OneCon, SentinelOne’s annual event, focuses on both protecting AI workloads and using AI to protect organizations. The security player is expanding the capabilities of the Singularity Platform and has begun integrating the recently acquired companies Prompt Security and Observo AI.
Following the recent acquisition of Observo AI, SentinelOne is integrating this technology into the Singularity Platform. According to the company, the combination creates the only SIEM on the market with both pre-ingestion analytics and flexible data collection. This is made possible by Observo AI’s streaming architecture, which made it an attractive acquisition target for SentinelOne. This speed should enable agentic applications, allowing security work to be largely automated in real time. SentinelOne summarizes all this as an “AI-ready data pipeline.”
Integrations
SentinelOne is also launching four new products under the Prompt Security umbrella, also acquired by the former this year. These solutions are aimed at securing GenAI use within organizations. Prompt Security for Employees first and foremost offers real-time visibility and control over the use of AI tools by employees. The system supports more than 15,000 AI sites and aims to solve the notorious shadow AI problem, where employees use unauthorized AI tools. SentinelOne also offers similar protection against data breaches, DDoS attacks, and compromises for coding, AI applications, and AI agents.
This shows that protecting AI is not as exotic as it seems. Although the acquisition of Prompt Security was necessary to combine AI protection with the existing SentinelOne platform, the experience for security personnel should feel like a logical extension of what they were already familiar with.
Purple AI becomes more powerful
The AI analyst Purple AI is also receiving significant updates; today, it is referred to as an agentic solution due to its additional capabilities. The most important addition is in-line agentic auto-investigations with dynamic reasoning. This feature performs complete investigations, from alert assessments to impact analyses and recommended responses. With the latter, humans remain the ultimate decision-makers, while the manual work is taken away.
Purple AI integrates with Singularity Hyperautomation to execute pre-approved workflows. For example, the system can contact security personnel via Slack during investigations and propose a plan of action. Purple AI now also generates custom detection rules based on investigation results. All of this is intended to complement the expertise of security personnel. Because there is always a trade-off to be made, the specialist remains firmly in control of the security of his or her organization.
Openness via Model Context Protocol
SentinelOne is also making Purple AI accessible to external applications for the first time via an MCP Server. This feature acts as a universal interface between the Singularity Platform and other AI frameworks. Developers can use it to build custom agentic AI experiences with access to SentinelOne’s platform data. The Purple AI MCP Server is available open-source on GitHub starting today.