SentinelOne unveiled agentic capabilities for its Purple AI security analyst at OneCon 2025 on November 5, positioning the tool as the first autonomous investigation engine for the SOC. New features in preview include inline auto-investigations with dynamic reasoning, automated response through Singularity Hyperautomation, and agentic custom detection rule creation.
The company also released Purple AI Model Context Protocol (MCP) Server as open source on GitHub, enabling third-party AI applications to connect with the Singularity platform. Purple AI reached a 40 percent attach rate on new licenses by late 2025.
CEO Tomer Weingarten described the industry transition as moving from “human work assisted by AI” to “AI work approved by humans.” SentinelOne complemented the announcement with four Prompt Security offerings (acquired in 2025) covering enterprise employees, AI code assistants, AI applications, and agentic AI systems in beta. The broader agentic AI shift across the industry is accelerating as vendors compete to automate investigation workflows.