CPX Holding Launches Unified Identity Fabric to Govern Human and AI Identities Under Zero Trust

Abu Dhabi's CPX Holding has launched a Unified Identity Fabric IAM offering governing human, machine, and AI agent identities under a single sovereign Zero Trust framework aligned to UAE regulations.

Layla Haddad
Cyber Policy & Digital Risk Correspondent4 min read
 CPX Holding UAE Identity and Access Management unified identity fabric covering human and non-human identities under Zero Trust framework

CPX Holding UAE Identity and Access Management unified identity fabric covering human and non-human identities under Zero Trust framework

CPX Holding Launches UAE-Sovereign IAM Platform to Close the Identity Security Gap

Identity-based attacks have become the dominant entry point for enterprise breaches — and the problem has grown more complex as organisations deploy AI agents, API-driven architectures, and cloud workloads that generate thousands of non-human identities operating largely outside traditional access controls.

Abu Dhabi-based CPX Holding has moved to address this directly. The company has announced the launch of its Identity and Access Management (IAM) offering, built on what it calls a Unified Identity Fabric architecture — a framework designed to bring human identities, machine accounts, cloud workloads, and AI-driven agents under a single governance and policy enforcement layer.

Why Traditional IAM Is Failing

The core problem CPX is solving is well-established in enterprise security circles. Conventional IAM systems were built around human users: employees logging into applications with usernames and passwords. The modern enterprise looks nothing like that model.

Service accounts, API keys, cloud workload credentials, and — increasingly — AI agent identities operate continuously in the background, often with elevated privileges and minimal monitoring. These non-human identities now outnumber human users in most large organisations, yet they remain inconsistently governed, poorly audited, and frequently exploited.

Identity-based attacks — credential theft, privilege escalation, token hijacking, and the abuse of over-permissioned service accounts — are now among the most common initial access techniques used in enterprise breaches across the GCC. The Verizon Data Breach Investigations Report has consistently identified compromised credentials as the leading attack vector globally, and the pattern holds in MENA.

CPX's Unified Identity Fabric approach addresses this by treating identity governance as a single, unified discipline rather than a collection of siloed tools managing different identity types separately.

What the Platform Covers

The CPX IAM offering spans the full identity lifecycle across six identity categories: workforce, customer, partner, machine, cloud workload, and AI-driven agents. Key capabilities include:

Least privilege access and just-in-time elevation — users and systems are granted only the access they need, only when they need it, reducing the lateral movement window in the event of a compromise.

Continuous verification and risk-adaptive authentication — rather than validating identity once at login, the framework continuously assesses device posture, contextual signals, and behavioural patterns to dynamically adjust access in real time.

Non-human identity governance — service accounts, APIs, and AI agents are managed, monitored, and audited under the same policy framework as human users, closing one of the most significant blind spots in enterprise security architecture today.

UAE Pass integration — the platform is designed to support integration with UAE's national digital identity infrastructure, enabling organisations to achieve audit readiness without retrofitting controls onto legacy systems.

Hadi Anwar, CEO of CPX, framed the launch around the convergence of identity and Zero Trust: "Identity has become the central control point for cybersecurity in today's digital economy, and identity-driven cyberattacks are a significant concern for organizations due to their ability to bypass traditional security measures."

Sovereign by Design

A defining feature of the CPX offering is its explicit alignment with UAE regulatory requirements. The platform is architected around data residency expectations and national cybersecurity frameworks — a critical consideration for UAE enterprises operating under UAE Information Assurance Standards and sector-specific mandates from regulators including the UAE Central Bank and TDRA.

For organisations in regulated sectors — financial services, healthcare, critical infrastructure — the ability to deploy IAM controls that are sovereign by design, rather than retrofitted for compliance, represents a meaningful operational advantage.

CPX also offers full lifecycle managed services, from maturity assessments and architecture design through to 24/7 managed operations, positioning the offering as an outsourced security operations extension rather than a one-time implementation.

The Enterprise Security Implication

For GCC CISOs evaluating identity security posture in 2026, the CPX launch reflects a broader market shift: the recognition that Zero Trust cannot be achieved without solving the non-human identity problem first.

AI adoption is accelerating the urgency. As enterprises deploy AI agents that autonomously access data, trigger workflows, and interact with external APIs, the identity and access management challenge expands faster than most security teams can track manually. A unified fabric approach — governed centrally, enforced consistently — is increasingly the only viable architecture.

Layla Haddad

Cyber Policy & Digital Risk Correspondent

Layla Haddad covers cybersecurity regulations, data protection laws, and digital transformation initiatives across GCC and North Africa. She has worked closely with compliance teams, fintech startups, and government advisory groups. Her articles explore how cyber policy, AI governance, and privacy frameworks shape the region’s digital future.

Intelligence Focus Areas

Enterprise Identity Security Zero Trust Architecture GCC GCC Cybersecurity Compliance AI Security & Governance UAE National Cybersecurity Frameworks