The point Aaron Hambleton made at the IDC Middle East Virtual Roadshow 2026 is not a new observation. AI is helping attackers compress the time between finding a vulnerability and exploiting it from weeks to minutes. Everyone in security has seen some version of that headline.

What makes it worth sitting with is what it means for how programmes are actually built. Most security operations were designed for a slower threat cycle. Detection logic gets written after a threat is understood. Playbooks get updated after an incident is reviewed. Tuning happens when someone has the time. Each of those steps introduces delay, and in a world where exploitation happens in minutes, that delay is where damage happens.

The Adversary Adapts in Hours

The speed gap is not just an internal problem. AI is accelerating the other side of the equation. Attackers are using generative AI to scale phishing, automate reconnaissance, rotate infrastructure and adapt techniques faster than signature-based detection can follow. The threat is not just moving quicker. It is evolving quicker.

At the same time, most programmes are not learning fast enough to keep pace. An incident gets contained, but the detection logic is not updated, so the same technique works again a month later. A playbook runs, but nobody feeds the outcome back into tuning. Intelligence is consumed, but not operationalised. The programme stays active. It does not get faster.

When the gap between detection and response widens, attackers have more time to move laterally, escalate privileges and establish persistence. Every hour of delay compounds the damage. The question is not whether security activity is taking place. It is whether the programme can learn fast enough to keep pace with what it is facing.

That question is what SecurityHQ was built to answer.

Security Performance Engineering is a continuous, engineered approach to improving the measurable performance of security operations, not just maintaining coverage.

It starts with understanding each environment on its own terms instead of applying a one-size-fits-all model. A dedicated team builds context over time and is accountable for outcomes, not just tasks. That work is backed by twenty years of intelligence gathered across six global SOCs, including Dubai, so lessons from one environment continuously strengthen the others.

The goal is not simply to operate security controls. The goal is to continuously improve how they perform.

Security Performance Engineering is the founday. AXCEL is how SecurityHQ operationalises it.

AXCEL is a ai-powered, closed-loop detection and response pipeline that ingests 2.4 billion events per day across EDR, SIEM, cloud, identity and OT. Before a single alert reaches an analyst, 62% of that volume is refined. What remains is correlated into a single decision-ready picture. Verified threats are contained in under nine minutes. When a playbook covers the scenario, containment is automated. When the situation is novel, the analyst has full enriched context in one place to act. That decision feeds back into the playbook immediately.

When one customer encounters a new threat, that intelligence reaches every other customer’s environment within hours. The pipeline does not reset after each incident. It learns.

Is Your Programme Getting Better Fast Enough?

The UAE absorbs close to 800,000 cyberattacks a day. Regulatory expectations across DESC, NESA, SAMA and NCA are moving beyond asking whether organisations have coverage and toward asking whether they can demonstrate improvement over time. Boards are arriving at the same question.

That question cannot be answered with activity metrics. It requires a trajectory of performance. And closing the speed gap will come from engineering a programme that learns faster than the threats around it.

If you want to see what that looks like applied to your environment, watch the full IDC Middle East Virtual Roadshow session below, or book a 20-minute discussion to benchmark how quickly your programme can detect, decide and contain here.

Watch the full session here: