Filigran has unveiled XTM One, an AI-native orchestration layer designed to automate Continuous Threat Exposure Management (CTEM) workflows, as organisations struggle to keep pace with growing volumes of threat intelligence, vulnerabilities and attack data.
The launch reflects a broader challenge facing security teams. While many organisations have invested heavily in threat intelligence, attack surface management and security validation tools, turning that information into meaningful action remains difficult. Security teams are often left moving manually between platforms to understand which threats matter, whether they are exploitable, and what remediation steps should be prioritised.
CTEM has emerged as one of the industry’s preferred frameworks for addressing that problem. Rather than relying on periodic assessments, CTEM aims to create a continuous cycle of discovery, prioritisation, validation and remediation that adapts as threats evolve. Filigran has been positioning its OpenCTI and OpenAEV platforms as key components of that approach, arguing that organisations need to move beyond simply identifying vulnerabilities and focus on understanding which exposures present genuine business risk.
XTM One sits above those platforms as an orchestration layer, coordinating AI agents across the CTEM lifecycle. The company says this allows security teams to automate tasks such as intelligence enrichment, threat reporting, attack scenario generation and remediation planning without constantly switching between tools.
“The volume of CVEs, threat actors, and attack campaigns has reached a scale no human team can process manually,” said Julien Richard, co-founder of Filigran. “XTM One is not AI as a feature. It is AI as the operating system for threat management. Security teams deserve automation that works the way they work.”
The announcement highlights how security vendors are increasingly moving beyond AI assistants and copilots towards more autonomous agent-based systems. Rather than helping analysts complete individual tasks, agentic approaches seek to coordinate entire workflows across multiple products and data sources.
According to Filigran, early users of its broader XTM Platform have achieved up to 70% faster threat detection and response cycles and reduced preparation time for offensive security testing by up to 80%.
Industry analysts suggest this kind of automation may become increasingly necessary as organisations adopt CTEM programmes at scale.
“As the scale of threats outpaces human capacity to respond to alerts, security teams are hitting a wall when they need to optimize remediation to mitigate security risk. The shift toward an agentic AI orchestration layer is needed for CTEM to help security teams scale,” says Melinda Marks, Cybersecurity Practice Director at Omdia. “By leveraging an open-source foundation to automate utilizing needed context for threat intelligence and remediation, Filigran is enabling the speed, transparency, and evidence-based risk reduction required to scale defenses at the pace of the adversary.”
A key aspect of the launch is flexibility around AI deployment. Organisations can use Filigran’s models or bring their own large language models through BYOLLM support, while on-premises deployment options are intended to address data sovereignty requirements in regulated industries and government environments.
The company also believes AI could help address one of the long-standing barriers to threat intelligence adoption: usability.
“The biggest barrier to threat intelligence adoption has always been complexity,” said Jean-Philippe Salles, VP of Product Management at Filigran. “XTM One makes advanced threat management accessible to more teams through natural language interaction. Junior analysts can become productive faster, while experienced practitioners gain automation that removes repetitive work.”
The launch comes as investors increasingly view CTEM and threat exposure management as one of cybersecurity’s next major growth categories, particularly as organisations seek more evidence-based ways to prioritise cyber risk.
“Filigran is redefining how organisations operationalise threat intelligence at scale,” says Karine Peters, Managing Director at T.Capital. “Their AI-native approach to extended threat management, combined with one of the strongest open-source communities in cybersecurity, positions them to lead a category that legacy vendors have struggled to modernise. That conviction is why we invested.”
Whether agentic AI becomes the catalyst that finally makes CTEM achievable for security teams remains to be seen. What is clear is that as threat volumes continue to rise, organisations are increasingly looking for ways to automate the journey from intelligence gathering to validated defensive action, rather than simply collecting more data.
