Filigran Unveils XTM One AI Platform for Threat Management

Filigran has launched XTM One, an AI orchestration platform designed to automate continuous threat exposure management workflows across its open-source security products. The Paris-based company positions the platform as an operating layer that coordinates AI agents across the full lifecycle of threat detection and response, rather than embedding AI features within individual tools.

The platform addresses a structural challenge in security operations: teams typically work across disconnected systems for threat intelligence, attack scenario modeling, and remediation tracking. XTM One introduces a coordinated system of AI agents that handle intelligence ingestion, threat summarization, attack scenario generation, and remediation guidance within a unified workflow spanning OpenCTI and OpenAEV.

Why it matters

Security teams face an escalating volume of vulnerabilities and threat data that exceeds human processing capacity. The shift from point-in-time assessments to continuous threat exposure management requires automation that can sustain operational tempo without manual coordination between tools. XTM One's orchestration approach targets the handoff bottlenecks that prevent organizations from operationalizing CTEM frameworks at scale, particularly for teams with limited threat intelligence expertise.

Performance and deployment flexibility

Early benchmarks from organizations using the XTM Platform show up to 70 percent faster threat detection and response cycles, with offensive security testing preparation time reduced by up to 80 percent, according to Filigran.

The platform supports Bring Your Own LLM deployment, allowing organizations to use Filigran-provided models or integrate their own. On-premises deployment options address data sovereignty requirements for regulated industries and government agencies that must keep sensitive security data within controlled infrastructure.

"The volume of CVEs, threat actors, and attack campaigns has reached a scale no human team can process manually," said Julien Richard, Filigran co-founder. "XTM One is not AI as a feature. It is AI as the operating system for threat management."

Natural language interaction and custom agents

XTM One includes a natural language interface that allows analysts to interact with OpenCTI and OpenAEV conversationally, lowering the barrier to entry for teams with limited threat intelligence experience. Security teams can build and deploy custom agents, workflows, and integrations to adapt the platform to specific operational requirements.

The platform launches in three tiers. Enterprise Edition customers of OpenCTI or OpenAEV receive pre-packaged AI agents, usage quotas, and BYOLLM support at no additional cost. Organizations requiring custom agent creation, workflow orchestration, and premium model packages can license XTM One separately. A standalone open-source MCP server is also available for organizations that want to integrate Filigran products into their own AI architectures.

Melinda Marks, Cybersecurity Practice Director at Omdia, noted that the shift toward agentic AI orchestration is necessary for CTEM to help security teams scale as threat volumes outpace human response capacity.

Details were first reported by Business Wire.