🔥 🟣 Purple AI is here and now generally available! To learn more about the industry’s leading AI security analyst, watch the video below.
👉 Ready to transform your security operations? Get a demo: sentinelone.com/platform/purpl…
Call it what you want: Autonomous SOC, Agentic SOC, AI SOC.
The vision is the same. The reality varies wildly by organization and by team. As we said 18 months ago, the Autonomous SOC is a journey, not a destination. .
A lot has changed in those 18 months. Some core foundational
Endpoints are where most attacks start. IDC measured what effective endpoint protection is worth.
A new IDC Report measures what SentinelOne Singularity Endpoint delivers. IDC interviewed seven organizations across seven industries independently.
Inside the report:
- The
Five years ago, we started a conference with a single conviction: the research should speak for itself.
Five years later, we have our answer. A real research-led community.
@labscon_io 2026 is the final chapter, with the strongest program yet. Researchers, defenders, and the
Law enforcement dismantled malware and scam infrastructure, a North Korean macOS implant disrupted AI analysis tools, and attackers exploited two high-severity vulnerabilities in Cisco edge devices.
This is the Good, Bad & Ugly. ⬇️
✅ GOOD
- Authorities dismantled the Amadey
AI is reshaping both the threat landscape and how security teams respond. SentinelOne co-founder and CEO Tomer Weingarten joins @Bloomberg Intelligence analyst Mandeep Singh on Tech Disruptors to discuss securing AI agents, the role of LLMs in the modern SOC, and how M&A and
@LabsSentinel analyzed macOS.Gaslight, a DPRK-aligned Rust implant. It gaslights the AI reading the output.
Embedded inside the binary: a 3.5 KB prompt-injection payload. 38 fabricated "system" messages built to steer an LLM-assisted triage pipeline into aborting or refusing its
At the time of writing: 0/61 detections on VirusTotal.
The rest of the tradecraft is hardened:
- C2 runs over Telegram, AES-GCM encrypted, certificate-pinned TLS
- The bot token self-redacts, leaving only a placeholder in logs and crash artifacts
- Python stealer harvests
macOS.Gaslight uses a 38-message cascade that spoofs the triage harness's own prompt scaffold. The boundary blurs.
Anyone building LLM-assisted analysis pipelines: treat what you're triaging as adversarial input. Always.
Full analysis from SentinelLABS:
As a partner in @OpenAI's Daybreak Cyber Partner Program, SentinelOne is bringing GPT-5.5 into our offerings, starting with Wayfinder Frontier AI Services, to give security teams faster investigation, sharper prioritization, and earlier risk identification across the threats that
Law enforcement dismantled massive phishing and malware networks, a ransomware cartel abused Microsoft Teams infrastructure, and a state-sponsored group targeted medical research data.
This is the Good, Bad & Ugly. ⬇️
✅ GOOD
- Authorities dismantled Outsider Enterprise, a
Threats are accelerating. Frontier AI is re-writing the rules. One conference keeps you ahead.
While other conferences traffic in ideas, OneCon delivers real-world outcomes. Unlock the skills, insights, and clarity to innovate safely and gain the advantage in a new age of
Monitor, secure, and govern AI agents at scale: SentinelOne is a launch partner for @awscloud's new Amazon Bedrock AgentCore 3P Guardrails for AI agents. @prompt_security capabilities are now natively embedded in AgentCore.
Every organization building and running AI agents on
Purple AI is bringing frontier-AI into the modern agentic SOC.
In today’s SOC, detections increase. Alerts queue. Verdicts wait on analyst availability. Coverage drops on nights, weekends, and during surges.
Investigation capacity is the binding constraint of the modern SOC.
🌟 SentinelOne is named a Major Player in the 2026 IDC MarketScape for Worldwide SIEM Platforms
The rise of the agentic SOC requires a fundamentally new, AI-native approach to threat detection, investigation and response. SentinelOne’s Singularity AI SIEM brings together the