Filigran launches XTM One to automate CTEM workflows

A Business Wire announcement and trade coverage report that French cybersecurity firm Filigran launched XTM One, an AI-native orchestration layer that automates Continuous Threat Exposure Management (CTEM) workflows across the company's OpenCTI threat-intelligence platform and OpenAEV exposure-validation tool. Filigran says XTM One coordinates multiple AI agents across the CTEM lifecycle so teams can move from raw threat intelligence to validated defensive action without manual handoffs.

Per Filigran's announcement (Business Wire) and ITSecurityGuru, XTM One ships with prepackaged AI agents that handle intelligence ingestion and enrichment, threat summarization and reporting, attack-scenario generation and validation, and remediation guidance and dashboard creation. The platform supports BYOLLM model flexibility and on-premises deployment, which Filigran pitches for regulated organizations and government customers that cannot send sensitive telemetry offsite. Filigran also offers a standalone, free, open-source MCP server.

The Business Wire release quotes co-founder Julien Richard: "The volume of CVEs, threat actors, and attack campaigns has reached a scale no human team can process manually," and "XTM One is not AI as a feature. It is AI as the operating system for threat management." The release cites early platform benchmarks of up to 70% faster threat detection and response cycles and up to 80% less preparation time for offensive security testing. The announcement also includes commentary from Melinda Marks, Cybersecurity Practice Director at Omdia, on the need for an agentic orchestration layer to scale CTEM.

Editorial analysis: Agent-based orchestration is the next step beyond assistant-style AI features in security tooling. Vendors are increasingly experimenting with systems that coordinate multiple autonomous or semi-autonomous agents across data sources and tools, rather than embedding single-agent copilots inside one product. This approach aims to reduce manual context switching and scale routine decision workflows in CTEM programs.

Editorial analysis: Security teams evaluating XTM One should treat vendor-reported benchmarks as preliminary. Comparable agentic systems shift complexity from human workflows to orchestration, which typically increases the importance of observability, agent governance, and integration testing. On-prem and BYOLLM options materially change operational risk and compliance trade-offs compared with cloud-only agent services.

Editorial analysis: Watch for independent assessments of XTM One's exploitability testing and remediation validation, third-party audits of model behavior on sensitive telemetry, and early customer case studies that verify the claimed 70% and 80% improvements. Also monitor how Filigran documents agent decision trails and integrates with SIEM, ticketing, and change-management systems.

Filigran's announcement frames XTM One as an orchestration layer that links threat intelligence, attack validation, and remediation via coordinated AI agents. The launch fits a wider industry move toward agentic automation in security, but practitioners will need verifiable benchmarks, governance controls, and integration proofs to adopt such systems safely.