Unlocking autonomy with SentinelOne’s Purple AI Agentic investigations

SentinelOne has announced the launch of Purple AI Agentic Investigations, a capability designed to provide autonomous security investigation and reasoning features for customers. The feature is integrated into the Singularity Platform and is accompanied by the introduction of Singularity Credits, which provide a flexible usage model for accessing AI-powered functions.

The company describes its “agentic SOC” approach, including what it calls “zero-click” capabilities, as enabling automated handling of aspects of threat detection and investigation. The system is intended to support analysis and reduce the need for manual intervention in initial investigation stages, while still allowing human oversight.

The development is positioned as addressing limitations in security operations centers (SOCs), particularly around investigation capacity rather than detection performance. The aim is to help organisations manage and respond to alerts more consistently during periods of high workload.

Key characteristics of the system include:

• Integration: Purple AI is designed to operate without additional configuration and uses existing telemetry data across endpoint, identity, and cloud environments within current workflows.
• Analyst support: It performs initial investigative steps such as gathering and correlating evidence to reduce manual data processing for analysts.
• Transparency: The system provides auditability of actions and decisions, allowing organisations to review how outputs are produced and adjust levels of automation.
• AI reasoning approach: It uses a multi-model approach to process investigation data and aims to reduce the time required for threat analysis.

Alongside this, Singularity Credits act as a unified usage system within the platform, allowing access to AI-driven tasks including agentic investigations. A trial period includes complimentary credits for customers to test these capabilities.

The initiative is presented as part of SentinelOne’s broader development of automated and assisted security operations models, with compatibility across existing systems. The company also notes that Purple AI aligns with the concept of an integrated security operations center (ISOC) as discussed in industry frameworks such as those from Gartner.

Availability: The trial for Purple AI Agentic Investigations is available to existing and new customers through Singularity consoles. During the trial period, Singularity Credits are used without charge. The trial is scheduled to run until mid-August 2026, after which credits are expected to be available for purchase through standard channels.