Filigran, the European open-source threat management company, today announced XTM One, an AI-native agentic layer that automates Continuous Threat Exposure Management (CTEM) workflows across the Filigran XTM Platform.
XTM One introduces a dedicated AI orchestration layer that connects OpenCTI and OpenAEV into a single, continuous workflow. Today, security teams move manually between tools, ingesting threat intelligence in one system, building attack scenarios in another, and tracking remediation in separate dashboards. XTM One automates those handoffs by coordinating AI agents across the lifecycle, creating a continuous path from raw threat intelligence to validated defensive action while preserving full visibility and control.
The XTM Platform already includes AI-powered automation across OpenCTI and OpenAEV. XTM One takes a fundamentally different approach: a dedicated orchestration layer where agents coordinate across products, not just assist within them.
“The volume of CVEs, threat actors, and attack campaigns has reached a scale no human team can process manually,” said Julien Richard, co-founder of Filigran. “XTM One is not AI as a feature. It is AI as the operating system for threat management. Security teams deserve automation that works the way they work.”
From Task Assistance to End-to-End Automation
XTM One introduces a coordinated system of prepackaged AI agents that automate some of the most time-intensive security workflows, including:
- Intelligence ingestion and enrichment
- Threat summarization and reporting
- Attack scenario generation and validation
- Remediation guidance and dashboard creation
These agents interact to create a continuous CTEM loop, enabling security teams to move from raw intelligence to validated defensive action. Teams can find the threats that matter most, test their exploitability, and validate their defenses from a single interface.
Early platform benchmarks indicate organizations using the XTM Platform have achieved:
- Up to 70% faster threat detection and response cycles
- Up to 80% less preparation time for offensive security testing
“As the scale of threats outpaces human capacity to respond to alerts, security teams are hitting a wall when they need to optimize remediation to mitigate security risk. The shift toward an agentic AI orchestration layer is needed for CTEM to help security teams scale,” said Melinda Marks, Cybersecurity Practice Director at Omdia. “By leveraging an open-source foundation to automate utilizing needed context for threat intelligence and remediation, Filigran is enabling the speed, transparency, and evidence-based risk reduction required to scale defenses at the pace of the adversary.”
Built for Customization, Control, and Data Sovereignty
XTM One gives organizations full control over how AI operates within their security environment. Security teams can build and deploy custom agents, workflows, skills, and integrations, while Bring Your Own LLM (BYOLLM) support allows organizations to use Filigran-provided models or their own.
The platform supports on-prem deployment, enabling highly regulated organizations and government agencies to keep sensitive data within their own infrastructure.
“The biggest barrier to threat intelligence adoption has always been complexity,” said Jean-Philippe Salles, VP of Product Management at Filigran. “XTM One makes advanced threat management accessible to more teams through natural language interaction. Junior analysts can become productive faster, while experienced practitioners gain automation that removes repetitive work.”
“Filigran is redefining how organizations operationalize threat intelligence at scale,” said Karine Peters, Managing Director at T.Capital. “Their AI-native approach to extended threat management, combined with one of the strongest open-source communities in cybersecurity, positions them to lead a category that legacy vendors have struggled to modernize. That conviction is why we invested.”
Availability and Access
XTM One is available in three tiers. Existing Enterprise Edition customers of OpenCTI or OpenAEV receive a built-in set of pre-packaged AI agents, a usage quota and BYOLLM support at no additional cost. Organizations requiring advanced capabilities — including custom agent creation, workflow orchestration, MCP integrations, and premium model packages — can license XTM One separately.
A standalone, free, open-source MCP server is also available, allowing organizations to integrate Filigran products into their own AI architectures regardless of licensing tier.
XTM One is available now. For more information or to request a demo, visit filigran.io.
About Filigran
Filigran, a cybersecurity company, offers an open-source, AI-powered, threat-informed approach to Continuous Threat Exposure Management (CTEM). Its eXtended Threat Management (XTM) platform delivers threat intelligence, exposure validation, and cyber risk reduction. Learn more: Website – Blog – LinkedIn – X
FAQs
How can security teams keep up with the volume of threats when most exposure management workflows are still manual?
Security teams are surrounded by threat data, but most still rely on manual processes to assess vulnerabilities, analyze threats, and coordinate response. The bottleneck is no longer visibility but operationalization: organizations can identify risk but lack the automation to act on it continuously. XTM One addresses this by coordinating AI agents across the full CTEM lifecycle, from intelligence ingestion to exposure validation, without manual handoffs between tools or teams.
What is CTEM, and how does agentic AI make it operational?
Continuous Threat Exposure Management (CTEM) is a framework for continuously identifying, prioritizing, validating, and remediating cyber risk rather than relying on point-in-time assessments that quickly become outdated. In practice, many organizations struggle to operationalize CTEM because the process spans multiple tools and requires significant manual coordination between threat intelligence, exposure validation, and remediation workflows. XTM One automates this coordination across OpenCTI and OpenAEV, enabling teams to sustain a continuous CTEM loop at scale.
How can teams with limited experience in threat intelligence get more value from CTEM?
A persistent barrier to the adoption of threat intelligence is complexity. Solutions like OpenCTI provide deep capabilities, but less experienced analysts often face a steep learning curve. XTM One addresses this with a natural language interface that lets analysts interact with OpenCTI and OpenAEV conversationally from day one, while pre-packaged AI agents automate the enrichment, scenario-building, and reporting workflows that previously required significant expertise.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260609723131/en/
Media gallery
