SentinelOne is applying Security Posture Management (SPM) to AI. While organizations can quickly adopt GenAI, data breaches often go unnoticed. By early 2025, every SentinelOne customer will be able to leverage AI-SPM, though early adopters are the only ones being given access initially.
As of 2024, 65% of organizations are using generative AI for at least one business function. SentinelOne notes that the three hyperscalers—AWS, Azure, and GCP—are facilitating this with easy-to-use tools for AI applications in the cloud.
But it’s not all smooth sailing. Ely Kahn, VP of Product Management at SentinelOne, acknowledges that the benefits of AI are “undeniable.” However, he warns, “The very tools and cloud services that simplify and accelerate GenAI adoption are simultaneously opening up a brand new attack surface and a potential regulatory risk.” AI-SPM aims to address these issues by safeguarding sensitive data used in these cloud applications.
Shadow AI
The problem often doesn’t lie with the hyperscalers. Organizations themselves introduce misconfigurations, enabling AI to access data it shouldn’t. AI-SPM acts as a safeguard in this regard: it detects all AI services, training, models, and pipelines running in Amazon SageMaker/Bedrock, Google Vertex AI, and Microsoft Azure OpenAI. Misconfigurations, potential attack paths, and other risks, such as insufficient data policies, can be identified using AI-SPM.
A layer above the entire infrastructure
AI-SPM fits within SentinelOne’s broader vision, which is somewhat unconventional in the security world. The company aims to protect the entire infrastructure of a business—a daunting task given the diverse nature of modern IT environments. AI, in particular, can extract data wherever it can, potentially accessing sensitive information like a CEO’s payroll details if given excessive permissions. To position itself as the sole security provider that prevents such issues, SentinelOne must achieve extensive visibility into IT environments.
This doesn’t mean the company is building everything from scratch. Through acquisitions (such as PingSafe) and integrations, SentinelOne aims to gain the insights required to protect organizations fully. Or, as CEO Tomer Weingarten recently told Techzine: “The goal is not to build the largest security vendor. What I do care about is being able to prove that it is possible to build a company differently.”
Read more: SentinelOne CEO wants to prove that things can (and should) be different in the security industry