Filigran Launches XTM One, an AI-Native Platform for Automating Continuous Threat Exposure Management
Automates CTEM Workflows Across OpenCTI and OpenAEV with a Dedicated AI Orchestration Layer, Enables Full Model Flexibility and On-Premises Deployment with BYOLLM Support, and Significantly Reduces Analyst Workload and Time-to-Value with Natural-Language Interaction

Filigran, the open-source threat management company, has announced XTM One, an AI-native agentic layer that automates Continuous Threat Exposure Management (CTEM) workflows across the Filigran XTM Platform.
XTM One introduces a dedicated AI orchestration layer that connects OpenCTI and OpenAEV into a single, continuous workflow. Today, security teams move manually between tools, ingesting threat intelligence in one system, building attack scenarios in another, and tracking remediation in separate dashboards. XTM One automates those handoffs by coordinating AI agents across the lifecycle, creating a continuous path from raw threat intelligence to validated defensive action, while preserving full visibility and control.
The XTM Platform already includes AI-powered automation across OpenCTI and OpenAEV. XTM One takes a fundamentally different approach: a dedicated orchestration layer where agents coordinate across products, not just assist within them.
From Task Assistance to End-to-End Automation
XTM One introduces a coordinated system of pre-packaged AI agents that automate some of the most time-intensive security workflows, including:
Intelligence ingestion and enrichment
Threat summarisation and reporting
Attack scenario generation and validation
Remediation guidance and dashboard creation
These agents interact to create a continuous CTEM loop, enabling security teams to move from raw intelligence to validated defensive action. Teams can find the threats that matter most, test their exploitability, and validate their defences from a single interface.
Early platform benchmarks indicate organisations using the XTM Platform have achieved:
Up to 70% faster threat detection and response cycles
Up to 80% less preparation time for offensive security testing
“Security teams across Southeast Asia are under enormous pressure. They’re dealing with a growing volume of threats, a shortage of experienced analysts, and tools that weren’t built to work together. What we see consistently in this region is organisations that have invested heavily in detection but still can’t answer one fundamental question: Are we actually prepared for the threats targeting us right now?” said Kevin Vanhaelen, SVP APJ, Filigran.
New research from Filigran’s State of Threat Management report, a survey of 550 security decision-makers and practitioners globally, including 50 in Singapore, finds that only 31% of organisations in the region have a consolidated view of their cyber risk exposure, compared to 52% in North America. Just 27% use threat intelligence within a continuous, automated validation process.
“XTM One enables a step-change improvement in this. It provides the connective tissue that practitioners can use to turn the intelligence they have into action that the business can take. We’re seeing businesses look to their CTI teams to provide a more integrated, automated approach, and that’s exactly what XTM One enables,” said Damian Skeeles, Senior Manager of Solution Engineering, Filigran.
“The ability to turn intelligence into decisive action is a true competitive advantage. Filigran has given our teams the clarity and confidence to make faster, better-informed decisions, reducing our exposure to risk and allowing us to focus our resources where they matter most,” said Chris Novak, former Vice President, Global Cybersecurity Solutions, Verizon Business. “They lead with a customer-centric approach that delivers not only security outcomes, but also enables organisations to move forward with confidence.”
Built for Customisation, Control, and Data Sovereignty
XTM One gives organisations full control over how AI operates within their security environment. Security teams can build and deploy custom agents, workflows, skills, and integrations, while Bring Your Own LLM (BYOLLM) support allows organisations to use Filigran-provided models or their own.
The platform supports on-premises deployment, enabling highly regulated organisations and government agencies across Singapore and Southeast Asia to keep sensitive data within their own infrastructure, meeting the data residency and sovereignty requirements with which financial institutions and public sector bodies in the region must comply.
Availability and Access
XTM One is available in three tiers. Existing Enterprise Edition customers of OpenCTI or OpenAEV receive a built-in set of pre-packaged AI agents, a usage quota, and BYOLLM support at no additional cost. Organisations requiring advanced capabilities, including custom agent creation, workflow orchestration, MCP integrations, and premium model packages, can license XTM One separately.
A standalone, free, open-source MCP server is also available, allowing organisations to integrate Filigran products into their own AI architectures regardless of licensing tier.



