Interview with Mohamed Alsalehi of ComplyCube
As AI agents begin conducting transactions autonomously, businesses must rethink identity, accountability, and trust in an increasingly automated digital economy.
As AI systems take on a growing role in conducting transactions, traditional approaches to identity verification and digital trust are being challenged. Mohamed Alsalehi, Co-Founder and CTO of ComplyCube, an AI-powered identity verification and KYC/AML compliance platform, argues that the future of trust depends on moving beyond one-time verification toward continuous, contextual risk assessment. He explores how businesses can balance innovation with accountability, prepare for agent-led commerce, and build trust frameworks suited to an era where autonomous systems increasingly act on behalf of people and organizations.
Your work sits at the intersection of digital trust and online transactions. What experiences in your career first drew you into this space and shaped how you think about building solutions today?
I came into this space through data science, building the fraud detection and biometric systems that sit underneath identity verification. That meant living very close to the problem rather than observing it from a distance. I saw how small technical decisions around risk scoring, model design, or data quality could determine whether a legitimate person was approved, delayed, or wrongly rejected.
What struck me early on was how little sustained attention digital identity received, despite being one of the core trust layers of the online economy. Interest tends to spike around tax deadlines, a major fraud incident, or when a new regulation lands, and then it fades. But the underlying issue has only become more important as more transactions, services, and relationships move online.
Digital identity affects a person’s ability to transact, access services, build a business, and be recognised accurately online.
The risk environment had changed, but many of the assumptions had not. Identity systems were often designed for a simpler internet, while fraud had become faster, more coordinated, and increasingly difficult to distinguish from legitimate activity. That experience shaped how I think about building solutions today: they need to be adaptive, grounded in evidence, and appropriate to the risk, not just technically impressive.
It is also an adversarial problem, which means you are never solving it permanently. The moment you build a better defence, the attack surface moves. That keeps the work intellectually demanding, but it also creates a real responsibility.
At its core, digital identity affects a person’s ability to transact, access services, build a business, and be recognised accurately online. When these systems fail, whether through fraud, poor design, or unnecessary complexity, real people and businesses bear the consequences.
So, from a CTO perspective, the leadership challenge is to build trust infrastructure that is secure enough to protect the ecosystem, but intelligent enough not to become friction for its own sake.
Building products in fast-changing environments often comes with difficult decisions. What lessons have most influenced how you approach leadership and problem-solving?
The biggest lesson is that data should drive curiosity, not just conclusions. In a fast-changing environment, it is easy to treat an anomaly as a metric to manage, but the more important question is often why it is happening.
One example that stayed with me was a sharp increase in suspicious activity linked to Macedonian documentation. On the surface, it looked like a technical or operational issue. When we investigated more deeply, it appeared to be connected to fraudulent activity shifting from a neighbouring country after a change in visa rules. The root cause was geopolitical as much as technological.
That kind of experience has influenced how I approach leadership and problem-solving. As an engineer at heart, I believe in staying close to the details because small assumptions often become bigger problems later. But leadership is not about making every decision yourself. It is about making sure the organisation understands what is changing, why it matters, and how to respond.
I have also become convinced that translating deep technical complexity into clear human and business outcomes is one of the most underrated leadership skills in this space. Teams need context, not just instructions. They need to understand the customer impact, the regulatory implications, and the risk behind the work.
That also means trusting teams with real latitude. Not every decision will be perfect, but the ability to recognise that quickly, pivot without losing discipline, and learn without blame is essential. The leadership challenge is to build an organisation that is curious, aligned, and agile enough to adapt intelligently.
AI systems are now starting to book, buy, and complete transactions for people. How is this changing the way businesses understand who or what they are actually dealing with online?
AI is changing the trust question online because it breaks some of the assumptions on which the current digital trust infrastructure was built. Businesses are no longer only asking, “Is this person who they say they are?” Increasingly, they have to ask, “Is this agent authorised to act on behalf of the person or organisation it claims to represent?”
Those are very different questions. An AI agent may book travel, complete a purchase, or interact with a regulated service in a way that looks legitimate. But the business still needs confidence that the agent has permission to act, that the underlying person or organisation is known where required, and that the transaction makes sense in context.
At ComplyCube, we see this as a shift towards more contextual trust decisions. The question becomes: who is acting, on whose behalf, with what authority, and under what risk conditions? AI will not reduce the need for identity and compliance infrastructure. Rather, it will make accountability, consent, and authorisation more important.
Many current systems for verifying users were designed around people, not automated tools. What new challenges are emerging as more transactions are carried out on behalf of users?
The main challenge is that many verification systems were designed around direct human interaction. They assume a person is present, making a decision, showing behavioural patterns, and responding to checks in real time. When an automated tool carries out the transaction, some of those signals are either missing, synthetic, or much harder to interpret.
The deeper issue is ongoing due diligence, and that was already a challenge before AI agents arrived. Many businesses still rely heavily on a point-in-time check at onboarding, then try not to disturb the customer unless something clearly goes wrong. The reason is understandable: re-verification can create friction, and businesses are often anxious about interrupting legitimate users mid-journey.
With AI agents, that model becomes harder to sustain. A business needs to know whether the agent is authorised to act, what the scope of that authority is, whether that authorisation has changed or been revoked, and whether the agent is behaving outside its mandate. Those are not abstract technical questions. They are operational questions that need answers before agent-led commerce scales much further.
This also challenges traditional KYC and AML frameworks, which were largely built around human behaviour. The focus cannot only be on verifying the person once at onboarding. Businesses need a more continuous view of the relationship between the user, the agent, the transaction, and the risk context.
The accountability question is just as important. If an automated system opens an account, moves funds, or changes sensitive details, the business still needs to explain who authorised it, who benefited from it, and whether appropriate controls were applied.
Agent-led transactions should not be treated as just another automation layer. They need consent models, auditability, revocation mechanisms, and risk controls designed for a world where the actor online may not be human, but the responsibility still is.
As these changes unfold, what kind of leadership is needed to help organisations stay responsible while still moving forward quickly?
I would challenge the idea that responsibility and speed are always in tension. In my experience, organisations that treat compliance as a genuine engineering problem, rather than a box to tick, often find that it creates velocity rather than drag. Clear controls and well designed risk processes help teams move faster because they reduce ambiguity.
Good leaders take the time to understand what the regulation is trying to achieve, then translate that into systems and decisions that make sense for their own organisation.
The leadership required is practical and context-aware. It is not enough to copy what a larger peer is doing, because their risk profile, customer base, regulatory exposure, and operating model may be entirely different. Good leaders take the time to understand what the regulation is trying to achieve, then translate that into systems and decisions that make sense for their own organisation.
That also means bringing product, technology, compliance, and operations together early. Risk should not be something discovered at the end of a build cycle. It should be part of how the product is designed, tested, monitored, and improved.
From a CTO perspective, responsible leadership is about creating the conditions for speed with discipline. Teams need enough clarity to act, enough guardrails to avoid obvious mistakes, and enough feedback from the real world to adjust quickly when the facts change. The organisations that do this well will be able to innovate without losing trust.
With change happening so quickly, what should business leaders be focusing on right now to avoid falling behind in how they manage trust and safety?
Business leaders should focus on three things.
First, challenge the assumption that a single identity verification at onboarding is enough. It is not, and the gap is widening. Trust and safety need to be managed across the customer lifecycle, especially when risk changes through account activity, transactions, device changes, support interactions, or shifts in user behaviour.
Second, take deepfake and synthetic media threats more seriously. Strategies that only analyse the image or video itself are becoming insufficient. Businesses need to look at provenance, device signals, behavioural context, document integrity, and whether the interaction makes sense in the wider risk picture.
Third, get ahead of agent commerce now. For most businesses, transacting with AI agents is a when, not an if. That means thinking early about authorisation, consent, revocation, auditability, and what it means to know who or what you are dealing with online.
A lot of businesses are understandably worried about friction, but diligence cannot be compromised. The answer is not to remove checks altogether, but to make them smarter, more contextual, and better timed.
Trust and safety should be treated as operating infrastructure. The organisations that do this well will move faster without losing the confidence of customers or regulators.
As AI becomes more involved in everyday transactions, how do you see the relationship between businesses, users, and trust evolving in the years ahead?
As AI becomes more involved in everyday transactions, digital trust is becoming infrastructure: invisible when it works, but potentially catastrophic when it breaks. The relationship between businesses and users will become less about a single moment of verification and more about a continuous trust relationship.
What changes the relationship is delegation. When a user authorises an agent to act on their behalf, they are extending their trust into a system they may not fully understand. Businesses that handle this well will be clear about what that agent can do, what it cannot do, and how users can review or revoke that authority.
The harder evolution comes when agents begin transacting with other agents without a human actively in the loop. At that point, the idea of simply “knowing your customer” starts to feel semantically strained. Businesses will still need to understand who benefits from a transaction and who is accountable for it, but the route to that answer becomes more complex.
So I think the next phase of digital trust will require new frameworks for accountability, not just new technical standards. As autonomous systems become routine participants in economic activity, the organisations that succeed will be those that make trust clear, manageable, and resilient without making every interaction feel unnecessarily complicated.
