SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada
Anomali launches ThreatStream Next-Gen with AI triage
SIEM Digital Transformation SOCs

Anomali launches ThreatStream Next-Gen with AI triage

Tue, 5th May 2026 (Today)
Joseph Gabriel Lagonsin
JOSEPH GABRIEL LAGONSIN News Editor

Anomali has launched ThreatStream Next-Gen, available as a standalone intelligence platform and as part of its Unified Security Data Lake.

The release targets cyber threat intelligence and security operations teams that must decide which alerts matter and what action to take next. Across 50 enterprise deployments, Anomali said the product was validated as 300 times faster than traditional investigation workflows.

ThreatStream Next-Gen is central to Anomali's effort to make threat intelligence part of day-to-day security operations, rather than a separate feed reviewed by analysts. The software adds context on attackers and campaigns, AI-generated prioritisation, and recommended next actions within security workflows.

Security teams often struggle less with collecting data than with deciding how to use it. In many operations centres, cyber threat intelligence analysts spend hours curating information, while security operations analysts move across several tools to validate alerts and determine a response.

The latest version of ThreatStream is designed to close that gap with five additions: Priority Intelligence Requirements to automate recurring intelligence questions; a Command Centre with a live prioritised view of relevant threats; Intelligence Search to connect indicators, threat models and campaigns; Case Management to keep investigations and responses aligned; and Reporting tools that turn technical findings into material for stakeholders.

Anomali is offering the product in two deployment models. Existing ThreatStream users can adopt it as a standalone platform with AI-driven prioritisation, case management and search. Customers using the Anomali Data Lake can access an embedded version that enriches events as they are ingested and connects activity across a broader security dataset.

The software is designed to work with existing security infrastructure, whether organisations want to keep a security information and event management system, replace one, or use telemetry stored in platforms such as Databricks or Snowflake. The aim is to let analysts use intelligence within the tools and data environments they already rely on.

AI layer

The launch also forms part of Anomali's broader effort to build agentic AI into its security products. ThreatStream Next-Gen includes autonomous triage, scoring and investigation functions, described as agentic levels 1 and 2, across both the standalone product and the data lake deployment.

More autonomous response functions, covering levels 3 through 5, are in development. Anomali expects ThreatStream Next-Gen to reach what it describes as full agentic autonomy by August 2026, with the data lake following in 2027, while keeping configurable analyst oversight in place.

Ahmed Rubaie, Chief Executive Officer of Anomali, said the launch reflects the company's approach to security operations. "Attackers move fast, targeting identity and exploiting behaviour - often closing windows in hours. We close them faster. ThreatStream Next-Gen is the intelligence layer that competitors can't replicate, because it's not a bolt-on - it's the core of everything we build, including our current innovation in agentic AI. By owning the decisioning layer between intelligence and action, we give security teams something they've never had before: the ability to respond at the speed of threats," said Rubaie.

Customer use

Anomali also cited customer feedback from public sector, retail and financial services users to show how threat intelligence is being applied in practice. The comments focused on collaboration, better use of telemetry and the role of intelligence in reducing false positives.

One customer from a critical public sector organisation said the product supported more structured intelligence work. "The best platform we've seen that allows us to tag our own intelligence, apply confidence ratings, and collaborate with other intel sources to get a clearer picture of attacker infrastructure at play in cyberattacks," said the specialist.

A security leader at a USD $30 billion US retailer described the product as central to a broader operating model. "Anomali has changed how we utilise threat intel data. It's the foundation of our cyber fusion approach - connecting real-time threat intelligence, operational security, and vulnerability management in one place," said the security leader.

A Chief Information Security Officer at a global financial institution said embedding ThreatStream in the company's data lake had changed how analysts used historic data. "We had years of telemetry we couldn't make useful. The moment we embedded ThreatStream into the Anomali Data Lake, that data became an intelligence asset - our analysts stopped chasing false positives and started doing the work they became security professionals to do," said the Chief Information Security Officer.

Related stories
Exabeam expands AI agent analytics to ChatGPT, Copilot
Databricks launches Lakewatch to counter AI attacks
SentinelOne unveils new AI security tools for agents
Datadog launches AI security analyst for Cloud SIEM
CrowdStrike adds AI security tools & Microsoft SIEM link
Top stories
Infoblox completes Axur takeover to boost threat defence
RecordPoint named in Forrester AI governance landscape
Qualys & Converge launch cyber insurance pricing tool
Genetec urges tighter identity controls for security systems
CrowdStrike widens QuiltWorks & launches Defender hunting