Zero-configuration, autonomously initiated investigations run inside
customers’ existing Singularity™ Platform
workflows, detecting, investigating, and responding to threats at machine
speed, and giving every analyst a force multiplier, with a full evidence
chain behind every verdict
MOUNTAIN VIEW, Calif. — June 17, 2026 — SentinelOne® (NYSE:
S), the AI security leader, today opened
Purple AI Agentic Investigation
to its customers and introduced Singularity Credits, a
unified currency for running AI-powered work across the Singularity
Platform. Starting this week, customers can opt into a complimentary trial
of the newest capability from Purple AI, SentinelOne’s autonomous security
reasoning for the agentic SOC. That capability — ‘zero-click,’ autonomously
initiated investigations — detects, investigates, verifies, and responds to
threats without human dependencies. When a threat crosses a defined
threshold, Purple AI investigates, renders a verdict, and stops it at
machine speed, while analysts keep full visibility and control.
The capability arrives as security teams confront a hard limit, not
detection, but investigation capacity. Detections climb with every new tool
and every expansion of the attack surface, alerts queue for attention, and
verdicts wait on analyst availability, with coverage thinning on nights,
weekends, and during surges. Frontier-AI-powered threats are poised to widen
that gap further.
“Today’s security teams face more critical alerts than any staffing plan
could investigate, and AI-powered threats are only going to make that
worse,” said Chris Corde, Chief Product Officer of SentinelOne. “Investigation capacity has become the binding constraint of the modern
SOC: detections climb, alerts queue, and verdicts wait on analyst
availability. Purple AI’s Agentic Investigation capability is designed to
remove that constraint by making investigations automatic, continuous, and
immediate.”
Why SOC Teams Are Adopting Purple AI Agentic Investigation
-
Seamlessly integrated — zero configuration, working from day one
Purple AI is built into the Singularity Platform, not bolted onto it. The
new Agentic Investigation capability runs on telemetry already in the
platform across endpoint, identity, cloud, and third-party security data,
as well as inside the automated workflows customers already use. There is
nothing to deploy, integrate, or tune, and no data leaves the platform.
Activation is a single click.
-
A force multiplier for every analyst
Purple AI does
the investigation work, collecting evidence, correlating telemetry, and
building the attack timeline, so analysts start at the verdict instead of
the alert. It scales a team’s investigation capacity without scaling
headcount, and frees analysts for the judgment, threat hunting, and
response decisions that need a human. It is designed as an extension of
the analyst: amplifying human defenders, not replacing them.
-
Fully audited — governed autonomy, no black box
Every verdict carries a complete, auditable evidence chain, so analysts
can review each AI step and outcome with confidence. Customers set the
degree of autonomy through an adjustable human-in-the-loop approach that
scales to their confidence and SOC maturity. Verdicts can trigger
automated, policy-driven responses, or prompt an analyst with recommended
actions. Activation is admin-controlled, role-based, and reversible at any
time, and consumption guardrails keep usage and downstream cost in the
hands of those with the right authority.
-
Built on the most advanced reasoning in cybersecurity
Purple AI is the reasoning brain and interface for the entire Singularity
Platform. It brings human-level reasoning from advanced frontier-AI models
to bear through a multi-model approach, combining Anthropic’s Claude,
OpenAI’s GPT, and SentinelOne’s proprietary “Ultraviolet” models to
compress investigations that once took hours or days into minutes and
seconds. For critical threats, investigations trigger automatically and
deliver verdicts that can be acted on autonomously or by an analyst.
The introduction of Singularity Credits
Singularity Credits are a flexible, unified currency customers draw down
across AI-powered work in the Singularity Platform, including Purple AI
Agentic Investigation. To start, SentinelOne is granting customers a
complimentary allotment of Credits to trial the capability.
Delivering on the agentic SOC by amplifying defenders, not replacing
them
Agentic Investigation advances SentinelOne’s vision of the agentic SOC: one
where frontier-AI reasoning amplifies and scales human defenders rather than
sidelining them. Purple AI acts as the brain and interface for the entire
platform from simplifying querying, to recommending actions, to autonomously
detecting, triaging, and stopping threats. Because it operates natively on
AI, endpoint, identity, cloud, and third-party telemetry already in the
Singularity Platform, it drives Singularity to be an agentic realization of
the integrated security operations center (ISOC) category defined by Gartner.
Availability & access
The Purple AI Agentic Investigation trial is now available in Singularity
Platform consoles. New and existing Singularity customers can opt in and
begin running agentic investigations immediately. Investigations utilize
Singularity Credits during the trial, but customers are not charged and no
payment method is required. After the trial, customers can purchase
Singularity Credits through partners, direct billing, and eCommerce.
About SentinelOne
SentinelOne (NYSE: S) is the leader in AI security, setting the standard for
using AI and automation to give defenders a decisive operating advantage.
Built for those who secure our world, its platform delivers unified coverage
across endpoints, identity, cloud, and AI. Powered by Autonomous Security
Intelligence, SentinelOne stops attacks at machine speed, reducing risk and
delivering clarity and control to stay one step ahead. Headquartered in
Mountain View, California, with teams worldwide, SentinelOne protects nearly
one-fifth of the Fortune 500 and hundreds of Global 2000 enterprises. From
Main Street to Wall Street, the world’s most critical organizations trust
SentinelOne with their security.
All third-party product names, logos, and brands mentioned in this
publication are the property of their respective owners and are for
identification purposes only. Use of these names, logos, and brands does
not imply affiliation, endorsement, sponsorship, or association with the
third party.
Media Contact
Regan DePinto
press@sentinelone.com