OA

OpenCTI Agent

Cybersecurity

Security & ComplianceOpen SourceIntelligenceCTISecurity
Function:Security
Subfunction:Threat Intelligence
Loading versions...
Founded
2022
Employees
251-500
Funding
$58M Series C (Oct 2025); $100M+ total
Stage
Series C \- Growth Stage
Report version: Oct 24, 2025

1. Products/Services & Features

  • Main Offerings:

    • OpenCTI - Open Source Threat Intelligence Platform
    • OpenBAS - Breach and Attack Simulation Platform
    • Extended Threat Management (XTM) Suite
  • Feature Breakdown: Threat intelligence aggregation and correlation, Knowledge graph modeling, MITRE ATT&CK integration, Automated enrichment workflows, Activity monitoring and audit capabilities, Generative AI features, Supervised learning for NLP, Role-based access control, STIX/TAXII support, Connector ecosystem for integrations (Departments: Security Operations, Threat Intelligence, Incident Response, Government/National Security)

  • Business Industry Gearing: High - Designed for cybersecurity-focused organizations, government agencies, CERTs, and enterprises requiring advanced threat intelligence capabilities

2. Security & Compliance

  • Certifications: Not publicly available - Contact Filigran for compliance documentation, Used by organizations with strict security standards including national security agencies and CERTs

  • Vendors/Tools: Integrates with CrowdStrike, SentinelOne, Sekoia, VMRay, ESET, Tanium, and 60+ other security tools

  • Risk Profile:

    • Breaches: No public breach history documented
    • Features: Activity monitoring and audit capabilities for compliance, Role-based access control, Support for secure data sharing across organizational boundaries

3. User Feedback & Adoption

  • Aggregated Reviews: G2: Intelligence Reports 92%, Endpoint Intelligence 90%, Proactive Alerts 85%

    • Pros: Open-source nature with easy customization, Extensive connector ecosystem, Excellent customer support, Comprehensive threat intelligence management beyond simple indicator dissemination, Strong STIX/TAXII standards support
    • Cons: Steep learning curve requiring substantial practice, Some commercial connectors lack adequate testing before deployment, Slow connector improvement timelines, Insufficient pycti library documentation requiring source code review
  • Adoption Insights:

    • Adoption Ease: Moderate - Requires technical expertise and training; steep initial learning curve but becomes more intuitive with practice
    • Adoption Cultural Fit: High for security-focused organizations; requires buy-in from security teams and threat intelligence professionals
  • Metrics: Not publicly available

  • Barriers: Learning curve, need for technical expertise, connector reliability issues, documentation gaps in pycti library

4. Monetization & Business Model

  • Revenue Model: Open Core - Free Community Edition (Apache 2.0), Enterprise Edition with commercial licensing, SaaS subscriptions, Support and professional services

  • Pricing: Community Edition (Free), Enterprise Edition (Commercial agreement required for production use), SaaS instances (starting ~$250,000/year for enterprise contracts) (Sources: AWS Marketplace, Azure Marketplace, Direct enterprise agreements with Filigran)

  • Market Context:

    • TAM: Global cybersecurity threat intelligence market - estimated multi-billion dollar TAM
    • Growth Stage: Growth - Expanding adoption across enterprises, government agencies, and international markets

5. Leadership & Recent Developments

Name Description LinkedIn X Account
Samuel Hassine CEO and Co-Founder - 15+ years in cyber threat intelligence, former Head of Cyber Threat Intelligence at ANSSI (French National Cybersecurity Agency), former Director of Cybersecurity Strategy at Tanium https://www.linkedin.com/in/samuel-hassine-05a90413/ https://twitter.com/SamuelHassine
Julien Richard CTO and Co-Founder - 20+ years of experience in data and engineering leadership, technical architect of OpenCTI platform https://www.linkedin.com/in/julien-richard
Sebastien Boitelle Chief Revenue Officer (CRO) - Leading Extended Threat Management commercial strategy and sales https://www.linkedin.com/in/sebastien-boitelle-40351
  • Key Metrics Update:

    • Funding: Series C - $58.2M (October 2025) led by Eurazeo with participation from Accel, Insight Partners, and T.Capital
    • Employee Growth: Expanding - 251-500 employees across New York, Paris, Sydney, and London offices
  • News/Trends:

    • News Launch: OpenCTI v6.8.0 (September 2025) with Priority Intelligence Requirements (PIR), Connector Catalog, AI Chatbot, and improved import capabilities
    • News Partnerships: VMRay UniqueSignal integration, ESET Threat Intelligence integration, Tanium Converge partnership, TeamT5 ThreatVision integration, Silent Push partnership
    • News Funding: Series C funding of $58.2M in October 2025 to accelerate global expansion and product development
    • News Challenges: Connector reliability and testing challenges, Documentation gaps, Competitive threat intelligence market

6. Target Audience & Use Cases

  • Target Market: Enterprises, government agencies, national CERTs, MSSPs, security operations centers, incident response teams

  • Target Users & Personas: SOC analysts, threat intelligence professionals, incident response teams, CISOs, security operations managers, government cybersecurity agencies

  • User Experience Level: Intermediate to Advanced - Requires cybersecurity and threat intelligence expertise

  • Key Use Cases:

    • Centralized threat intelligence knowledge base for correlating and enriching threat data from multiple sources
    • Detection engineering and SOC automation through indicator export to SIEMs, XDR, EDR, and firewalls
    • Incident investigation and case management with contextual intelligence linking and forensic documentation

7. Impact & Recommendations

  • Measurable Outcomes:

    • Workflow Improvements: Automated threat enrichment (90% automation achieved by ASRG), Reduced manual triage time, Faster incident response through contextualized intelligence, Streamlined threat actor tracking and campaign analysis
    • ROI Examples: ASRG case study: 40-hour enrichment process reduced to seconds, 1.2M vulnerability data points centralized, 90% automation of enrichment workflows
  • Fit Assessment: Excellent fit for security-focused organizations with dedicated threat intelligence teams; strong for government and enterprise customers; requires technical expertise and commitment to threat intelligence operations

  • Custom Rec Flags:

    • Priority ICP: Large enterprises (1000+ employees), Government agencies and national CERTs, MSSPs, Organizations with mature security operations
    • Short Term Goals: Expand AI-driven threat detection and response capabilities, Grow international presence, Increase enterprise adoption, Enhance connector ecosystem reliability

8. Data Sourcing Notes

Need help evaluating and implementing AI tools?

ChiriBrain orchestrates your entire AI stack — connecting tools, teams, and workflows into one governed platform.