OT environments and wonder why coverage falters at the firmware layer. What makes the MITRE ATT&CK mapping particularly relevant here is that industrial control system attack patterns dont map cleanly to enterprise frameworks, which means correlation engines trained on IT telemetry miss the silent modification vulnerabilities that matter most in legacy SCADA environments. The air-gapped environment claim is interesting though, because truly isolated systems cant send telemetry without breaking isolation. Im curious whether FENNEC uses unidirectional gateways or relies on episodic sync from isolated collectors. The real testfor any OT platform is whether it can distinguish between benign protocol drift and pre-attack reconnaissance without drowning operators in false positives, especially during planned maintenance windows when behavioral baselines shift.