New release gives CTI teams deeper investigative power and SOC teams the decisioning layer to act on it — 300 times faster than traditional workflows, regardless of how they deploy
REDWOOD CITY, Calif., May 5, 2026: Somewhere right now, a security analyst is triaging alerts at two in the morning — not because there are more threats, but because there is no system helping them decide which ones matter. Anomali, whose intelligence solution has been trusted by global enterprises and government organizations for over a decade, today announced Anomali ThreatStream Next-Gen to change that. Available both as a standalone intelligence solution and embedded within the Anomali Unified Security Data Lake, ThreatStream Next-Gen makes threat intelligence the active, decisioning layer inside every security workflow — validated at 300 times faster than traditional investigation workflows across 50 enterprise deployments.
Most security platforms were built to detect. Anomali was built to decide. Where others treat intelligence as a feed to be consumed, Anomali has spent years making it structural — the connective tissue between raw security data, analyst judgment, and response action. ThreatStream Next-Gen is the culmination of that work: an intelligence layer that doesn’t just inform decisions, but drives them, with context on attackers and campaigns, AI-generated prioritization, and recommended next actions delivered when they’re needed. Anomali built the answer before anyone knew how urgent the question would become.
“Attackers move fast, targeting identity and exploiting behavior — often closing windows in hours. We close them faster. ThreatStream Next-Gen is the intelligence layer that competitors can’t replicate, because it’s not a bolt-on — it’s the core of everything we build, including our current innovation in agentic AI. By owning the decisioning layer between intelligence and action, we give security teams something they’ve never had before: the ability to respond at the speed of threats.”
— Ahmed Rubaie, CEO, Anomali
ONE INTELLIGENCE LAYER. TWO DEPLOYMENT MODES.
AGENTIC AI — EMBEDDED IN BOTH DEPLOYMENTS
Operational intelligence is what makes Anomali’s agentic AI work — in both deployments, AI acts on a foundation of real threat context, not raw data alone. ThreatStream Next-Gen ships today with autonomous triage, scoring, and investigation steps (agentic levels 1 and 2), available across ThreatStream Next-Gen and the Anomali Data Lake. Autonomous response capabilities — levels 3 through 5 — are in active development, with ThreatStream Next-Gen reaching full agentic autonomy by August 2026 and the Data Lake following in 2027. The architecture is already in place. The autonomy is being released deliberately, with configurable analyst oversight at every stage.
In short: an intelligence foundation designed to make agentic AI work.
In most security operations, the bottleneck is not data — it is deciding what matters and what to do next. CTI analysts spend hours curating and contextualizing intelligence; SOC analysts spend hours stitching that context across tools to validate alerts and determine response. ThreatStream Next-Gen closes that gap: five new capabilities that carry intelligence all the way from production to action, without losing fidelity at the handoff.
- Priority Intelligence Requirements (PIRs) automate recurring intelligence questions, ensuring consistent monitoring of the threats that matter most to your organization — without analyst intervention on every cycle.
- Command Center provides a live, prioritized view of relevant threats, so analysts spend less time triaging noise and more time acting on signal.
- Intelligence Search connects indicators, threat models, and campaigns with AI-generated context — compressing multi-hour investigations to minutes.
- Case Management keeps investigations and response workflows synchronized, preserving full context from first signal to final resolution.
- Reporting translates technical findings into clear stakeholder outputs — no manual reformatting, no context lost in translation.
WHAT CUSTOMERS ARE SAYING
“The best platform we’ve seen that allows us to tag our own intelligence, apply confidence ratings, and collaborate with other intel sources to get a clearer picture of attacker infrastructure at play in cyberattacks.” — Cybersecurity specialist, critical public sector organization
“Anomali has changed how we utilize threat intel data. It’s the foundation of our cyber fusion approach — connecting real-time threat intelligence, operational security, and vulnerability management in one place.” — Security leader, $30B U.S. retailer
“We had years of telemetry we couldn’t make useful. The moment we embedded ThreatStream into the Anomali Data Lake, that data became an intelligence asset — our analysts stopped chasing false positives and started doing the work they became security professionals to do.” — CISO, global financial institution
ThreatStream Next-Gen is available now for both standalone and Anomali Data Lake deployments. To learn more or request a demo, visit anomali.com/products/threatstream
About Anomali
Anomali has made operational intelligence the foundation of a full security operations platform over the last five years. The Anomali Data Lake and ThreatStream Next-Gen work together to connect raw security data, threat context, and AI-driven decisioning in one place — giving security teams the ability to detect, investigate, and respond without the complexity of stitching together fragmented tools. Most platforms were built to detect. Anomali was built to decide. Trusted by Fortune 500 enterprises and government organizations worldwide. Headquartered in Redwood City, CA, with offices across Europe, the Middle East, and Asia Pacific. anomali.com
Media Contact
Jean Creech Avent
Senior Director, Global Communications and Media Relations
Anomali
jcreechavent@anomali.com