SentinelOne Inc. today opened its Purple AI Agentic Investigations capability to all customers, adding autonomous threat investigation that runs without an analyst having to launch it.

The feature is available this week as a free trial inside the company’s Singularity Platform. It can work through a threat on its own, from spotting it to deciding what it is to acting on the verdict.

When something crosses a threshold the customer sets, Purple AI digs in, reaches a conclusion and moves to shut the threat down and analysts can watch it happen and step in at any point. SentinelOne calls the feature “zero-click” because the investigation kicks off by itself rather than waiting for someone to open it.

The pitch targets a specific bottleneck. Detections rise with every new tool and every expansion of the attack surface, but verdicts still wait on analyst availability and coverage thins on nights, weekends and during surges. SentinelOne argues that investigation capacity has become the real limit in most security operations centers, ahead of detection, and that AI-driven attacks will stretch that gap further.

“Today’s security teams face more critical alerts than any staffing plan could investigate and AI-powered threats are only going to make that worse,” said Chief Product Officer Chris Corde. “Purple AI’s Agentic Investigation capability is designed to remove that constraint by making investigations automatic, continuous and immediate.”

Purple AI runs on telemetry already in the Singularity Platform across endpoint, identity, cloud and third-party security data and SentinelOne says activation takes a single click with no data leaving the platform. The software gathers the evidence, ties the telemetry together and lays out how the attack unfolded, which hands the analyst a finished verdict to act on. Every verdict comes with an evidence chain that can be audited, and customers decide how much autonomy to grant through an adjustable human-in-the-loop control that can fire off automated responses or just suggest next steps.

Under the hood, Purple AI uses a mix of models, combining Anthropic PBC’s Claude, OpenAI Group PBC’s GPT and SentinelOne’s own “Ultraviolet” models to compress investigations that once took hours into minutes.

Alongside the launch, SentinelOne introduced Singularity Credits, a single currency customers draw down for AI-powered work across the platform, including the new investigations. The company is granting a complimentary allotment of credits to trial the feature. The trial is now live in Singularity consoles for new and existing customers, requires no payment method and is planned to run through Aug. 15. After it ends, customers can buy credits through partners, direct billing and e-commerce.

The launch deepens SentinelOne’s bet on AI as the centerpiece of its platform in a security operations market where it goes up against the likes of CrowdStrike Holdings Inc. and Microsoft Corp. The company says it protects nearly one-fifth of the Fortune 500.

Photo: SentinelOne