Introducing OpenAEV: The next evolution in Proactive Security Validation

When we first launched OpenBAS, we set out to operationalize breach and attack simulation, making it accessible, transparent, and actionable for every security team. Thanks to your feedback and support, the Community Edition (CE) delivered on that promise.
As we evolved the platform and incorporated community’s feedback, we broadened the use cases and doubled down on meaningful outcomes: clearer findings, prioritized recommendations, and workflows that mobilize security teams to close gaps. We learned that real progress happens in a continuous, closed loop – prioritize, validate, remediate, and verify.
Today, we’re proud to introduce OpenAEV (Adversarial Exposure Validation), the next chapter in our journey toward continuous threat exposure management. And for organizations that need to run at scale, we’re launching OpenAEV Enterprise Edition (EE), combining AI‑driven automation with guided remediation to provide enterprise‑grade scalability and impact.

TL;DR

• OpenAEV introduces Adversarial Exposure Validation (AEV), the next step beyond Breach and Attack Simulation.
• It connects threat intelligence, exposure data, and validation to show what really matters and how to fix it.
• The Enterprise Edition adds AI automation, remediation guidance, and scalability for large environments.
• OpenAEV works with OpenCTI and XTM Hub for seamless, intel-driven defense.
• The Filigran Academy and Scenario Library help teams learn faster and mature their exposure management programs.

From simulation to continuous validation

If you’ve read our recent post on the shift from BAS to AEV, you already know the story behind this evolution. The world of breach and attack simulation has changed. Security teams no longer want isolated tests; they want continuous visibility, actionable insights, and validation that reflects how modern attackers actually operate.

Adversarial Exposure Validation (AEV) represents that evolution.

It connects the dots between threat intelligence, exposures, and validation to answer a single, crucial question: what can actually hurt us, and how do we stop it?

OpenAEV is built to help teams continuously assess, prioritize, and improve their defenses. And it allows defenses to be tested from all angles – tools, processes and people. Its industry’s first open-source, threat-informed end-to-end AEV solution.

OpenAEV is tightly integrated with OpenCTI: OpenCTI surfaces threats and exposures; OpenAEV makes them actionable. The bi-directional connection lets you build intel-driven, prioritized scenarios in OpenCTI and launch them in OpenAEV, closing the loop from insight to validation to improvement.

Connecting Technology, People, and Processes

Security validation isn’t only about technology. It’s about people: their decisions, reactions, and coordination under pressure. OpenAEV supports this human readiness through built-in tabletop exercises so teams can simulate both attack scenarios and end-to-end crisis response. This is essential for validating and stress-testing your incident response plan. Ditch the manual checklists and Excel sheets: OpenAEV standardizes, automates, and scales tabletop programs globally.

Fast Track Your Operations with OpenAEV Enterprise Edition

While OpenAEV Community Edition (CE) lets you explore the platform, see the benefits, and help you build the business case for your exposure validation program, the Enterprise Edition (EE) supercharges it with:

• Ability to use your existing EDR agents for seamless execution, without additional overload on already resource constrainted endpoints
• Automated workflows and AI-assisted scenario generation for faster testing and coverage while and still fully customizable
• AI-powered remediation guidance that augments human intelligence with prioritized, actionable recommendations
• Dedicated support by a committed team of Filigran and AEV experts
• SaaS deployment hosted by Filigran for ease of use and scalability

Our Commitment to your Exposure Management Journey

Behind our open-source and community-based product philosophy, lies our committment to your exposure management journey, from helping you build first use case to full-scale program. To this effect, we are also launching two new initiatives today:

Filigran Academy: Learn, Grow, and Master AEV

Filigran Academy was created to empower security professionals through structured, hands-on learning about threat management. We’re now expanding it with OpenAEV courses, offering three learning paths to guide you from fundamentals to advanced mastery.

• OpenAEV 101: Introduction to Adversarial Exposure Validation – Build your foundation in AEV with hands-on OpenAEV training from Filigran Academy.
• OpenAEV 201: Operational Integration and Continuous Validation – Learn to integrate and automate OpenAEV across your security ecosystem.
• OpenAEV 301: Advanced Scenario Design and Program Maturity – Master advanced simulations and lead a mature AEV program through expert-led sessions.

Whether you’re new to AEV or already building continuous validation workflows, these courses will help you and your team get more from OpenAEV and the broader Filigran ecosystem.

Explore Filigran Academy

Scenario Library: Available via XTM Hub

XTM Hub is our central resource library for the entire Filigran XTM Suite, connecting users to the content they need to get value faster.

Today, custom scenarios are ready to be uploaded and used directly in OpenAEV, and soon, XTM Hub will include even more resources to accelerate learning and experimentation.

Users are now able to register their OpenAEV platform directly in XTM Hub. From there, every resource (a new scenario, payloads..) will be just one click away from deployment. No more downloading and uploading files manually. Just pick what you need, and it’s instantly available in your OpenAEV instance.

This is our next step toward seamless collaboration and speed.

Learn more

Live Webinar: Operationalizing Incident Response with AEV

This November, join us for a live webinar on “Operationalizing IR: Compliance-Ready Tabletop Exercises with an AEV Platform.”

Tabletop exercises are a key part of every Incident Response (IR) plan, but scaling them effectively has always been difficult. In this session, our expert panel will explore how an Adversarial Exposure Validation (AEV) platform like OpenAEV can help organizations standardize, automate, and scale tabletop exercises across teams and regions.

You’ll learn how to:

• Integrate tabletop exercises to measure and improve human readiness
• Build compliance-ready IR programs aligned with DORA and NIS2
• Extend security validation beyond tools to include real-world response

Register for the webinar: EMEA | NA

A new chapter in proactive defense

The launch of OpenAEV CE and EE marks an important milestone in Filigran’s journey, but it’s also part of something bigger: a collective shift in how the security community approaches exposure management and validation.

Together, we’re moving from testing in isolation to validating continuously.
From running tools to building resilience.
From simulation to Adversarial Exposure Validation.

Whether you’re using the Community Edition, exploring the Enterprise Edition, diving into the XTM Hub, or learning through the Filigran Academy, OpenAEV is here to help you stay ahead.

Join the journey.
Learn more about OpenAEV or connect with our community on Slack.