Cybersecurity Stars Awards · By The Hacker News
2026 WINNER · CYBERSECURITY STARS AWARDS

Filigran XTM · Threat Intelligence & Exposure Management

Best Intelligence Powered Cybersecurity Platform
2026 Winner medal
Filigran logo
Company
Filigran
Location
France
Website
filigran.io
Team Size
100 - 499 employees
01

Overview

Founded in 2022, Filigran is a global cybersecurity innovator dedicated to providing open source solutions that empower organizations to proactively manage cyber risk. Through the eXtended Threat Management (XTM) platform, which unifies the three core solutions OpenCTI, OpenAEV, and OpenGRC, Filigran helps organizations worldwide operationalize threat intelligence, validate security controls, and anticipate future attacks. By fostering a transparent and community driven ecosystem, the company enables security teams to move beyond reactive defense to achieve a proactive and intelligence led security approach.

02

Key Capabilities

Filigran provides a unified approach to threat management through its eXtended Threat Management (XTM) platform, a unified ecosystem designed to help organizations understand threat environments, validate defenses, and ultimately reduce risk.

The XTM platform is composed of three integrated solutions:

  • OpenCTI (Cyber Threat Intelligence): The core, open source threat intelligence-powered engine used to manage, contextualize, and operationalize cyber threat intelligence.
  • OpenAEV (Adversarial Exposure Validation): Uses data intelligence to simulate attacks and validate the efficacy of existing security controls.
  • OpenGRC (Governance, Risk, and Compliance): This solution is scheduled for late 2026 and will help transform static risk assessments into dynamic, threat-informed metrics.

OpenCTI serves as the platform's intelligence control center, enabling teams to:

  • Collect: Aggregate data from 300+ one-click integrations, including commercial feeds, open-source intelligence, and internal tools.
  • Correlate: Standardize intelligence using a consistent STIX 2.1 data model. The solution uses a hypergraph to enable security teams and analysts to pivot across actors, malware, TTPs, and indicators through visual graphs, timelines, etc.
  • Leverage: OpenCTI operationalizes threat intelligence by feeding it directly into the defense ecosystem. This process enriches EDR telemetry with context, accelerates SIEM/SOAR triage, and ensures vulnerability remediation is focused on the threats currently being exploited in the wild.

The platform also features XTM One, an AI-native engine and automated playbooks that help to combat alert fatigue. These tools allow users to:

  • Reduce CTI enrichment time from hours or days to seconds.
  • Produce finished, professional TI reports in just minutes rather than in days.
  • Use Natural Language Processing for advanced search and insights, making complex intelligence accessible to all levels of the security team.
03

How we are different

Filigran's primary differentiator is their threat-driven approach for anticipating future attacks. Rather than reacting to alerts, the XTM platform allows organizations to identify priorities and remediation paths before incidents occur. By using a unified threat landscape view, it operationalizes tactical and strategic intelligence to enhance readiness for the next attack, further ensuring security teams are being proactive rather than reactive.

Filigran breaks down the traditional walls between intelligence, operations, and risk. The XTM platform integrates easily with the existing cybersecurity ecosystem, including endpoint agents and CTI feeds. This helps to ensure that intelligence is not a standalone resource but a functional part of the entire stack, leading to:

  • 80% faster threat detection and response.
  • 50% fewer manual threat hunting investigations.
  • 95% reduction in response time for enterprise users.

Filigran is unique in that it can synergize the strengths of its intelligence-driven solutions. By connecting solutions such as OpenCTI, OpenAEV, and OpenGRC, the XTM platform ensures that risk levels are being continuously updated. This synergy ensures that validated risk exposures are mobilized with the respective teams, keeping the organization's defense posture under constant control.

This unified ecosystem is powered by XTM One, the platform's first AI-native layer for CTEM enablement. XTM One solidifies Filigran's positioning by consolidating AI capabilities into a single, programmable automation layer. Through Autonomous Threat Management, it uses a dedicated Agentic AI layer to orchestrate agents across the entire XTM suite. By natively connecting threat-to-validation context, XTM One allows teams to shift from reactive tasks to proactive, autonomous operations, accelerating time-to-value while allowing customers to bring their own LLMs and rules.

Filigran combines the transparency of an open-source model with enterprise-grade reliability. Built by practitioners for practitioners, the platform leverages the collective intelligence of over 6,000 community members. This "open-core" approach prevents vendor lock-in and allows organizations to customize the platform to their specific Priority Intelligence Requirements (PIRs).

04

Gallery

Gallery image 1 Gallery image 2 Gallery image 3 Gallery image 4