SentinelOne has introduced its Purple AI Agentic Investigations capability to all users, enabling fully autonomous threat detection, investigation, and response without analyst initiation. The zero-click feature debuts as a free trial within the Singularity Platform, designed to address analyst capacity challenges amid increasing alert volumes.
- Purple AI autonomously investigates and acts on detected threats
- Zero-click feature launches via free trial through Aug 15
- Integration of Anthropic, OpenAI, and proprietary models accelerates investigations
What happened
SentinelOne has opened access to its Purple AI Agentic Investigations functionality to all customers, allowing autonomous and automatic threat investigations without needing analysts to manually start the process. This capability is available as a free trial starting the week of June 17, 2026, through the company’s Singularity Platform.
The innovation enables Purple AI to identify threats, analyze them, reach conclusions on their nature, and initiate appropriate responses automatically when preset thresholds are crossed. Analysts can monitor the process and intervene if necessary, marking a significant shift toward automated cybersecurity operations.
Why it matters
Security teams increasingly face a flood of alerts that outpace available analyst resources, with detection capabilities growing faster than investigation capacity. SentinelOne highlights that investigation bottlenecks—amplified further by AI-driven attacks—are now the primary constraint in many security operations centers.
By automating investigations, Purple AI addresses this critical capacity issue, enabling continuous, immediate threat assessments with human oversight configurable via an adjustable control system. This approach aims to enhance security response efficiency and reduce reliance on manual analyst effort, especially during off-hours and demand surges.
What to watch next
The Purple AI feature is currently offered as a no-cost trial available until mid-August, with customers able to activate it easily and leverage telemetry from a broad range of sources including endpoints, identity, cloud, and third-party data within Singularity Platform. Following the trial, usage will shift to a credit-based system called Singularity Credits, encompassing AI-powered functions across the platform.
SentinelOne’s rollout signals a deep commitment to AI-driven security solutions as it competes with industry leaders like CrowdStrike and Microsoft. The effectiveness and adoption rate of Purple AI in live environments will be key indicators to watch, especially its impact on reducing analyst workload and improving threat mitigation speeds.