We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Abstract image representing cybersecurity

Research Note: IBM Autonomous Threat Operations Machine (ATOM) & Predictive Threat Intelligence

At RSAC 2025, IBM introduced new agentic AI capabilities to its managed security services portfolio, focusing on autonomous threat detection and response. The two key offerings are the Autonomous Threat Operations Machine (ATOM) and X-Force Predictive Threat Intelligence (PTI).

ATOM provides autonomous threat triage, investigation, and remediation within IBM’s Threat Detection and Response services, while PTI leverages industry-specific AI models to generate predictive threat intelligence.

Autonomous Threat Operations Machine

ATOM is an AI-driven orchestration engine within IBM’s Threat Detection and Response (TDR) services. It employs a multi-agent architecture that augments existing security analytics platforms to:

  • Accelerate threat detection through automated alert analysis
  • Enrich and contextualize security incidents
  • Perform risk assessment on identified threats
  • Create and execute investigation plans autonomously
  • Implement remediation actions with minimal human intervention
  • Enhance analyst experience through workflow automation

ATOM operates as a vendor-agnostic digital operator, integrating with security solutions from IBM and partners, including Google Cloud and Microsoft. This flexibility allows it to function within diverse security environments without requiring wholesale replacement of existing security tools.

X-Force Predictive Threat Intelligence

The X-Force PTI agent for ATOM combines AI analysis with human expertise to deliver proactive threat intelligence.

Its capabilities include:

  • Integration of over 100 data sources, including X-Force Threat Intelligence, open-source feeds, APIs, and customer-specific context
  • Proprietary AI foundation models trained specifically on cybersecurity data
  • Generation of tailored, contextualized threat intelligence
  • Production of actionable threat hunt queries customized to the organization’s environment
  • Focus on indicators of behavior rather than just indicators of compromise
  • Synthesis of disparate information into coherent intelligence reports

The solution identifies potential threats based on adversary behavior patterns before they manifest as attacks, providing organizations with a proactive security posture.

Impact to IT Organizations

IBM’s new cybersecurity capabilities bring several operational benefits to IT organizations and security teams:

  • Reduction in alert triage workload through autonomous processing
  • Decreased time spent on false positives and low-priority alerts
  • Enhanced threat investigation capabilities through automated enrichment
  • Accelerated incident response through orchestrated remediation
  • Improved threat-hunting efficiency with customized queries
  • Better allocation of scarce security talent to high-value activities

Analysis

IBM is positioning ATOM and PTI as force multipliers for security operations rather than replacements for human analysts. The offerings target medium to large enterprises struggling with security talent shortages and increasing threat complexity.

The vendor-agnostic approach differentiates IBM from security platform vendors that require the adoption of their entire ecosystem. Its integration with IBM’s consulting services provides an additional differentiation point, offering implementation support that pure technology vendors may lack.

The emphasis on predictive capabilities and autonomous operation places these offerings at the leading edge of security operations technology,

While the technology shows promise, organizations should approach implementation with measured expectations. The autonomous capabilities will deliver the greatest value in environments with mature security programs and clearly defined operational processes.

The market for AI-driven security operations tools remains dynamic, with rapid innovation from both established vendors and startups. With ATOM and PTI, IBM delivers a compelling set of capabilities.

Competitive Outlook & Advice to IT Buyers

These sections are only available to NAND Research clients and IT Advisory Members.. Please reach out to info@nand-research.com to learn more.

Related Research

Picture of Steve McDowell

Steve McDowell

Steve McDowell is Principal Analyst and founder of NAND Research. Steve covers all things enterprise infrastructure, with a particular emphasis on data and storage .

Disclosure: The author is an industry analyst, and NAND Research an industry analyst firm, that engages in, or has engaged in, research, analysis, and advisory services with many technology companies, which may include those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2025 All rights reserved