Flare Expands Identity-First Threat Intelligence Platform With Okta Integration and AI-Driven CTI Tools

Flare is pushing deeper into identity-first threat intelligence with a new set of platform expansions designed to help security teams investigate threats, validate exposed credentials, and turn intelligence into action from one place.

The Montreal-based cyber threat intelligence company announced expanded capabilities for Flare CTI, along with a new Okta integration for its Identity Exposure Management offering. The updates reflect a broader shift in enterprise security: threat intelligence is no longer just about tracking indicators, malware, or dark web chatter. Increasingly, the most urgent question for defenders is whether a real identity inside the business is exposed, compromised, or vulnerable to takeover.

“Security teams are under pressure to seal the most potent threat vector, breached identities, and take advantage of new advances in AI, all while managing increasingly complex environments,” said Serge-Olivier Paquette, chief product officer at Flare.

“Organizations need a clearer view of the real, concrete threats they face, the identities really at risk, and the actions they should take now. With these platform expansions, we’re bringing those capabilities together while helping customers prepare for a new generation of AI-assisted security operations.”

The expanded Flare CTI platform brings several core intelligence workflows into a single environment. Analysts can use an Intelligence Browser to research indicators of compromise, threat actors, tactics, techniques, and procedures across intelligence sources and entity relationships. The platform also adds AI-powered reporting for different internal audiences, sandbox and file analysis for suspicious files and URLs, and STIX/TAXII feeds that allow intelligence to flow into existing security systems.

For security teams juggling multiple tools for threat intelligence, investigation, reporting, and identity risk, the pitch is consolidation. Flare says the goal is to give analysts the surrounding context needed to identify relevant threats faster, while reducing the cost and friction of operating disconnected intelligence products.

The Okta integration extends that approach into live identity environments. Flare’s Identity Exposure Management platform can now validate exposed credentials and identity risks against Okta, helping security teams determine which accounts require urgent remediation. Okta joins Microsoft Entra ID as a supported identity provider, giving Flare coverage across two of the most widely used enterprise identity platforms.

That connection between external threat intelligence and internal identity infrastructure is becoming more important as attackers increasingly rely on stolen credentials, session abuse, phishing, and account takeover instead of traditional malware-heavy intrusion paths. By validating exposed credentials against active identity systems, security teams can prioritize real risk rather than chasing every leaked password or dark web mention with equal urgency.

Flare said its existing IEM offering has already been deployed by hundreds of organizations and has processed more than 25,000 automatic identity validations. The company framed the new Okta support as a step toward making identity exposure management a more operational part of cyber threat intelligence, not a separate workflow.

The launch follows recent industry recognition for Flare, including being named The Hacker News’ Most Innovative Cyber Threat Intelligence Platform and appearing in Gartner’s inaugural Magic Quadrant for Cyber Threat Intelligence. The company has positioned its differentiation around combining dark web identity collection with validation and remediation against corporate identity systems.

The larger message is clear: cyber threat intelligence is moving closer to identity security, and identity security is becoming more intelligence-driven. For enterprises trying to keep pace with credential theft, cloud identity sprawl, and AI-assisted security operations, Flare is betting that the next generation of CTI will be judged less by how much data it collects and more by how quickly it can show which identities are truly at risk.