Filigran's XTM One Puts AI Agents to Work on Threat Exposure

Making Elite Threat Defense Accessible to Every Team

The best defensive security tools have a frustrating habit of being too complex for the teams that need them most. On June 9, 2026, the European open-source security company Filigran took aim at that gap with XTM One, an AI-native platform that uses coordinated AI agents to automate the full lifecycle of Continuous Threat Exposure Management (CTEM) — and lets analysts of any experience level drive it through plain natural language. Let me break down why this one is worth your attention.

The core idea is democratization: take workflows that normally demand senior expertise and make them runnable by a junior analyst typing a request in everyday words.

How XTM One's AI Agents Handle the Full Lifecycle

XTM One is an agentic orchestration layer built on top of Filigran's existing XTM Platform, which already includes the widely used open-source OpenCTI threat-intelligence tool and OpenAEV adversarial-validation tool. The new layer coordinates prepackaged AI agents across the entire CTEM cycle: ingesting threat intelligence, summarizing emerging threats, generating and validating realistic attack scenarios, and recommending concrete remediation steps.

The natural-language interface is the unlock. Instead of mastering a thicket of separate consoles, an analyst can ask for what they need and let the agents coordinate the underlying tools. Filigran reports early benchmarks of up to 70% faster threat detection-and-response cycles and up to 80% less preparation time for offensive security testing — meaningful efficiency gains for perpetually stretched teams.

Why Bring-Your-Own-LLM and Air-Gapping Matter

Here's the design choice I most want to highlight, because it's the kind of thing that separates a security-conscious product from a careless one. XTM One supports bring-your-own-LLM (BYOLLM) and on-premises or air-gapped deployment. That means regulated organizations, governments, and privacy-sensitive enterprises can run the platform entirely within their own boundaries, keeping sensitive threat data and internal context under their full control.

In AI security, where you process your data is as important as how well the model performs. A tool that forces sensitive security telemetry into someone else's cloud is a non-starter for many of the organizations most in need of strong defenses. By keeping deployment flexible and local-capable, Filigran makes advanced AI-driven defense viable precisely where the stakes are highest.

Built on Open-Source Foundations

The open-source lineage gives XTM One a credibility that's hard to manufacture. OpenCTI and OpenAEV are already trusted across the community, and existing Enterprise customers receive a built-in set of agents, usage quota, and BYOLLM support at no additional cost. Building the agentic layer on top of proven, inspectable tools rather than a black box is exactly the transparent approach defensive security ought to favor.

The Methodical Takeaway

What I appreciate here is the layering of priorities. The AI agents handle the tedious, expertise-heavy grind so smaller teams can keep pace with the threat landscape; the natural-language interface lowers the skill barrier; and the BYOLLM and air-gap options ensure none of that convenience comes at the cost of data control. That's a thoughtful balance — capability, accessibility, and privacy held in tension and resolved well. As threat exposure management becomes more automated, this is the responsible template to follow: powerful agents doing the heavy lifting, with the keys kept firmly in the defender's hands.

Sources: Help Net Security, "Filigran launches XTM One to automate CTEM with AI agents" (June 9, 2026); SiliconANGLE, "Filigran launches XTM One to automate threat exposure management with AI agents" (June 9, 2026); Business Wire, "Filigran Launches XTM One, an AI-Native Platform for Automating Continuous Threat Exposure Management" (June 9, 2026); Channel Insider (June 9, 2026).