SentinelOne opens Purple AI to all customers with autonomous threat investigations at machine speed

3 Sources

Share

SentinelOne launched Purple AI Agentic Investigation for all customers, enabling zero-click autonomous threat investigation that detects, analyzes and responds without human intervention. The capability addresses a critical bottleneck in security operations centers where investigation capacity has become the binding constraint, with alerts queuing for analyst availability while AI-powered threats intensify pressure on defenders.

SentinelOne opens Purple AI Agentic Investigation to address SOC capacity limits

SentinelOne opened its Purple AI Agentic Investigation capability to all customers this week, introducing autonomous threat investigation that operates without requiring an analyst to initiate the process

1

. The feature is available as a complimentary trial inside the company's Singularity Platform, where it can detect, investigate and respond to cybersecurity threats entirely on its own

2

. When a threat crosses a customer-defined threshold, Purple AI investigates, renders a verdict and stops the attack at machine speed while analysts maintain full visibility and control throughout the process.

Source: SiliconANGLE

Source: SiliconANGLE

The launch directly targets what SentinelOne identifies as the binding constraint in modern Security Operations Center environments: investigation capacity rather than threat detection. Detections climb with every new tool and expansion of the attack surface, but verdicts still wait on analyst availability, with coverage thinning during nights, weekends and surge periods

1

. "Today's security teams face more critical alerts than any staffing plan could investigate, and AI-powered threats are only going to make that worse," said Chris Corde, Chief Product Officer of SentinelOne

2

.

Zero-click investigations run on existing telemetry with no configuration required

The AI-driven capability operates as what SentinelOne calls "zero-click" investigations because they kick off automatically rather than waiting for someone to launch them

1

. Purple AI runs on telemetry already present in the Singularity Platform across endpoint, identity, cloud and third-party security data, requiring nothing to deploy, integrate or tune

3

. Activation takes a single click and no data leaves the platform during operation.

The software gathers evidence, correlates telemetry and builds the complete attack timeline, handing analysts a finished verdict to act upon rather than starting from an alert

3

. This approach scales investigation capacity without scaling headcount, freeing analysts for judgment calls, threat hunting and response decisions that require human expertise. Every verdict includes a complete, auditable evidence chain so analysts can review each step and outcome with confidence

2

.

Frontier AI models compress investigation timelines from hours to minutes

Under the hood, Purple AI employs a multi-model approach combining Anthropic Claude, OpenAI GPT and SentinelOne's proprietary Ultraviolet models to compress investigations that once consumed hours or days into minutes and seconds

1

. The frontier AI reasoning enables the system to bring human-level analytical capabilities to bear on critical threats automatically

2

.

Customers control how much autonomy to grant through an adjustable human-in-the-loop mechanism that scales to their confidence level and SOC maturity. Verdicts can trigger automated, policy-driven responses or simply prompt an analyst with recommended actions

3

. Activation remains admin-controlled, role-based and reversible at any time, with consumption guardrails keeping usage and cost in the hands of authorized personnel.

Singularity Credits introduced as unified currency for AI-powered work

Alongside the launch, SentinelOne introduced Singularity Credits, a unified currency customers draw down for AI-powered work across the Singularity Platform, including the new Agentic Investigation capability

1

. The company is granting a complimentary allotment of credits to trial the feature, with the trial running through Aug. 15 and requiring no payment method . After the trial ends, customers can purchase credits through partners, direct billing and e-commerce channels.

The launch deepens SentinelOne's position in a competitive market where it faces rivals including CrowdStrike and Microsoft. The company says it protects nearly one-fifth of the Fortune 500

1

. The move toward agentic investigations reflects broader industry recognition that AI-powered attacks will continue stretching the gap between detection capabilities and investigation capacity, making autonomous remediation capabilities increasingly critical for endpoint security and cloud security operations alike.

Today's Top Stories

© 2026 TheOutpost.AI All rights reserved