SentinelOne’s ambition with Purple AI has been clear from the outset. It should be able to do the work of a SOC analyst entirely independently, under human supervision. With the latest version, it is another step closer to achieving this. The Athena release brings new, advanced agentic AI capabilities to the SentinelOne platform. In addition, the company is opening up the autonomous SOC analyst to even more third-party data.
When we spoke to Tomer Weingarten, founder and CEO of SentinelOne, at SentinelOne’s own OneCon event more than six months ago, he smiled and remarked that agentic AI is not new at all. He built such features into the security solutions provider’s platform ten years ago. In other words, the platform has used varying degrees of AI to handle things autonomously since SentinelOne’s inception.
Also read: SentinelOne CEO wants to prove that things can (and should) be different in the security industry
Purple AI is becoming increasingly agentic
The extent to which the previous AI capabilities in the SentinelOne platform fall under the heading of agentic is debatable. Weingarten mainly wanted to make it clear that what we are today in the world of AI has long been part of SentinelOne’s vision. In recent years, the company has been accelerating this vision. The launch of Purple AI a few years ago at the RSAC Conference and the promotion of Purple AI from assistant to analyst last year at the same event underscore this.
With the latest version of Purple AI, which SentinelOne has suddenly started giving the version name Athena for unknown reasons, the company is taking the next step. This new version is intended to further enhance the existing agentic AI features. The aim is to enable even faster response to attacks and threats in collaboration with the people working in SOC teams. In other words, it should make the human-AI tandem even more powerful. Below, we take a closer look at the new features of Purple AI.
What’s new in Purple AI Athena?
First and foremost, Purple AI Athena brings more deep security reasoning. This could be seen as the machine version of how an experienced SOC analyst thinks and tackles problems. This feature is not just a technical advancement of the models and framework behind Purple AI. It also uses a human feedback loop. It uses feedback from experienced and skilled SOC analysts to improve the thinking process of the agentic framework. The advantage of this is much more autonomy, but based on human standards, is the idea. An example of this is Purple AI Auto Triage, which will be generally available this week. It builds on AI Similarity Analysis based on these deep reasoning capabilities.
Purple AI also uses its own Singularity Hyperautomation capabilities. These enable analysts to quickly create automated new rules for detection via a no-code environment. The system gets to work on alerts and resolves them, continuously learning to do this better on its own, so that analysts no longer need to intervene. The idea and the goal is to make Purple AI increasingly work end-to-end in this way.
Direct access to SIEM from other providers
The third and final new feature of Purple AI Athena has to do with the sources it can use. From this version onwards, it is possible to link data sources that do not belong to SentinelOne directly to Purple AI. These include third-party SIEMs, security data lakes, and other sources of security data. This is very important because Purple AI is no longer limited to the data in its own silo. It is also essential if SentinelOne is to deliver on its promise of end-to-end autonomous agentic AI. This is not possible without this data, at least not in real time.
For customers, this integration is not only interesting from the perspective of better performance. It also means they don’t have to migrate data or build or purchase additional software to make the data available to Purple AI.
Purple AI builds on years of experience
According to SentinelOne, Purple AI has already been widely deployed by customers in recent years. The experience the company has gained with it forms the basis for today’s additions. The new underlying security models of Purple AI Athena are partly the result of training on real use cases.
With Purple AI Athena, SentinelOne is doing what it has been doing for years. It is steadily building on its overarching vision. Whereas last year it was still somewhat unclear how agentic Purple AI actually was, and it was mainly referred to as a fully-fledged SOC analyst on paper, real agentic functionality is now a big step closer with Purple AI Athena.
What we find particularly interesting is the role of humans in these developments. Not only will they remain in the loop to keep everything running smoothly, but without human input it would also be virtually impossible to continuously improve Purple AI. In that respect, AI still does not have much so-called agency. This makes agentic AI as it currently exists in Purple AI Athena much less of a black box and therefore more transparent and reliable.