Anomali today announced the launch of Anomali ThreatStream Next‑Gen — a major evolution designed to turn threat intelligence into the active decisioning layer inside every security workflow. Available as a standalone platform or embedded within the Anomali Unified Security Data Lake, ThreatStream Next‑Gen has already demonstrated performance validated at 300 times faster than traditional investigation workflows across 50 enterprise deployments.
While most security platforms were built to detect, Anomali was built to decide. For years, the company has treated intelligence not as a feed, but as structural connective tissue linking raw data, analyst judgment, and automated response. ThreatStream Next‑Gen represents the culmination of that philosophy: an intelligence layer that not only informs decisions but drives them, delivering attacker context, campaign insights, AI‑generated prioritization, and recommended actions precisely when they are needed.
“Attackers move fast, targeting identity and exploiting behavior — often closing windows in hours. We close them faster,” said Ahmed Rubaie, CEO of Anomali. “ThreatStream Next‑Gen is the intelligence layer competitors can’t replicate because it’s not a bolt‑on — it’s the core of everything we build, including our innovation in agentic AI. By owning the decisioning layer between intelligence and action, we give security teams the ability to respond at the speed threats demand.”
ThreatStream Next‑Gen introduces a unified intelligence layer with two deployment modes, both powered by Anomali’s agentic AI architecture. Operational intelligence underpins autonomous triage, scoring, and investigation (agentic levels 1 and 2), available today across both ThreatStream Next‑Gen and the Anomali Data Lake. Higher levels of autonomy — including autonomous response — are in active development, with full agentic autonomy expected by August 2026 for ThreatStream Next‑Gen and in 2027 for the Data Lake. Autonomy is being rolled out deliberately, with configurable analyst oversight at every stage.
The platform addresses one of the most persistent bottlenecks in security operations: deciding what matters and what to do next. ThreatStream Next‑Gen compresses multi‑hour investigations into minutes by carrying intelligence from production to action without losing fidelity. New capabilities include automated Priority Intelligence Requirements, a live Command Center for threat prioritization, AI‑powered Intelligence Search, synchronized Case Management, and automated Reporting that translates technical findings into clear stakeholder‑ready outputs.
With ThreatStream Next‑Gen, Anomali positions intelligence not as an input, but as the engine of modern security.
