Filigran launches XTM One to automate CTEM with AI agents

Filigran has announced XTM One, an AI-native agentic layer that automates Continuous Threat Exposure Management (CTEM) workflows across the Filigran XTM Platform.

XTM One introduces a dedicated AI orchestration layer that connects OpenCTI and OpenAEV into a single, continuous workflow. Security teams move manually between tools, ingesting threat intelligence in one system, building attack scenarios in another, and tracking remediation in separate dashboards.

XTM One automates those handoffs by coordinating AI agents across the lifecycle, creating a continuous path from raw threat intelligence to validated defensive action while preserving full visibility and control.

The XTM Platform already includes AI-powered automation across OpenCTI and OpenAEV. XTM One takes a different approach: a dedicated orchestration layer where agents coordinate across products, not just assist within them.

“The volume of CVEs, threat actors, and attack campaigns has reached a scale no human team can process manually,” said Julien Richard, CTO at Filigran. “XTM One is not AI as a feature. It is AI as the operating system for threat management. Security teams deserve automation that works the way they work.”

From task assistance to end-to-end automation

XTM One introduces a coordinated system of prepackaged AI agents that automate some of the most time-intensive security workflows, including:

• Intelligence ingestion and enrichment
• Threat summarization and reporting
• Attack scenario generation and validation
• Remediation guidance and dashboard creation

These agents interact to create a continuous CTEM loop, enabling security teams to move from raw intelligence to validated defensive action. Teams can find the threats that matter most, test their exploitability, and validate their defenses from a single interface.

Early platform benchmarks indicate organizations using the XTM Platform have achieved:

• Up to 70% faster threat detection and response cycles
• Up to 80% less preparation time for offensive security testing

“As the scale of threats outpaces human capacity to respond to alerts, security teams are hitting a wall when they need to optimize remediation to mitigate security risk. The shift toward an agentic AI orchestration layer is needed for CTEM to help security teams scale,” said Melinda Marks, Cybersecurity Practice Director at Omdia.

“By leveraging an open-source foundation to automate utilizing needed context for threat intelligence and remediation, Filigran is enabling the speed, transparency, and evidence-based risk reduction required to scale defenses at the pace of the adversary,” Marks continued.

Built for customization, control, and data sovereignty

XTM One gives organizations control over how AI operates within their security environment. Security teams can build and deploy custom agents, workflows, skills, and integrations, while Bring Your Own LLM (BYOLLM) support allows organizations to use Filigran-provided models or their own.

The platform supports on-prem deployment, enabling highly regulated organizations and government agencies to keep sensitive data within their own infrastructure.

“The biggest barrier to threat intelligence adoption has always been complexity,” said Jean-Philippe Salles, VP of Product Management at Filigran. “XTM One makes advanced threat management accessible to more teams through natural language interaction. Junior analysts can become productive faster, while experienced practitioners gain automation that removes repetitive work.”

“Filigran is redefining how organizations operationalize threat intelligence at scale,” said Karine Peters, Managing Director at T.Capital. “Their AI-native approach to extended threat management, combined with one of the strongest open-source communities in cybersecurity, positions them to lead a category that legacy vendors have struggled to modernize. That conviction is why we invested.”