Cybersecurity company Filigran has unveiled XTM One, an AI-native agentic layer that automates Continuous Threat Exposure Management (CTEM) workflows across the Filigran XTM Platform.
XTM One automates CTEM handoffs
According to Filigran, XTM One was built to address the bottleneck of security teams having to manually move between their tools, particularly when ingesting threat intelligence on one platform, building attack scenarios on another, and tracking remediation on yet another.
In response, Filigran says XTM One automates those handoffs by coordinating AI agents across the lifecycle, creating a continuous path from raw threat intelligence to validated defensive action.
The platform also introduces a dedicated AI orchestration layer that connects OpenCTI and OpenAEV into a single, continuous workflow.
“The volume of CVEs, threat actors, and attack campaigns has reached a scale no human team can process manually,” said Julien Richard, co-founder of Filigran.
“XTM One is not AI as a feature. It is AI as the operating system for threat management. Security teams deserve automation that works the way they work,” Richard added.
Filigran connects OpenCTI and OpenAEV workflows
The XTM Platform already includes AI-powered automation across OpenCTI and OpenAEV.
XTM One takes a fundamentally different approach: it serves as a dedicated orchestration layer where agents coordinate across products, rather than simply assisting within them.
XTM One introduces a coordinated system of prepackaged AI agents that automate time-intensive security workflows, including:
● Intelligence ingestion and enrichment
● Threat summarization and reporting
● Attack scenario generation and validation
● Remediation guidance and dashboard creation
These agents interact to create a continuous CTEM loop, enabling security teams to move from raw intelligence to validated defensive action. Teams can identify the threats that matter most, test their exploitability, and validate their defenses from a single interface.
Custom agents and BYO-LLM support expand deployment options
In its official press release, Filigran highlighted that the new platform gives organizations “full control” over how AI operates within their security environments.
The company said security teams can build and deploy custom agents, workflows, and integrations while supporting Bring Your Own LLM (BYO-LLM), allowing organizations to use either Filigran-provided models or their own.
“The biggest barrier to threat intelligence adoption has always been complexity,” said Jean-Philippe Salles, VP of Product Management at Filigran.
“XTM One makes advanced threat management accessible to more teams through natural language interaction. Junior analysts can become productive faster, while experienced practitioners gain automation that removes repetitive work.”
The platform also supports on-premises deployment, which Filigran says is particularly beneficial for highly regulated organizations and government agencies that need to keep sensitive data within their own infrastructure.
Availability includes enterprise, premium, and open-source options
According to Filigran, XTM One will be generally available in June 2026 and offered through three access tiers.
The company said existing Enterprise Edition customers of OpenCTI or OpenAEV will receive a built-in set of pre-packaged AI agents, a usage quota, and BYOLLM support at no additional cost.
Meanwhile, organizations seeking more advanced capabilities, such as custom agent creation, workflow orchestration, MCP integrations, and access to premium AI models, can purchase XTM One as a separate offering.
Filigran also announced a standalone, free, open-source MCP server designed to help organizations integrate Filigran products into their own AI architectures, regardless of licensing tier.
As vendors accelerate their AI initiatives, many are shuffling their leadership teams to support growth and innovation. Read our recap of May’s channel executive moves, from AI-focused appointments to new channel chiefs and board members.