AI coding assistants are no longer just autocompleting lines of code, they are quietly making decisions for you. Tools like Claude Code are able to read projects, plan multi-step changes, install dependencies, and modify files with minimal human oversight. To make this possible, these assistants rely on plugin marketplaces, where third-party developers can enable βskillsβ that teach the agent how to manage infrastructure, testing, and dependencies. Though powerful, the model requires a high degree of trust, thus bringing with it a new set of risks.
At a first glance, third-party marketplace plugins are harmless productivity boosters. Connect a marketplace and enable a plugin so your coding assistant becomes smarter about your stack. However, beneath the convenience is a security blind spot: These same skills often run with extremely high privilege and very little transparency on how they make decisions or where the code and dependencies are coming from. The code issue isnβt prompt manipulation or social engineering β itβs compromised automation.
A full technical blog post by SentinelOneβs own Prompt Security team breaks down how a single benign-looking plugin from an unofficial marketplace exposes a dependency management skill. When the developer asks the agent to install a common Python library, that skill quietly redirects the install to an attacker-controlled source, ensuring a trojanized version of the library is pulled into the project. While nothing looks wrong β the library imports cleanly, the example code runs without error β malicious code is now embedded into the environment, capable of exfiltrating secrets, monitoring traffic, or lying dormant until it is triggered at a later time.
What makes this especially concerning is persistence. Marketplace plugins are not one-off interactions. Once enabled, their skills remain available across sessions and will continue to shape how the agent behaves in the future. Rather than a βbad promptβ, this effect is more like compromising your package manager itself.
As AI-driven development workflows accelerate, plugin marketplaces and third-party skills are now part of the software supply chain whether teams realize it or not. If your coding assistant can fetch and execute code on your behalf, every plugin installed joins your trust boundary.
Read the full blog post here for a detailed walkthrough of the attack mechanics and learn why dependency skills are such a powerful, but under-modeled, risk.
Third-Party Trademark Disclaimer:
All third-party product names, logos, and brands mentioned in this publication are the property of their respective owners and are for identification purposes only. Use of these names, logos, and brands does not imply affiliation, endorsement, sponsorship, or association with the third-party.
This is an era defined by relentless pressure on cybersecurity professionals. As environments and attack surfaces have expanded, endpoint, cloud, identity, and now AI signals continue to pile up faster than teams can interpret them. Meanwhile, rapidly evolving TTPs, fueled by ransomware-as-a-service (RaaS) and other off-the-shelf tooling have enabled motivated threat actors to move with the sophistication and speed of the most advanced nation state adversaries.
With defenders stretched thin, actors are using these advanced techniques to hide behind operational noise. And, while handling alert fatigue isnβt enough, even mature teams can struggle to confront advanced persistent threats, especially those that specialize in evasion and long-term access.
Addressing these new realities requires reimagining defenses β new strategies to unify signals, eliminate the noise, augment human capacity, and truly prepare for incidents long before they happen. This requires more than just better tools. It requires a full shift in how detection and response is delivered.
Our Ethos | Defense Through AI, Intelligence & Human Experts
Wayfinder TDR is built on a foundational belief: True cyber resilience emerges from the fusion of AI, intelligence, and world-class human expertise β not from any single component in isolation.
Modern adversaries evolve too quickly, hide too effectively, and move too fluidly for traditional service models to keep up. Automated systems can miss subtle behaviors and human teams alone cannot keep pace with the scale of telemetry, meaning generic threat feeds are no longer the right solution. True defense requires three pillars working in concert.
Intelligence provides the early warning β timely, curated, contextual insight into an attackerβs behavior and tactics. SentinelOne integrates Google Threat Intelligence (GTI), one of the most powerful and comprehensive intelligence sources in the world, directly into every part of Wayfinder. It delivers a level of global threat visibility previously available only to a small set of elite organizations. This data is combined with our SentinelOne intelligence for an unparalleled set of threat content previously unseen in cybersecurity.
AI then transforms that intelligence and raw telemetry into actionable outcomes. SentinelOneβs industry-leading Purple AI engine automates triage, accelerates investigation, enriches findings with context, and closes the gap between detection and action. AI allows Wayfinder experts to cut through overwhelming volumes of data and surface what actually matters to the operation.
Finally, human expertise applies the experience and ingenuity to understand and act on whatβs uncovered. Across 16 countries, SentinelOneβs team of threat hunters, analysts, incident responders, and strategic advisors bring decades of hands-on experience with the worldβs most sophisticated adversaries. This combined knowledge closes gaps that machines alone cannot see, validating ambiguous signals and guiding customers through moments of uncertainty with clarity and confidence.
Wayfinder deepens this philosophy by combining elite human expertise with agentic, AI-powered threat hunting and investigations. This multi-layered human and AI model brings a level of defense that neither humans nor machines can achieve alone. We believe that the future of AI security is one that elevates β rather than replaces β human defenders, arming them with the speed of automation and the insights of global intelligence.
Wayfinder Threat Detection & Response is a unified portfolio designed to meet organizations where they are. From automated hunting and 24/7/365 MDR to high-touch advisory services during crises, each Wayfinder offering can either stand alone, or bring a comprehensive and adaptive defense program together.
These services deliver end-to-end coverage across preparation, detection, investigation, response, and recovery, ensuring customers are supported through every phase of the threat lifecycle.
Wayfinder Threat Hunting
Threat hunting is the foundation of the portfolio, delivering always-on, fully automated hunts powered by GT, SentinelOneβs threat intelligence, and enriched by SentinelOne experts. It continuously scans customer environments for emerging attacker infrastructure, high-confidence indicators of compromise, and evolving techniques.
Wayfinder Threat Hunting is unique in that it requires no manual tuning, no scheduled queries, and no analyst scripting. Intelligence updates stream directly into the system and are matched against customer telemetry with contextual attribution β threat actor, campaign, and MITRE mapping all included. Findings immediately feed into MDR workflows for rapid investigation and response.
This eliminates blind spots that attackers rely on and brings dynamic, intelligence-led coverage to every organization, regardless of staffing or maturity level.
Wayfinder MDR Essentials
MDR Essentials delivers enterprise-grade, always-on XDR coverage across endpoints, cloud environments, identity providers, and supported partner services. It provides continuous monitoring, triage, investigation, and response, powered by SentinelOne analysts, AI-driven inference, and threat hunting insights. Using curated intelligence from both SentinelOneβs AI-driven alerting and triage and Google Threat Intelligence, get rapid insight and protection at scale.
MDR Essentials is built for organizations that want strong, immediate defense without operational complexity. Onboarding and activation are simple and swift while coverage is unified through the Singularity Platform. Customers benefit from 24/7 protection, rapid containment, and detailed guidance without needing to expand internal teams.
With MDR Essentials, organizations finally get the confidence that cyber experts are watching every signal, every hour, across every critical surface.
Wayfinder MDR Elite
Wayfinder MDR Elite extends the Essentials experience with a premium, high-touch operating model for organizations that are looking for deeper partnership, strategic alignment, and more proactive readiness and response. Every MDR Elite customer receives a dedicated Threat Advisor, an expert who becomes embedded in their security program, and offers hands-on guidance, operational reviews, and tailored risk management recommendations.
Elite also provides bundled access to SentinelOneβs DFIR specialists, enabling advanced investigations, malware analysis, and targeted forensics. As well, Elite customers receive a built-in Incident Readiness & Response (IRR) retainer, ensuring they have pre-approved hours available for compromise assessments, breach simulations, preparedness workshops, and expert counsel during major incidents.
For teams that want not just coverage but clarity, Elite becomes a trusted extension of their leadership and decision-making process.
Wayfinder Incident Readiness & Response
Wayfinder IRR creates a foundation of preparedness that many organizations simply do not have today. With a renewable pool of hours, customers can proactively strengthen their posture or engage experts during high-pressure moments.
The key to this offering is flexibility. Use those hours to get immediate, 24/7/365 access to elite DFIR specialists that respond effectively and compliantly to critical incidents. Or use hours for breach readiness exercises and compromise assessments to uncover hidden risks and improve your security posture and readiness.
Wayfinder IRR experts act as a trusted partner who can guide organizations through high-pressure moments before, during, and after a breach to build confidence, clarity, and resilience. Expert-led exercises, simulations, and advisory services will transform theoretical security plans into reliable, tested incident response capabilities. And when incidents do occur, our team will not only contain, investigate, and stop the breach in its tracks, but will reconstruct attacker activity to understand the βhowβ and βwhatβ of an incident, identifying compromised accounts, exfiltrated data, and affected systems.
Wayfinder Emergency Response
For organizations experiencing an active breach without a retainer in place, Wayfinder Emergency Response provides urgent access to a 40-hour block of DFIR expertise. It enables rapid containment, adversary eviction, hands-on investigation, and guidance during critical situations.
Our expertsβ deep platform expertise speeds investigations and delivers critical evaluations such as rapid Root Cause Analysis, malware reverse engineering, IOC analysis, and more. With Wayfinder Emergency Response, achieve complete incident control with rapid threat containment, root cause analysis, and privileged, counsel-driven investigative support with defensible reporting. This ensures that all organizations have an expert-led lifeline supported by AI-driven analysis and Google-enhanced intelligence during the most critical moments.
Our Vision | Redefining Managed Services for the AI Era
For years, organizations have been forced to choose between generic intelligence feeds, siloed MDR services, and incomplete incident response retainers. These make for complex in-house responsibilities since point solutions only offer bolt-ons rather than cohesive strategies. AI was under utilized. Human expertise was expensive, inconsistent, or inaccessible. We set out to eliminate the fragmentation that leaves so many organizations exposed.
SentinelOneβs Wayfinder TDR services break that cycle by unifying agentic AI, elite human operators, and unmatched threat intelligence insights into a single, adaptive defense fabric. The result? A portfolio that not only responds to threats but proactively seeks them out, contextualizes them, and then empowers organizations to act with precision and speed.
It stands alone in merging together the deep integration of GTI, operational automation driven by AI, and the global scale of human expertise. Instead of stitching together disparate solutions, Wayfinder is purpose-built to streamline telemetry, intelligence, and human insight into a coherent defense program.
This shift matters as modern adversaries are no longer linear nor predictable β theyβre fluid. They adapt rapidly. And, they exploit operational complexity. To reduce that complexity, Wayfinder closes detection gaps and reduces the noise while ensuring that experts are available before, during, and after any incident.
This is a fundamental redefinition of what managed security can achieve when human ingenuity and agentic AI move in sync. Aligning intelligence, technology, and human judgment in a single adaptive defense, Wayfinder raises the bar for what true managed security must deliver.
Conclusion | Proactive & Scalable Defense Starts Now
The future of cybersecurity belongs to organizations that can see farther ahead, move faster, and act with confidence. Attackers are only becoming more automated and opportunistic, meaning SOCs need more than tools β they need a combination of the right intelligence translated by trusted experts and partnership when incidents arise.
As announced at OneCon 2025, Wayfinder joins human expertise, agentic AI, and Google Threat Intelligence to deliver a multi-layered human + AI defense model that helps customers fill in their skill gaps, elevate teams, and strengthen their posture immediately.
Wayfinder TDR is the next evolution of SentinelOneβs services portfolio, combining threat hunting, managed detection, and incident response into a force multiplier to empower organizations in regaining control and reducing daily risk.
Shift the advantage back to the defending side with Wayfinder β watch an overview here and book a demo to get started.
Every major technology revolution begins the same way: Promise, panic, and potential.
The internet gave us connection. Cloud gave us scale. AI is giving us cognition β systems that can reason, decide, and act.
Firewalls helped the internet era. Workload protection helped the cloud era. And, in the AI era, you have AI Security.
This is a new field and frontier that requires mastering two disciplines at once.
Security for AI β Governing and protecting the usage of AI itself. Models, data, agents, and the users and developers who rely on them. In many cases, this is also done by AI.
AI for Security β Applying agentic AI and machine learning to solve todayβs biggest cybersecurity challenge: Staying ahead of AI-powered attacks by detecting, investigating, and responding at machine speed.
Most importantly, in this era, the architecture and infrastructure needed to truly benefit from AI will be the determining factor to successfully secure it. Quality of data, inclusivity of data, cardinality, and latency will be critical, as will be the tools and technologies facilitating those.
At OneCon 2025, we are laying out a practical path to secure this new world. The opportunities AI creates, the risks it introduces. The strategy and product innovation you can put to work today to accelerate and de-risk your AI journey.
AI: Business Accelerant & New Attack Surface
The need for these dual disciplines is driven by the rapid increase in AI usage itself β both by good and bad forces.
AI is accelerating everything. It is transforming how businesses operate, how employees work, and how attackers adapt. Across every single industry, AI is becoming embedded into processes, tools and workflows in every team. Marketing teams use it to generate content. Developers use it to write code. Legal, HR and finance all use it to summarize and automate tasks. AI is now woven into the very fabric of how organizations think and operate.
While holding incredible potential benefits, this transformation is also introducing massive new security risks. Traditional security controls are blind to the data that employees are entering into 3rd-party AI models. Security teams lack visibility into the growing ecosystem of AI tools and assistants spreading across every single enterprise. AI-based browsers that integrate chat or summarization features create new pathways for data exposure. And the rise of Model Context Protocol (MCP) servers that connect agents to agents introduces an entirely new layer of risk that most organizations are not equipped to monitor or govern today.
Meanwhile, adversaries are evolving just as quickly. They are using AI to increase efficiency, precision, and their reach. Non-native English speakers can now craft a convincing, localized spearphishing campaign in minutes. LLMs are being used to write polymorphic malware that mutates faster than traditional defenses can react. Attackers are automating their reconnaissance, identifying vulnerabilities through natural language interfaces, and even embedding AI models directly inside malware to adapt in real time.
The result is a security gap that spans both sides of the equation β on one side, AI as a catalyst for real business innovation and, on the other, AI as an enabler of attack and massive risk exposure.
Building Security in the Age of AI: Three Critical Principles
Protecting this new world requires visibility, intelligent automation, and governance that can move at the same speed as AI itself. In solving for that, we believe in a simple yet critical guiding philosophy to delivering effective AI Security β three critical principles that inform everything that we build and anchor any platform-level defense.
Intelligence Over Rules β Security must think, not react. Static signatures and brittle logic canβt match the velocity of modern threats. True protection emerges when AI continuously learns, reasons, and adapts β detecting intent, not just pattern.
Autonomy with Accountability β Machines should act at machine speed, but always within human-defined guardrails and system supervision. The future of defense is autonomous, but never ungoverned where AI decisions remain explainable, traceable, and aligned with human values.
Unity of Data, Context, and Action β Effective AI security fuses signals from endpoints, identities, and clouds into one coherent understanding. Insight without context is noise; action without context is chaos. The synthesis of both creates real-time, end-to-end resilience.
These principles map directly to the questions customers ask us every day.
How do I better defend my organization?
How do I outpace threats?
How do I get the most from my people and partners?
SentinelOneβs AI Advantage
When it comes to making AI Security real today, SentinelOne is in a unique position. We have been AI-native since day one. Automation has been foundational from the start, not a bolt-on. And, weβve been using agentic approaches and workflows in live security environments before it became the buzzword du jour.
At launch, we were among the first to apply machine learning to malware detection and prevention. That broke the decades-old pattern of pushing static signatures to endpoints many times a day. Instead of distributing new rules after every outbreak, we trained lightweight predictive models that identified malicious behavior on their own. That meant detecting never-before-seen threats in real time at massive scale.
That innovation reshaped endpoint security and set the foundation for what followed. The same principles of data-driven models, autonomous decision making, and behavioral analytics evolved into the Singularity Platform and now power Purple AI, our agentic system that changes how analysts detect, investigate, and respond. Together, they extend protection and intelligence across endpoint, identity, cloud, and AI. It is an entire platform built on and enhanced by AI. This is how we keep our customers safe: By delivering real time security that is predictive and adaptive, at planet scale.
This year we took the next step with two focused acquisitions:
Prompt Security β A portfolio built to secure AI use cases and protect how employees, developers, and applications leverage generative and agentic AI. This is a critical component of protecting AI as an attack surface itself.
Observo AI β An AI-ready streaming data pipeline that intelligently filters, normalizes, and ingests petabytes of telemetry across the enterprise with sub-second latency and strong cost efficiency. Combined with Singularity AI SIEM, this provides both pre-ingestion analytics and flexible pull/stream data collection, ensuring complete visibility, real-time detections and autonomous response across the entire security environment.
These advancements extend Singularity into a unified AI Security architecture that gives defenders a complete, autonomous view across traditional and emerging surfaces β from premise to cloud.
Delivering on the AI Security Vision Today
Today at OneCon, weβre not just giving customers a roadmap and strategy, weβre giving them new tools and innovation to start securing their AI-enterprise today, including:
New solutions from Prompt Security to secure AI apps, tools, developers and agents βΒ Real-time visibility and policy enforcement across thousands of AI tools. Shadow AI discovery, data loss prevention for prompts and outputs, safe coding with secret redaction and vulnerable code blocking, and protection for internal AI applications.
Purple AI innovationsΒ β Integrated agentic auto-investigations with dynamic runbooks. Next best actions on alerts. One-click custom detection rule creation that turns investigation outcomes into durable detections. Integration with Singularity Hyperautomation for approved response.
Purple AI MCP ServerΒ β A secure bridge between Singularityβs live intelligence and your AI ecosystem. Build your own agents grounded in your security context. Use OpenAI, Anthropic, Gemini, or internal models. Innovate securely at scale. The MCP Server is open source and available on GitHub today.
Observo AI pipelines and integration with Singularity AI-SIEM β Vendor-agnostic data engine for any source to any destination. When paired with Singularity AI SIEM, Observo supercharges detection and response with high-fidelity, cost-efficient streaming telemetry.
Wayfinder Threat Detection and Response with Google Threat IntelligenceΒ β Global insight combined with automation and human expertise. GTI visibility feeds directly into SentinelOne services. Intelligence becomes action through Purple and our analysts. Faster, more precise response as a matter of process, not hope.
Platform upgrades:
Native scalability to million+ active agents in a single deployment. Faster policy updates with minute command SLA.
Agent efficiency improvements across operating systems. Lower CPU and memory usage, fewer support cases, better user experience.
AI SIEM query engine overhaul that supports very high cardinality and keeps up to seven years of security data hot. Natural language search in Purple AI operates on the same high performance data. No cold storage delays.
Live Security Updates upgrades that dramatically reduce response times, and improve accuracy and efficacy.Β And more customer controls for safe rollout.
Thousands of new detections continually delivered, from the AI-SIEM to the endpoint agent. Weβre wherever the adversary moves, delivering real-time protection across dozens of surfaces and data sources. With AI infused into every layer of our operations, weβre moving faster, scaling further, and stopping even unknown threats with greater precision than ever before.
New Infrastructure as Code (IaC) deployment processes, better observability across the platform, and proactive communications on incidents via a public status page have all been added to bolster resilience, reliability and transparency.
Active monitoring mode and proactive alerting extends resilience outside the SaaS operation into the Endpoint agent, providing near real-time health metrics of the agents themselves β now transparently available for the customer visibility in the agent management control plane.
The Path Forward in AI Security: Advancing Humanity, Protecting the Human
AI security is more than just defending systems, itβs about defending the fabric of trust that lets humans thrive in a digital world. As intelligence becomes ambient and autonomous, security must evolve from a reactive layer into an enabling force for human progress.
Empowering Human Potential β By offloading complexity and noise to intelligent machines, AI security frees humans to focus on creativity, empathy, and purpose. Protection becomes invisible, a silent force amplifying human capability rather than constraining it.
Preserving Digital Integrity β As data becomes identity, securing truth is a moral imperative. AI security safeguards the authenticity of information, ensuring societies can rely on what they see, share, and believe. As our lives move fully into digital spaces, the boundary between human and machine expression blurs. Every action carries traces of who we are. In this new reality, AI Securityβs role is to safeguard that trust: To ensure that what we see, share, and decide upon is authentic. It means protecting the fidelity of data, the truth of identities, and the integrity of digital interactions against manipulation. It is the contract to our reality.
Building Ethical Autonomy β The next era demands systems that defend not only themselves, but the people they serve. Ethical AI security means designing intelligence that understands context, respects privacy, and acts in humanityβs best interest even when no one is watching.
Ultimately, the path forward fuses human and artificial intelligence into a shared defense, machines protecting people, and people guiding machines, so that technology remains our most trusted ally, not our greatest risk.
Defenders deserve a technology that protects every surface, that can see everything, turns data into advantage, and puts human governance at the center. So, letβs get started.
AI for Security. Security for AI. Autonomous protection, always evolving, in production, today, all in pursuit of a safer, brighter future.
Today, on the main stage at OneCon 2025, SentinelOne is taking the wraps off its vision, roadmap, and new portfolio for securing an AI-powered world. From securing AI tools, applications, and agents to transforming and automating security operations, SentinelOneβs AI Security strategy and new innovations will help customers accelerate and de-risk their AI advantage.
Introducing a new portfolio for securing AI, new AI-ready data pipelines, the expansion of Purple AI, SentinelOneβs category-best agentic security analyst, the debut of new AI-powered threat detection and response managed services, and more, the new innovations revealed at OneCon 2025 will focus on how our customers and partners can both secure AI systems and achieve autonomous security today.
Securing AI: New Prompt Security Offerings
At OneCon 2025, SentinelOne is putting customers in control of AI in their organization by introducing a new suite focused on securing known and shadow GenAI use, coding, data leakage, agents and more.
Prompt Security for Employees β Delivers real-time visibility and control over employee GenAI usage. Supporting more than 15,000 AI sites, it detects and eliminates shadow AI risks and prevents sensitive data exposure.
Prompt Security for AI Code Assistants β Secures the use of GenAI coding tools by instantly redacting secrets, PII, and IP from code to prevent data leaks. Its real-time Vulnerable Code Scanner blocks insecure or malicious AI-generated outputs before production, helping developers code faster and safer while maintaining organizational control and compliance.
Prompt Security for AI Applications β Protects custom-built AI solutions, from chatbots to complex automations, against emerging threats like denial-of-wallet and remote code execution (RCE).
Prompt Security for Agentic AI (Beta) β Provides real-time visibility, risk assessment, and governance for autonomous AI agents built on the Model Context Protocol (MCP) β the first comprehensive solution to secure, monitor, and control agentic AI operations at machine speed.
New AI-Ready Data Pipeline: Integrating Observo AI & Singularity AI SIEM
Following the recent acquisition of Observo AI, SentinelOne is introducing the first integration into its Singularity Platform, giving customers a new AI-native data platform to reimagine how they collect, enrich, and act on data across their entire security ecosystem and power their agentic security operations.
Observo AIβs Integration with Singularity AI SIEM, unites intelligent AI-native streaming data control with agentic AI-powered analytics and orchestration, optimizing data pipelines for enhanced threat detection and autonomous response across all security data. Observo AI efficiently ingests and normalizes petabytes of data from any source, then prioritizes and routes what matters most into Singularity AI SIEM. This unique, transformative combination creates the only SIEM on the market to provide both pre-ingestion analytics and flexible pull/stream data collection.
Expanding Purple AI & New Model Context Protocol Innovations
SentinelOne will also showcase the latest advancements in Purple AIβs agentic triaging, investigations, and workflows, bringing together human-level reasoning with orchestration and automated response. Building on Purpleβs agentic roadmap, the capabilities are focused on cutting detection, investigation, and response from hours to minutes for analysts.
In-line Agentic Auto-investigations with Dynamic Reasoning (Preview) β End-to-end one-click agentic investigations spanning discovery, alert assessment, hypothesis validation, impact analysis, recommended response, and proactive custom rule creation. Purple AI shifts the paradigm from human work assisted by AI to AI work approved by humans, with every step and conclusion clearly documented in a single investigation canvas for human approval.
Automated and agentic investigations and response through Purple AIβs integration with Singularity Hyperautomation for Agentic Investigations & Response Actions (Preview) β Purple AI seamlessly integrates with Singularity Hyperautomation to execute pre-approved customer workflows to both conduct its agentic investigations, validating hypotheses via actions such as contacting human defenders via Slack, and to agentically surface pre-approved recommended actions to execute.
Agentic Custom Detection Rule Creation (Preview) β In the investigation pane, analysts can receive agentically recommended custom detection rules that can be created with a single click, enabling security teams to immediately identify and stop similar attacks before they spread.
Purple AI Model Context Protocol (MCP) Server (Generally Available) β Provides secure, seamless integration between the Singularity Platform and any AI framework or large language model. Acting as a universal translator and intelligence hub, it empowers developers and partners to build custom agentic AI experiences powered by the full context and analytics of SentinelOneβs platform. The open-source Purple AI MCP Server is available today on GitHub.
Managed Services for the AI Era: Wayfinder Threat Detection & Response
Wayfinder combines elite human expertise with agentic AI to deliver next-generation managed services. Built on SentinelOneβs telemetry and Google Threat Intelligence, Wayfinder provides AI-powered threat hunting, MDR, and incident response, enabling faster detection, smarter response, and adaptive defense β empowering teams to focus on high-value priorities.
Managing Attack Paths: Mapping Risks & Securing Cloud Data
As cloud-native AI services gain adoption, SentinelOne is advancing unified exposure management with an upcoming release of Cloud Attack Paths and Data Security Posture Management (DSPM) in Singularity Cloud Security. Together, these capabilities deliver an intelligent cloud defense β mapping how interconnected exposures create exploitable pathways to sensitive data. By revealing critical exposures, Singularity Cloud Security empowers threat analysts to see what attackers see, anticipate lateral movement, and eliminate risks wherever they originate and before they can take shape. With AI-powered protections, deflect threats in real time and stop attacks in their tracks
Contextualizing the Identity Surface: Singularity Identity
The next evolution of Singularity Identity is here: a comprehensive solution that unifies all of SentinelOneβs identity security capabilities into one cohesive and contextual security experience. Delivering real-time detection and response, continuous posture assessments, and proactive risk management across hybrid environments, our solution uncovers threats faster while providing security teams with full visibility and protection across their environment. Our full identity profile now features policy-based conditional access β now in beta and purpose-built for dynamic, zero-trust environments.
Conclusion
OneCon25 showcases the next chapter in cybersecurity. With many innovations showcased this year, SentinelOne is delivering AI-native solutions that transform detection, response, and protection across endpoints, cloud, and enterprise systems. By combining automation, intelligence, and human expertise, organizations can act faster, secure smarter, and embrace AI-driven innovation without compromise, making the vision of autonomous, adaptive security a reality today.
Forward Looking Statements
This blog post includes forward-looking statements including, but not limited to, statements concerning our current and future products and services. Forward-looking statements are subject to risks and uncertainties that could cause actual performance or results to differ materially from those expressed in or suggested by the forward-looking statements. These and other risk factors are described in the βRisk Factorsβ section of our most recent Annual Report on Form 10-K, subsequent Quarterly Reports on Form 10-Q, and other filings made with the U.S. Securities and Exchange Commission (SEC), which are available free of charge on the SECβs website at www.sec.gov.
You are cautioned not to place undue reliance on these forward-looking statements. Any future products, functionality and services may be abandoned or delayed, and as such, you should make decisions to purchase products and services based on features that are currently available. Any forward-looking statements made in this document are based on our beliefs and assumptions that we believe to be reasonable as of the date hereof. Except to the extent required by law, we undertake no obligation to update these forward-looking statements to reflect new information or future events.
The Sentinels League is the official, week-by-week standings for the Threat Hunting World Championship β the first-of-its-kind tournament where the worldβs top defenders go head-to-head across four surfaces: AI, Cloud, SIEM, and Endpoint. Thousands of blue teamers from more than 100 countries are tackling real-world attack scenarios to earn points, climb the tables, and secure their path to Las Vegas.
Bookmark this blog post to check your position, track the movement each week, and jump into the next qualifier if youβre not on the board yet.
More Than a Game | How the Sentinels League Work
Qualifiers run throughout the month of September across the four league tracks with players who finish in the top 50 in each league advancing to the Regional Finals on October 22 for the Americas, Europe, and Asia Pacific & Japan. From there, regional champions progress to the Grand Final at OneCon in Las Vegas from November 4 to 6, where the World Champion is crowned.
This is more than a game. Itβs a global showdown that blends entertainment, education, and elite competition. Defenders everywhere will up-level their skills and battle for:
$100,000 in prizes
A championship trophy
The prestige of being crowned World Champion
Charitable donations made in partnership with the S Foundation on behalf of each finalist
Only one player will take home the title, but everyone gains the experience of battling in real-world scenarios that sharpen the skills cyber defenders use daily.
A Global Leaderboard in Action | Follow the League Tables Live
These games are grounded in real incidents and operational trade-offs. Players earn points for flags captured and accuracy under time limits. This means pace and precision both matter. The tables below display each playerβs alias, alongside points, and the prize they would receive should they finish in that same position.
Qualifying Stages
Compete online from anywhere, or in-person at select events this month. Earn Threat Hunting Hero badges, prizes, and points that advance you up the league tables. Throughout September, players may enter once per qualifier and compete across all four tracks.
AI Qualifier Games: Take on scenarios featuring AI attackers and AI-powered threat hunting tools.
Cloud Qualifier Games: Track and neutralize threats across cloud-based attack surfaces.
SIEM Qualifier Games: Assert your dominance in real-time SIEM hunting and remediation challenges.
Endpoint Qualifier Games: Hunt down and remediate endpoint vulnerabilities in scenarios pulled straight from real-world incidents.
Regional Finals | October 22
The top 200 players from each region (Americas, Europe, Asia Pacific & Japan) will face off live in an action-packed online event. Only three regional champions will advance.
Grand Final | November 4β6 | OneCon, Las Vegas
Three finalists will earn an all-expenses-paid trip to OneCon 2025 in Las Vegas to compete live on stage for the World Championship title, the trophy, and the $100K prize pool.
This championship is proud to unite thousands of cybersecurity defenders in a showcase of skill, innovation, and strategy. We invite you to share this blog for live updates, engage with us on social media, help grow the buzz across our community, and watch as the stage for threat hunting glory gets bigger. Also, itβs not too late to make a run at Regionals. Enter the next qualifier and save your spot in the Sentinels League today!
Participation is open worldwide. Prize eligibility is subject to Terms & Conditions and some countries are not eligible to receive monetary rewards. See the full rules for details.
By Gary Miliefsky, Publisher of Cyber Defense Magazine Black Hat, the cybersecurity industryβs most established and in-depth security event series, has once again proven why it remains the go-to gathering...
Organizations around the globe are rapidly adopting AI and embracing accelerated creativity and output, but with this vast opportunity come enormous challenges: visibility, compliance, security, control. From the growth of AI tool usage outside IT and infosec to the emergence of autonomous AI agents and agentic workflows, the undeniable benefits of AI often open the door to novel cyber threats and data privacy concerns, but even more often, to misuse and leakage of sensitive information.
SentinelOne pioneered AI Cybersecurity beginning at the endpoint and this strategy has rapidly evolved to the cloud, AI SIEM, and generative and agentic AI to protect every aspect of enterprise security. Now, weβre taking that strategy a step further, signing a definitive agreement to acquire Prompt Security β a rapidly growing company empowering and enabling organizations to use AI and AI agents securely β today. The immediate visibility and control Prompt Security delivers to all employee use of GenAI applications in the work environment is unparalleled.
Embrace AI without compromising visibility, security, or control
Prompt Security CEO Itamar Golan and his team were early champions of AI as a force for productivity, innovation, and transformation. As a cybersecurity veteran of Orca and Checkpoint, Golan was quick to realize that security risks would be the single biggest blocker to widespread AI adoption. This need is what has driven Prompt Securityβs approach from the start β providing companies with the ability to encourage and deploy employee AI usage without compromise.
Prompt Securityβs technology helps organizations by integrating across browsers, desktop applications, and APIβs. This includes real-time visibility into how AI tools are accessed, what data is being stored, and automated enforcement to prevent prompt injections, sensitive data leakage, and misuse.
This design and approach is highly complementary to SentinelOneβs AI strategy and the Singularity Platform; creating a unique, integrated layer for securing AI in the enterprise β protecting tools where and how they are used, and creating customer value in a way no other solution in the market can match.
The Prompt Security Difference
Prompt Security enables organizations and users to confidently leverage tools like ChatGPT, Gemini, Claude, Cursor, and other custom LLMs by providing IT and security teams visibility, security, and real-time control β even over unmanaged AI use.
Real-Time AI Visibility
Prompt Securityβs lightweight agent and browser extensions automatically discover both sanctioned GenAI apps and unsanctioned Shadow AI wherever employees work. This includes browsers, desktop IDEs, terminal-based assistants, APIs, and custom workflows. The platform maintains a live inventory of usage across thousands of AI tools and assistants. Every prompt and response is captured with full context, giving security teams searchable logs for audit and compliance. This is a great complement to our existing presence on the endpoint, and will enable us to accelerate our GenAI DLP capabilities.
Policy-Based Controls
Granular, policy-driven rules let teams redact or tokenize sensitive data on the fly, block high-risk prompts, and deliver inline coaching that helps users learn safe AI practices without losing productivity.
AI Attack Prevention
The platform inspects every interaction in real time to stop prompt injection, jailbreak attempts, malicious output manipulation, and prompt leaks. It is designed to maintain low latency so users experience no disruption.
Model Agnostic Coverage
Safeguards apply uniformly across all major LLM providers including OpenAI, Anthropic, and Google, as well as self-hosted or on-prem models. The fully provider-independent architecture fits into any stack, whether SaaS or self-hosted.
MCP Gateway Security
Prompt Securityβs MCP Gateway sits between AI applications and more than 13,000 known MCP servers, intercepting every call, prompt template, and response. Each server receives a dynamic risk score, and the system enforces allow, block, filter, or redact actions.
The Future of AI Security
AI is the most transformative force in the world today, but without security, it becomes a liability. SentinelOne has long set the standard on how AI can transform cybersecurity. This acquisition unlocks a new frontier of platform expansion for SentinelOne and represents a step forward in our AI strategy β from AI for security to security for AI. It cements SentinelOneβs leadership in securing the modern AI-powered enterprise, and it also puts in the center the main thing that acquisitions are about- solving real customer problems, improving security, and creating tangible value for security teams- allowing them to lead their business safely and responsibly to the AI age.
Protecting the usage of AI tools without compromising safety or inhibiting productivity is critical to their continued adoption and together, SentinelOne and Prompt Security provide the tools and confidence to make that a reality.
The ink may still be drying but the next chapter of SentinelOneβs growth story has officially begun. On behalf of all Sentinels, our partners, and our customers, I couldnβt be happier to welcome the Prompt Security team to SentinelOne!
Forward Looking Statements
This blog post contains forward-looking statements. The achievement or success of the matters covered by such forward-looking statements involve risks, uncertainties and assumptions. If any such risks or uncertainties materialize or if any of the assumptions prove incorrect, our results could differ materially from the results expressed or implied by the forward-looking statements. Please refer to the documents we file from time to time with the U.S. Securities and Exchange Commission, in particular, our Annual Report on Form 10-K and our Quarterly Reports on Form 10-Q. These documents contain and identify important risk factors and other information that may cause our actual results to differ materially from those contained in our forward-looking statements. Any unreleased products, services or solutions referenced in this or other press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase SentinelOne products, services and solutions should make their purchase decisions based upon offerings that are currently available.
SentinelOne has once again achieved recognition as a category leader for Growth and Innovation in the Frost Radar: Global Managed Detection and Response (MDR), 2025. Year-over-year, we demonstrated advancements in delivering innovative offerings that combine advanced AI with expert human analysts to provide 24x7x365 MDR coverage.
The Frost Radar highlighted SentinelOneβs use of agentic AI as a major strength and our position as one of the early adopters of AI cybersecurity analysts.
According to Frost:
βThe continuous feedback and learning loop between Purple AI and the global MDR team ensures that both human analysts and ML models evolve together and improve the overall detection fidelity, contextual awareness, and effectiveness of the Singularity platform.β
SentinelOneβs leadership underscores our commitment to delivering our MDR service as an extension of β not a bolt-on to β the Singularity Platform, providing end-to-end coverage across endpoints, identities, cloud workloads, and third-party integrations. By doing this, we enable wider detection, investigation, and response coverage across the modern attack surface. Additionally, Purple AI uplevels our MDR analysts by enabling greater efficiency and scale to ultimately deliver more signal and less noise.
To learn more about why Frost has identified SentinelOne as a Leader in delivering MDR, read the full report.
Singularity MDR
Get reliable end-to-end coverage and greater peace of mind with Singularity MDR from SentinelOne.
Login
Platform and now power Purple AI, our agentic system that changes how analysts detect, investigate, and respond. Together, they extend protection and intelligence across endpoint, identity, cloud, and AI. It is an entire platform built on and enhanced by AI. This is how we keep our customers safe: By delivering real time security that is predictive and adaptive, at planet scale.
