Filigran, a leading European open-source threat management provider, has officially unveiled XTM One. The newly developed, AI-native agentic layer is engineered to automate Continuous Threat Exposure Management (CTEM) workflows across the broader Filigran eXtended Threat Management (XTM) Platform.
By introducing a dedicated artificial intelligence orchestration engine, XTM One bridges OpenCTI (the company’s threat intelligence module) and OpenAEV (its exposure validation suite) into a unified, continuous operational loop. Historically, cybersecurity teams have been burdened with manual transitions between siloed security tools—often ingesting threat intelligence in one platform, building out attack validation scenarios in a second, and monitoring remediation progress across entirely separate dashboards. XTM One completely removes these manual handoffs by orchestrating autonomous AI agents across the entire threat management lifecycle. This yields a direct path from raw telemetry to validated defensive execution while allowing security operators to retain total visibility and granular control.
Also Read: Hitachi and Google Cloud Expand Strategic Partnership to Accelerate Real-World Physical AI and Cybersecurity Deployment
While the existing XTM Platform already leverages embedded AI-driven automation within individual tools, XTM One represents a fundamental architecture shift. Instead of functioning purely as localized, product-specific assistants, its dedicated orchestration layer empowers autonomous agents to coordinate and pass context across products seamlessly.
“The volume of CVEs, threat actors, and attack campaigns has reached a scale no human team can process manually,” said Julien Richard, co-founder of Filigran. “XTM One is not AI as a feature. It is AI as the operating system for threat management. Security teams deserve automation that works the way they work.”
From Task Assistance to End-to-End Automation
XTM One deploys an interconnected network of prepackaged AI agents calibrated to optimize the industry’s most time-intensive security operations. Key workflow automations include:
- Threat Intelligence Ingestion and Enrichment: Immediate interpretation and enrichment of unprocessed threat data.
- Threat Intelligence Summary & Report Writing: Writing detailed reports for operations and executive-level briefs.
- Scenario Creation and Validation: Creating simulated attacks against specific targets and validating results.
- Remediation Recommendations and Dashboard Development: Creating playbooks and dashboard metrics.
Given that these agents operate in a dynamic fashion, it becomes easier for security professionals to identify high-priority threats, conduct an analysis of the exploitability of the threat, and ensure that the defensive posture is appropriate, all through one interface. Initial testing done on the platform indicates that the use of XTM Platform enables organizations to cut down on threat response times by 70% and offensive preparation times by 80%.
Customization, Control, and Data Sovereignty
Built for supporting enterprise architectures and high-security compliance requirements, XTM One gives teams full control of how the artificial intelligence works within their organization’s environment. Security teams have the ability to create customized agents, plan custom workflows, and select language models through the built-in Bring Your Own LLM (BYOLLM) option. In regulated organizations and governments where there are data residency restrictions, Filigran comes in handy through its on-premise deployment options.
Flexible Tiering and Open-Source Accessibility
XTM One is structured across three distinct operational tiers. Enterprise Edition subscribers of either OpenCTI or OpenAEV gain immediate access to the baseline prepackaged AI agents, a dedicated monthly usage quota, and native BYOLLM capabilities at no additional operational cost.
Furthermore, aligned with Filigran’s core commitment to open-source innovation, a standalone, free Model Context Protocol (MCP) server has been released to the public. This infrastructure layer permits organizations to seamlessly integrate Filigran’s product suites directly into their proprietary corporate AI frameworks, regardless of their current licensing tier.
