.jpg)
Anomali, whose intelligence solution has been trusted by global enterprises and government organizations for over a decade, today announced Anomali ThreatStream Next-Gen to change that. Available both as a standalone intelligence solution and embedded within the Anomali Unified Security Data Lake, ThreatStream Next-Gen makes threat intelligence the active, decisioning layer inside every security workflow — validated at 300 times faster than traditional investigation workflows across 50 enterprise deployments.
Quick Intel
Validated 300x faster than traditional investigation workflows across 50 enterprise deployments.
Autonomous triage, scoring, and investigation steps (agentic levels 1 and 2) available today.
Full agentic autonomy (levels 3-5) expected by August 2026 for ThreatStream Next-Gen.
PIRs automate recurring intelligence questions without analyst intervention.
Command Center provides live, prioritized view of relevant threats.
Works with existing SIEM, Databricks, or Snowflake deployments.
For ThreatStream customers using standalone deployment, ThreatStream Next-Gen is the world's most trusted CTI platform with AI-driven prioritization, case management, and intelligent search built in, connecting to existing security stacks and operationalizing intelligence where analysts already work. For Anomali Data Lake customers using embedded deployment, intelligence is natively embedded in the data lake — enriching every event at ingest, connecting dots across the full security dataset, and surfacing recommended actions without analysts switching context. ThreatStream Next-Gen works with the infrastructure security teams already have — augmenting an existing SIEM, replacing it, or unlocking telemetry that lives in platforms like Databricks or Snowflake.
Operational intelligence is what makes Anomali's agentic AI work — in both deployments, AI acts on a foundation of real threat context, not raw data alone. ThreatStream Next-Gen ships today with autonomous triage, scoring, and investigation steps (agentic levels 1 and 2), available across ThreatStream Next-Gen and the Anomali Data Lake. Autonomous response capabilities — levels 3 through 5 — are in active development, with ThreatStream Next-Gen reaching full agentic autonomy by August 2026 and the Data Lake following in 2027. The architecture is already in place. The autonomy is being released deliberately, with configurable analyst oversight at every stage. In most security operations, the bottleneck is not data — it is deciding what matters and what to do next.
Priority Intelligence Requirements (PIRs) automate recurring intelligence questions, ensuring consistent monitoring of the threats that matter most without analyst intervention on every cycle. Command Center provides a live, prioritized view of relevant threats. Intelligence Search connects indicators, threat models, and campaigns with AI-generated context — compressing multi-hour investigations to minutes. Case Management keeps investigations and response workflows synchronized, preserving full context from first signal to final resolution. Reporting translates technical findings into clear stakeholder outputs.
About Anomali
Anomali has made operational intelligence the foundation of a full security operations platform over the last five years. The Anomali Data Lake and ThreatStream Next-Gen work together to connect raw security data, threat context, and AI-driven decisioning in one place — giving security teams the ability to detect, investigate, and respond without the complexity of stitching together fragmented tools. Most platforms were built to detect. Anomali was built to decide. Trusted by Fortune 500 enterprises and government organizations worldwide.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.