3 Sources
[1]
SentinelOne turns Purple AI loose to investigate threats on its own
SentinelOne turns Purple AI loose to investigate threats on its own SentinelOne Inc. today opened its Purple AI Agentic Investigations capability to all customers, adding autonomous threat investigation that runs without an analyst having to launch it. The feature is available this week as a free trial inside the company's Singularity Platform. It can work through a threat on its own, from spotting it to deciding what it is to acting on the verdict. When something crosses a threshold the customer sets, Purple AI digs in, reaches a conclusion and moves to shut the threat down and analysts can watch it happen and step in at any point. SentinelOne calls the feature "zero-click" because the investigation kicks off by itself rather than waiting for someone to open it. The pitch targets a specific bottleneck. Detections rise with every new tool and every expansion of the attack surface, but verdicts still wait on analyst availability and coverage thins on nights, weekends and during surges. SentinelOne argues that investigation capacity has become the real limit in most security operations centers, ahead of detection, and that AI-driven attacks will stretch that gap further. "Today's security teams face more critical alerts than any staffing plan could investigate and AI-powered threats are only going to make that worse," said Chief Product Officer Chris Corde. "Purple AI's Agentic Investigation capability is designed to remove that constraint by making investigations automatic, continuous and immediate." Purple AI runs on telemetry already in the Singularity Platform across endpoint, identity, cloud and third-party security data and SentinelOne says activation takes a single click with no data leaving the platform. The software gathers the evidence, ties the telemetry together and lays out how the attack unfolded, which hands the analyst a finished verdict to act on. Every verdict comes with an evidence chain that can be audited, and customers decide how much autonomy to grant through an adjustable human-in-the-loop control that can fire off automated responses or just suggest next steps. Under the hood, Purple AI uses a mix of models, combining Anthropic PBC's Claude, OpenAI Group PBC's GPT and SentinelOne's own "Ultraviolet" models to compress investigations that once took hours into minutes. Alongside the launch, SentinelOne introduced Singularity Credits, a single currency customers draw down for AI-powered work across the platform, including the new investigations. The company is granting a complimentary allotment of credits to trial the feature. The trial is now live in Singularity consoles for new and existing customers, requires no payment method and is planned to run through Aug. 15. After it ends, customers can buy credits through partners, direct billing and e-commerce. The launch deepens SentinelOne's bet on AI as the centerpiece of its platform in a security operations market where it goes up against the likes of CrowdStrike Holdings Inc. and Microsoft Corp. The company says it protects nearly one-fifth of the Fortune 500.
[2]
SentinelOne Opens Purple AI Agentic Investigation to All Customers, Bringing Frontier AI Directly Into the SOC
Zero-configuration, autonomously initiated investigations run inside customers' existing Singularity™ Platform workflows, detecting, investigating, and responding to threats at machine speed, and giving every analyst a force multiplier, with a full evidence chain behind every verdict SentinelOne® (NYSE: S), the AI security leader, today opened Purple AI Agentic Investigation to its customers and introduced Singularity Credits, a unified currency for running AI-powered work across the Singularity Platform. Starting this week, customers can opt into a complimentary trial of the newest capability from Purple AI, SentinelOne's autonomous security reasoning for the agentic SOC. That capability -- 'zero-click,' autonomously initiated investigations -- detects, investigates, verifies, and responds to threats without human dependencies. When a threat crosses a defined threshold, Purple AI investigates, renders a verdict, and stops it at machine speed, while analysts keep full visibility and control. The capability arrives as security teams confront a hard limit, not detection, but investigation capacity. Detections climb with every new tool and every expansion of the attack surface, alerts queue for attention, and verdicts wait on analyst availability, with coverage thinning on nights, weekends, and during surges. Frontier-AI-powered threats are poised to widen that gap further. "Today's security teams face more critical alerts than any staffing plan could investigate, and AI-powered threats are only going to make that worse," said Chris Corde, Chief Product Officer of SentinelOne. "Investigation capacity has become the binding constraint of the modern SOC: detections climb, alerts queue, and verdicts wait on analyst availability. Purple AI's Agentic Investigation capability is designed to remove that constraint by making investigations automatic, continuous, and immediate." Why SOC Teams Are Adopting Purple AI Agentic Investigation * Seamlessly integrated -- zero configuration, working from day one Purple AI is built into the Singularity Platform, not bolted onto it. The new Agentic Investigation capability runs on telemetry already in the platform across endpoint, identity, cloud, and third-party security data, as well as inside the automated workflows customers already use. There is nothing to deploy, integrate, or tune, and no data leaves the platform. Activation is a single click. * A force multiplier for every analyst Purple AI does the investigation work, collecting evidence, correlating telemetry, and building the attack timeline, so analysts start at the verdict instead of the alert. It scales a team's investigation capacity without scaling headcount, and frees analysts for the judgment, threat hunting, and response decisions that need a human. It is designed as an extension of the analyst: amplifying human defenders, not replacing them. * Fully audited -- governed autonomy, no black box Every verdict carries a complete, auditable evidence chain, so analysts can review each AI step and outcome with confidence. Customers set the degree of autonomy through an adjustable human-in-the-loop approach that scales to their confidence and SOC maturity. Verdicts can trigger automated, policy-driven responses, or prompt an analyst with recommended actions. Activation is admin-controlled, role-based, and reversible at any time, and consumption guardrails keep usage and downstream cost in the hands of those with the right authority. * Built on the most advanced reasoning in cybersecurity Purple AI is the reasoning brain and interface for the entire Singularity Platform. It brings human-level reasoning from advanced frontier-AI models to bear through a multi-model approach, combining Anthropic's Claude, OpenAI's GPT, and SentinelOne's proprietary "Ultraviolet" models to compress investigations that once took hours or days into minutes and seconds. For critical threats, investigations trigger automatically and deliver verdicts that can be acted on autonomously or by an analyst. The introduction of Singularity Credits Singularity Credits are a flexible, unified currency customers draw down across AI-powered work in the Singularity Platform, including Purple AI Agentic Investigation. To start, SentinelOne is granting customers a complimentary allotment of Credits to trial the capability. Delivering on the agentic SOC by amplifying defenders, not replacing them Agentic Investigation advances SentinelOne's vision of the agentic SOC: one where frontier-AI reasoning amplifies and scales human defenders rather than sidelining them. Purple AI acts as the brain and interface for the entire platform from simplifying querying, to recommending actions, to autonomously detecting, triaging, and stopping threats. Because it operates natively on AI, endpoint, identity, cloud, and third-party telemetry already in the Singularity Platform, it drives Singularity to be an agentic realization of the integrated security operations center (ISOC) category defined by Gartner.
[3]
SentinelOne Opens Purple AI Agentic Investigation to All Customers, Bringing Frontier AI Directly Into the SOC
SentinelOne opened Purple AI Agentic Investigation to its customers and introduced Singularity Credits, a unified currency for running AI-powered work across the Singularity Platform. Starting this week, customers can opt into a complimentary trial of the newest capability from Purple AI, SentinelOne?s autonomous security reasoning for the agentic SOC. That capability ? ?zero-click,? autonomously initiated investigations ? detects, investigates, verifies, and responds to threats without human dependencies. When a threat crosses a defined threshold, Purple AI investigates, renders a verdict, and stops it at machine speed, while analysts keep full visibility and control. Purple AI is built into the Singularity Platform, not bolted onto it. The new Agentic Investigation capability runs on telemetry already in the platform across endpoint, identity, cloud, and third-party security data, as well as inside the automated workflows customers already use. There is nothing to deploy, integrate, or tune, and no data leaves the platform. Activation is a single click. Purple AI does the investigation work, collecting evidence, correlating telemetry, and building the attack timeline, so analysts start at the verdict instead of the alert. It scales a team?s investigation capacity without scaling headcount, and frees analysts for the judgment, threat hunting, and response decisions that need a human. Every verdict carries a complete, auditable evidence chain, so analysts can review each AI step and outcome with confidence. Customers set the degree of autonomy through an adjustable human-in-the-loop approach that scales to their confidence and SOC maturity. Verdicts can trigger automated, policy-driven responses, or prompt an analyst with recommended actions. Activation is admin-controlled, role-based, and reversible at any time, and consumption guardrails keep usage and downstream cost in the hands of those with the right authority. Purple AI is the reasoning brain and interface for the entire Singularity Platform. It brings human-level reasoning from advanced frontier-AI models to bear through a multi-model approach, combining Anthropic?s Claude, OpenAI?s GPT, and SentinelOne?s proprietary ?Ultraviolet? models to compress investigations that once took hours or days into minutes and seconds. For critical threats, investigations trigger automatically and deliver verdicts that can be acted on autonomously or by an analyst. Singularity Credits are a flexible, unified currency customers draw down across AI-powered work in the Singularity Platform, including Purple AI Agentic Investigation. To start, SentinelOne is granting customers a complimentary allotment of Credits to trial the capability. The Purple AI Agentic Investigation trial is now available in Singularity Platform consoles. New and existing Singularity customers can opt in and begin running agentic investigations immediately. Investigations utilize Singularity Credits during the trial, but customers are not charged and no payment method is required. After the trial, customers can purchase Singularity Credits through partners, direct billing, and eCommerce.
Share
Copy Link
SentinelOne launched Purple AI Agentic Investigation for all customers, enabling zero-click autonomous threat investigation that detects, analyzes and responds without human intervention. The capability addresses a critical bottleneck in security operations centers where investigation capacity has become the binding constraint, with alerts queuing for analyst availability while AI-powered threats intensify pressure on defenders.
SentinelOne opened its Purple AI Agentic Investigation capability to all customers this week, introducing autonomous threat investigation that operates without requiring an analyst to initiate the process
1
. The feature is available as a complimentary trial inside the company's Singularity Platform, where it can detect, investigate and respond to cybersecurity threats entirely on its own2
. When a threat crosses a customer-defined threshold, Purple AI investigates, renders a verdict and stops the attack at machine speed while analysts maintain full visibility and control throughout the process.
Source: SiliconANGLE
The launch directly targets what SentinelOne identifies as the binding constraint in modern Security Operations Center environments: investigation capacity rather than threat detection. Detections climb with every new tool and expansion of the attack surface, but verdicts still wait on analyst availability, with coverage thinning during nights, weekends and surge periods
1
. "Today's security teams face more critical alerts than any staffing plan could investigate, and AI-powered threats are only going to make that worse," said Chris Corde, Chief Product Officer of SentinelOne2
.The AI-driven capability operates as what SentinelOne calls "zero-click" investigations because they kick off automatically rather than waiting for someone to launch them
1
. Purple AI runs on telemetry already present in the Singularity Platform across endpoint, identity, cloud and third-party security data, requiring nothing to deploy, integrate or tune3
. Activation takes a single click and no data leaves the platform during operation.The software gathers evidence, correlates telemetry and builds the complete attack timeline, handing analysts a finished verdict to act upon rather than starting from an alert
3
. This approach scales investigation capacity without scaling headcount, freeing analysts for judgment calls, threat hunting and response decisions that require human expertise. Every verdict includes a complete, auditable evidence chain so analysts can review each step and outcome with confidence2
.Under the hood, Purple AI employs a multi-model approach combining Anthropic Claude, OpenAI GPT and SentinelOne's proprietary Ultraviolet models to compress investigations that once consumed hours or days into minutes and seconds
1
. The frontier AI reasoning enables the system to bring human-level analytical capabilities to bear on critical threats automatically2
.Customers control how much autonomy to grant through an adjustable human-in-the-loop mechanism that scales to their confidence level and SOC maturity. Verdicts can trigger automated, policy-driven responses or simply prompt an analyst with recommended actions
3
. Activation remains admin-controlled, role-based and reversible at any time, with consumption guardrails keeping usage and cost in the hands of authorized personnel.Related Stories
Alongside the launch, SentinelOne introduced Singularity Credits, a unified currency customers draw down for AI-powered work across the Singularity Platform, including the new Agentic Investigation capability
1
. The company is granting a complimentary allotment of credits to trial the feature, with the trial running through Aug. 15 and requiring no payment method . After the trial ends, customers can purchase credits through partners, direct billing and e-commerce channels.The launch deepens SentinelOne's position in a competitive market where it faces rivals including CrowdStrike and Microsoft. The company says it protects nearly one-fifth of the Fortune 500
1
. The move toward agentic investigations reflects broader industry recognition that AI-powered attacks will continue stretching the gap between detection capabilities and investigation capacity, making autonomous remediation capabilities increasingly critical for endpoint security and cloud security operations alike.Summarized by
Navi
08 Aug 2024

28 Jan 2026•Technology

30 Sept 2025•Technology

1
Technology

2
Policy and Regulation

3
Policy and Regulation
