Filigran launches AI orchestration layer for threat management

Filigran has introduced XTM One, an AI orchestration layer designed to automate Continuous Threat Exposure Management workflows across its security platform, according to an announcement first reported by Help Net Security.

The system coordinates AI agents across Filigran's OpenCTI threat intelligence and OpenAEV attack simulation products, creating what the company describes as a continuous workflow from raw threat data to validated defensive measures.

How the orchestration works

XTM One differs from embedded AI features by functioning as a dedicated coordination layer. Rather than assisting users within individual tools, it manages handoffs between products automatically.

The platform includes prepackaged agents that handle intelligence ingestion and enrichment, threat summarization, attack scenario generation and validation, and remediation guidance. These agents operate in sequence to eliminate manual transitions between separate security tools.

"The volume of CVEs, threat actors, and attack campaigns has reached a scale no human team can process manually," said Julien Richard, CTO at Filigran. "XTM One is not AI as a feature. It is AI as the operating system for threat management."

Performance benchmarks

Early platform data indicates organizations using the XTM Platform have achieved up to 70% faster threat detection and response cycles and up to 80% less preparation time for offensive security testing, according to the company.

Melinda Marks, Cybersecurity Practice Director at Omdia, noted that security teams face capacity constraints as threat volume outpaces human response capability. "The shift toward an agentic AI orchestration layer is needed for CTEM to help security teams scale," Marks said.

Deployment and customization options

XTM One supports custom agent development and workflow configuration. Organizations can use Filigran-provided language models or integrate their own through Bring Your Own LLM support.

The platform offers on-premises deployment for regulated industries and government agencies that require data sovereignty. Jean-Philippe Salles, VP of Product Management at Filigran, emphasized that natural language interaction makes the system accessible to junior analysts while removing repetitive work for experienced practitioners.

Why it matters

The announcement reflects a broader industry shift from AI-assisted features to AI-orchestrated workflows in security operations. As threat intelligence platforms generate increasing volumes of data, the bottleneck has moved from collection to operationalization. Orchestration layers that automate cross-tool workflows address this constraint by reducing the manual labor required to translate intelligence into defensive action. For organizations evaluating CTEM solutions, the approach represents a architectural difference from traditional platforms that embed AI within individual products.

Details of the announcement were first reported by Help Net Security.