Company brings deep security reasoning, agentic detection and response, and hyperautomation workflows to any SIEM or data source with Purple AI ‘Athena’ Release
SentinelOne has revealed the next generation of Purple AI, the Purple AI Athena release, showcasing the first agentic AI capabilities to mirror the deep security reasoning and sophisticated orchestration of advanced SOC analysts. Announced at the RSA Conference 2025, these innovations build on Purple AI’s native agentic capabilities to help overstretched SecOps teams by automating and dramatically accelerating the end-to-end work of triaging, investigating, and responding to threats. The Purple AI Athena release will also open up Purple AI to third-party SIEM platforms and data lakes, bringing the full power of SentinelOne’s agentic AI and automation to all security data in the modern SOC, wherever it resides.
Since its unveiling at the RSA Conference 2023, Purple AI has benefited from AI agents and its own proprietary agentic AI framework to meet the demands of real-world cybersecurity teams. SentinelOne has continually built on this agentic framework and real-world experience, introducing agent-based innovations like Purple AI Auto Triage and Purple AI Auto Investigate, which were announced in October 2024 at SentinelOne’s OneCon event.
The Purple AI Athena release is being showcased and demoed at SentinelOne’s booth N-5863 and is part of SentinelOne’s broader Agentic AI strategy being rolled out at RSAC 2025, one designed to deliver three primary sets of AI and automation capabilities:
Deep security reasoning at machine speed – The Purple AI Athena release mirrors the iterative thinking and deductive reasoning of experienced SOC analysts. Tapping into Purple AI’s security models and agentic framework, it can intelligently execute full investigations of suspicious activity across multiple sources, orchestrate multi-step response actions, and remediate threats in seconds rather than hours. This agentic deep security reasoning is fine-tuned by the combination of advanced neural networks working across trillions of security-relevant data points, and a broad human feedback loop made of a global network of elite security professionals. The result is a level of autonomous SecOps that scales overstretched teams and dramatically reduces mean time to respond (MTTR). Purple AI’s Auto Triage, which was made generally available this week, taps into this deep security reasoning to autonomously conduct AI Similarity Analysis on alerts to identify similar threats and determine the likelihood of a true positive for prioritization.
Full-loop remediation and response with hyperautomation – Purple AI’s agentic AI system harnesses the no-code, automated workflow capabilities of SentinelOne’s Singularity Hyperautomation to create novel detection rules and to transform insights from agentic auto-investigations into autonomous, full-loop work. Purple AI’s agentic Auto-Triage and Auto-Investigations capabilities deliver summaries of results and steps taken and prompts human analysts with the option to turn one-time tasks, responses, and insights into hyperautomation workflows. The agentic system investigates and resolves alerts, and learns over time to autonomously remediate better on behalf of analysts. As a result, security teams can go beyond rudimentary rules-based automation to automating fully orchestrated investigations and responses.
Seamless, data source agnostic integration – With the Purple AI Athena release, SecOps teams can tap directly into third-party SIEMs, security data lakes and other security data sources, bringing the full power of Purple AI’s intelligence, agentic framework and the automation of the SentinelOne Singularity platform to all security data in the SOC. Alerts are ingested and correlated immediately, and from there, Purple AI applies real-time streaming analytics and full-loop remediation. This opens the door for SentinelOne Singularity customers to avoid costly migrations or middleman pipelines while benefiting from instant time to value and immediate security outcomes across the entire environment.
Purple AI’s Data Advantage – Agentic from the start, battle-tested in production environments
Broad production-level adoption of Purple AI over the past 2 years has enabled SentinelOne to create highly sophisticated and security-specific models trained on real-world security use cases. This is bolstered by SentinelOne’s highly differentiated sensor architecture, designed for granular, customer-specific tuning, telemetry streamed directly from endpoints and cloud workloads, and seamlessly integrated into the cloud-native data pipelines of SentinelOne’s AI SIEM. This results in a vast and unique data set continuously tuned, refined, and optimized using a closed feedback loop made up of SentinelOne’s elite MDR team with its extensive global partner network of top MDR partners.
With the Purple AI Athena release, SentinelOne will build on this proprietary foundation to execute the most comprehensive set of sophisticated agentic AI workflows in the cybersecurity industry. The Purple AI Athena release will expand on Purple AI’s agentic capabilities to provide AI-powered Data Integrations, Auto-Threat Hunting and Detections, Auto-Triage and Auto-Investigations, Novel Detection Rule Creation, Auto-Response and Reporting, and AI-powered Support.
“AI and automation have long held the promise of fundamentally transforming security operations and supercharging analysts to detect and respond – at machine speed – to threats from even the most sophisticated nation-state adversaries and cyber criminals. At RSA, we’re revealing the industry’s first true end-to-end agentic AI cybersecurity platform built on over a decade of security expertise – and we’re bringing it to all security data in the modern SOC,” said Tomer Weingarten, Co-founder and CEO of SentinelOne. “By delivering agentic AI automation and orchestration capable of reasoning and responding like an advanced security analyst, we believe humans get empowered even more as they assume supervision of these systems – an important role that will also shape the coming generation of security service providers.”
