ThreatLens participated in Web Summit Qatar, held in February 2026 in Doha. The company showcased its platform within the AI and Cybersecurity track, engaging with technology professionals, SOC practitioners, CISOs, founders, investors, and potential integration partners from across the region.
The summit provided an opportunity for direct, in-person discussions about operational challenges in modern security environments. Conversations with analysts and security leaders reflected a consistent theme: while organizations have invested substantially in SIEM, EDR/XDR, cloud security, and threat intelligence platforms, investigations frequently require manual correlation across tools. This fragmentation can slow incident resolution and contribute to alert fatigue.
ThreatLens used the forum to introduce its core product, ThreatLens Core, and to gather candid feedback on its approach.
What ThreatLens Core Is
ThreatLens Core is positioned as an investigation and response control layer that integrates with existing security infrastructure rather than replacing it.
The platform ingests telemetry and alert data from SIEM, EDR/XDR, sandbox, and related systems. It then:
- Normalizes telemetry into structured observations
- Constructs case-scoped entity graphs (users, endpoints, identities, cloud assets)
- Generates multiple competing hypotheses about potential incident scenarios
- Applies evidence-weighted scoring to each hypothesis
- Surfaces contradictory signals between upstream tools
- Identifies evidentiary gaps and potential disproving tests
- Produces findings with explicit confidence scoring and source traceability
Unlike alert summarization tools, ThreatLens Core attempts to model investigations as structured reasoning processes. The company describes this approach as an “Investigation-Level Truth” engine.
Differentiation and Open Questions
ThreatLens differentiates itself by focusing on evidence-weighted conclusions rather than detection or alert generation. The system is vendor-neutral and is designed to audit and, where necessary, challenge conclusions produced by upstream tools.
Additional features include:
- Integration of sandbox detonation results as evidentiary inputs
- Case-scoped memory rather than global model learning
- Human-gated controls for medium- and high-impact response actions
- Audit trails linking claims to underlying telemetry
However, as with any investigation-layer platform, effectiveness depends on the quality and completeness of underlying telemetry. The value proposition is strongest in environments where organizations already operate mature detection stacks but seek improved investigation continuity and governance.
Adoption considerations discussed at the summit included integration complexity, performance at scale, data residency requirements, and the balance between automation and analyst oversight.
Summit Outcomes
Participation in Web Summit Qatar 2026 provided ThreatLens with exposure to regional enterprises and investors while also offering critical feedback from practitioners. The company reports that discussions explored potential pilot engagements and technical partnerships, though no specific commercial announcements were made at the event.
The summit served as both a market validation exercise and a learning opportunity, highlighting ongoing industry demand for improved investigation workflows alongside practical concerns around deployment, integration, and operational impact.
ThreatLens Core is currently available for enterprise evaluation.
For technical information and partnership inquiries, visit:
https://www.thethreatlens.com
