SentinelOne

23.4K posts

SentinelOne banner
SentinelOne

SentinelOne

@SentinelOne

ONE autonomous platform to prevent, detect, respond, and hunt. Do more, save time, secure your enterprise: https://t.co/N75g1HAnCs 🐱‍💻

Mountain View, CA Katılım Ocak 2013
1.4K Takip Edilen58K Takipçiler
Sabitlenmiş Tweet
SentinelOne
SentinelOne@SentinelOne·
🔥 🟣 Purple AI is here and now generally available! To learn more about the industry’s leading AI security analyst, watch the video below. 👉 Ready to transform your security operations? Get a demo: sentinelone.com/platform/purpl…
English
29
22
99
61.7K
SentinelOne
SentinelOne@SentinelOne·
Law enforcement executed a massive global crackdown on financial fraud, a new phishing service targeted Microsoft 365 with device-code tactics, and rival state-sponsored actors converged on Pakistani police networks. This is the Good, Bad & Ugly. ⬇️ ✅ GOOD - Spanish authorities apprehended a suspected core member providing operational support to pro-Russian hacktivist syndicates. - International law enforcement agencies arrested over 5,800 suspects and seized $293 million in illicit assets. - The global crackdown specifically targeted business email compromise, investment scams, and money laundering syndicates. ⚠️ BAD - Researchers identified Forg365, an advanced phishing-as-a-service operation specifically targeting Microsoft 365 enterprise accounts. - The platform blends adversary-in-the-middle techniques with device-code phishing to bypass traditional security controls. - Attackers deploy a specialized browser extension that operates silently to capture fresh authentication tokens. 🤢 UGLY - Suspected state-sponsored threat actors from China and India separately converged on Pakistani law enforcement networks. - Both nations actively sought independent visibility into Pakistan's internal security posture and ongoing counter-militancy operations. - Operators weaponized a civilian complaint management portal to deploy custom malware implants and surveil public users. Full breakdown → s1.ai/GBU9-Wk28
SentinelOne tweet media
English
0
1
6
1.3K
SentinelOne
SentinelOne@SentinelOne·
Engineered to secure your AI. Built to give you the S1 Advantage. Join SentinelOne at Black Hat, August 1-6, as we showcase the next generation of AI-driven defense. Stop by booth 2933 to: ✅ Test your hunting skills in Mortal vs. Machine and go head-to-head with the Autonomous SOC. See how Purple AI, Purple MCP, and Auto-Investigation help you detect earlier and respond faster. ✅ Step into the ThreatOps Challenge and prove your skills in: Endpoint, Cloud, AI SIEM, or Prompt. ✅ Attend ‘Blurred Lines’ and learn how how global conflict and weaponized AI are reshaping enterprise risk. Connect with us onsite: sentinelone.com/lp/black-hat/
English
0
1
12
1.3K
SentinelOne
SentinelOne@SentinelOne·
China- and India-nexus threat actors have converged on a single Pakistani police force, seen as a rich source of intelligence for both nation-states. SentinelLABS latest research tracked multiple campaigns from February 2024 to April 2026. Balochistan Police sits at a vertex, the result of multiple threat actors setting their sights on the data the agency holds. China-nexus interest is most likely motivated by a rising concern for the safety of its nationals living in Pakistan. With a growing population of Chinese citizens situated in the China-Pakistan Economic Corridor (CPEC), ongoing terrorist attacks have left the PRC dissatisfied with Pakistani protection. Data from Balochistan Police would give the PRC direct insights on the safety of their nationals, cutting out involvement from a partner they no longer trust. India-nexus threat actors make up the opposite side of the pincer movement with their activities motivated primarily by the country’s long-standing conflict with Pakistan. For them, control over Balochistan Police networks means having invaluable visibility on how Pakistan manages their security posture as well as persistent access to civilian data. When multiple cyberespionage actors target the same law enforcement institution, the convergence signals the institution's value as a source of intelligence. While their motives are completely different, both China and India continue to keep an adversarial eye on law enforcement organizations like Balochistan Police, watching for more opportunities to take what they need from Pakistan’s digital intelligence terrain. Full report: s1.ai/spy2flags
SentinelOne tweet media
English
5
27
70
35.5K
SentinelOne
SentinelOne@SentinelOne·
US national AI infrastructure requires security controls designed for AI workloads. The US Federal Government is committing $600 million to build one of the world's most advanced AI infrastructure systems. Executive Order 14363, the Genesis Mission, connects national laboratory supercomputers across nuclear simulation, biodefense, and energy grid modeling. The security framework governing these workloads was not written for this scale of use. NIST SP 800-234 was designed for deterministic HPC workloads. Code that runs the same way, every time, and behaves predictably under well AI workloads operate differently. The framework has to match. This spring, three AI-driven supply chain attacks hit in three weeks: LiteLLM, Axios, CPU-Z. All arrived through trusted channels carrying payloads built to stay hidden. SentinelOne stopped all three on the day each launched. Behavioral detection reads execution patterns at runtime and acts on the break from baseline. Behavior is the decisive signal. A compromised model can be correct 99.9 percent of the time and adversarially wrong under precisely targeted conditions. The technology exists. It requires a shift in architecture. SentinelOne has submitted a formal proposal to the NIST HPC Security Working Group. NIST has acknowledged it. Read the full proposal → s1.ai/HPC-AI
SentinelOne tweet media
English
0
1
12
1.2K
SentinelOne
SentinelOne@SentinelOne·
Long-running AI agents have a memory problem. Every turn produces useful information, but the weight of that additional context creates noise and increases costs. The frontier labs answered with compaction. A summarization pass over prior agent actions that carries state forward without losing the key learnings. To test this important capability SentinelLABS applied OpenAI's compaction to our reverse engineering harness. The results were impressive: - Input tokens fell 86%. - Output tokens fell 31%. - Reasoning tokens fell 33%. Each run needed fewer model calls, but the aggregate evaluation scores stayed the same. This blog digs into what those numbers mean architecturally. Compaction pushes every developer toward the same decision: what lives in the context window, and what lives in retrievable storage? We land in a clear place. Working memory belongs in context. Evidence belongs in durable storage. Long-running agents were expensive and noisy to evaluate at scale. Compaction changes both, and it moves context engineering from a nice-to-have into the core of how these systems get built. s1.ai/CE-Compact
SentinelOne tweet media
English
1
3
9
1.2K
SentinelOne
SentinelOne@SentinelOne·
Law enforcement captured an Iranian cybercriminal and a core UNC3944 operative, Russian intelligence targeted Signal backup keys, and attackers breached a DHS information-sharing network. This is the Good, Bad & Ugly. ⬇️ ✅ GOOD - Authorities apprehended a dual Iranian and Turkish citizen for orchestrating mass cyberattacks against over 150 American universities. - A 19-year-old core member of the UNC3944 (aka Scattered Spider) cybercrime syndicate was successfully extradited to face federal charges. - The suspects are collectively responsible for inflicting billions of dollars in operational damages and illicit extortion payments. ⚠️ BAD - Russian Intelligence Services are actively targeting high-value individuals with sophisticated social engineering to steal Signal backup recovery keys. - Attackers masquerade as official support personnel to guide victims into generating and sharing their Secure Backups key directly in chat. - The U.S. Department of State is now offering a $10 million reward for actionable intelligence leading to these operatives. 🤢 UGLY - Unknown threat actors orchestrated an intrusion into the Department of Homeland Security's unclassified information-sharing network. - The attackers targeted core servers and a SharePoint environment routinely used for real-time incident management and operational coordination. - The breach raises significant concerns that the intrusion could have exposed critical security planning and response procedures. Full breakdown → s1.ai/GBU9-Wk27
SentinelOne tweet media
English
0
2
16
1.5K
SentinelOne
SentinelOne@SentinelOne·
Call it what you want: Autonomous SOC, Agentic SOC, AI SOC. The vision is the same. The reality varies wildly by organization and by team. As we said 18 months ago, the Autonomous SOC is a journey, not a destination. . A lot has changed in those 18 months. Some core foundational elements have not. The most autonomous systems operating at scale today work because of the doctrine, oversight structures, and defined conditions built around them. The AI is one layer of a much larger system. 18 months of real-world Autonomous SOC deployments confirmed this. Security teams doing that work are seeing it: → 75% faster investigations → 4x more threats handled → 42% fewer false positives 18 months ago, we mapped out the Autonomous SOC Maturity Model. Today we check in on where we are on the journey. Read the full blog: s1.ai/Autonomous-SOC
SentinelOne tweet media
English
2
1
13
1.3K
SentinelOne
SentinelOne@SentinelOne·
Endpoints are where most attacks start. IDC measured what effective endpoint protection is worth. A new IDC Report measures what SentinelOne Singularity Endpoint delivers. IDC interviewed seven organizations across seven industries independently. Inside the report: - The 3-year ROI IDC measured among SentinelOne customers - Annual savings per organization, in dollars and analyst hours - Real-world drops in remediation time and false positive rates - Insights from customers who have deployed Singularity Endpoint and Purple AI Independent IDC research, validated across seven organizations and seven industries. Swipe through for the full breakdown. Download the Business Value Report: s1.ai/IDC-BV
SentinelOne tweet media
English
1
0
13
1.2K
SentinelOne
SentinelOne@SentinelOne·
Five years ago, we started a conference with a single conviction: the research should speak for itself. Five years later, we have our answer. A real research-led community. @labscon_io 2026 is the final chapter, with the strongest program yet. Researchers, defenders, and the people who push this industry forward. This one's for you. Request an invitation. labscon.io
English
0
5
16
3.1K
SentinelOne
SentinelOne@SentinelOne·
Law enforcement dismantled malware and scam infrastructure, a North Korean macOS implant disrupted AI analysis tools, and attackers exploited two high-severity vulnerabilities in Cisco edge devices. This is the Good, Bad & Ugly. ⬇️ ✅ GOOD - Authorities dismantled the Amadey and StealC malware networks, taking 326 servers offline and recovering 27 million stolen credentials. - Two Scattered Spider syndicate members pleaded guilty to orchestrating a £29 million cyberattack against Transport for London. - The DoJ took down HuiOne Guarantee's cloud account, effectively freezing the technological backbone supporting transnational scam operations. ⚠️ BAD - North Korean threat actors are deploying macOS.Gaslight, a persistent Rust-based implant targeting macOS environments. - The malware deploys a dedicated Python module to aggressively harvest sensitive authentication data across browsers and keychains. - Operators uniquely embed deceptive prompt injection payloads designed to deliberately pollute automated AI analysis systems. 🤢 UGLY - Threat actors are actively exploiting a critical server-side request forgery vulnerability to compromise Cisco Unified Communications Manager systems. - Adversaries also exploited a severe flaw in Cisco Catalyst SD-WAN controllers to bypass input validation and create hidden root-level accounts. - Attackers are increasingly targeting these critical edge network devices because they frequently lack deep forensic visibility. Full breakdown → s1.ai/GBU9-Wk26
SentinelOne tweet media
English
1
4
13
2K
SentinelOne
SentinelOne@SentinelOne·
AI is reshaping both the threat landscape and how security teams respond. SentinelOne co-founder and CEO Tomer Weingarten joins @Bloomberg Intelligence analyst Mandeep Singh on Tech Disruptors to discuss securing AI agents, the role of LLMs in the modern SOC, and how M&A and increasingly sophisticated tools are defining the future of cybersecurity. 📻 From Bloomberg's Tech Disruptors 🎙️ Featuring SentinelOne's Tomer Weingarten 🔊 Listen to the full interview: bloom.bg/4w3PzxH
SentinelOne tweet media
English
0
3
14
1.5K
SentinelOne
SentinelOne@SentinelOne·
macOS.Gaslight uses a 38-message cascade that spoofs the triage harness's own prompt scaffold. The boundary blurs. Anyone building LLM-assisted analysis pipelines: treat what you're triaging as adversarial input. Always. Full analysis from SentinelLABS: s1.ai/gaslight
English
0
2
12
761
SentinelOne
SentinelOne@SentinelOne·
At the time of writing: 0/61 detections on VirusTotal. The rest of the tradecraft is hardened: - C2 runs over Telegram, AES-GCM encrypted, certificate-pinned TLS - The bot token self-redacts, leaving only a placeholder in logs and crash artifacts - Python stealer harvests browser data, login keychain, and terminal history via a novel CPython delivery method
English
1
2
6
802
SentinelOne
SentinelOne@SentinelOne·
@LabsSentinel analyzed macOS.Gaslight, a DPRK-aligned Rust implant. It gaslights the AI reading the output. Embedded inside the binary: a 3.5 KB prompt-injection payload. 38 fabricated "system" messages built to steer an LLM-assisted triage pipeline into aborting or refusing its analysis. Fake token expiries, out-of-memory kills, disk exhaustion, and bogus injection warnings. 🧵👇
SentinelOne tweet media
English
2
6
23
2.5K
SentinelOne
SentinelOne@SentinelOne·
As a partner in @OpenAI's Daybreak Cyber Partner Program, SentinelOne is bringing GPT-5.5 into our offerings, starting with Wayfinder Frontier AI Services, to give security teams faster investigation, sharper prioritization, and earlier risk identification across the threats that matter most. From Gregor Stewart, our Chief AI Officer: “Defenders need AI that can reason across complex signals while staying grounded in the workflows and expertise security teams already trust. That’s why Wayfinder Frontier AI Services was built multi-model from day one. By incorporating GPT-5.5 through the OpenAI Daybreak Cyber Partner Program, we are reinforcing SentinelOne’s commitment to AI-accelerated security delivered through, defensive services that help identify risk proactively, grounded in deep telemetry, diverse AI reasoning, and elite human expertise.” Read more: bit.ly/4w4gvxA
SentinelOne tweet media
English
2
4
14
1.8K
SentinelOne
SentinelOne@SentinelOne·
Law enforcement dismantled massive phishing and malware networks, a ransomware cartel abused Microsoft Teams infrastructure, and a state-sponsored group targeted medical research data. This is the Good, Bad & Ugly. ⬇️ ✅ GOOD - Authorities dismantled Outsider Enterprise, a Chinese PhaaS operation responsible for $1.9 billion in financial losses via fraudulent SMS campaigns. - Google disabled thousands of associated domains and is actively coordinating with major U.S. carriers to aggressively block malicious text messages. - Europol and Eurojust successfully removed SocGholish malware infections from nearly 15,000 compromised WordPress websites and dismantled over 100 command servers. ⚠️ BAD - The DragonForce ransomware operation is utilizing custom malware, Backdoor.Turn, to conceal C2 communications within legitimate Microsoft Teams relay infrastructure. - Attackers leverage Microsoft’s TURN protocol to establish direct QUIC sessions, remaining undetected by network defenders observing only trusted outbound traffic. - The threat actors employ extensive BYOVD techniques, systematically deploying vulnerable drivers to achieve kernel-level privileges and actively terminate host security tools. 🤢 UGLY - PRC-linked espionage group UNC6508 breached legacy REDCap servers to stealthily steal sensitive research from a North American medical institution. - The attackers deployed the custom "InfiniteRed" malware, which intercepts user logins and receives commands via HTTP cookies to grant extensive execution capabilities. - Operators uniquely abused legitimate enterprise content compliance features to automatically exfiltrate emails containing specific geo-strategic and molecular discovery keywords. Full breakdown → s1.ai/GBU9-Wk25
SentinelOne tweet media
English
3
3
13
1.4K
SentinelOne
SentinelOne@SentinelOne·
Threats are accelerating. Frontier AI is re-writing the rules. One conference keeps you ahead. While other conferences traffic in ideas, OneCon delivers real-world outcomes. Unlock the skills, insights, and clarity to innovate safely and gain the advantage in a new age of cybersecurity. The AI era isn’t coming. It’s here, at OneCon. Register → onecon.io
SentinelOne tweet media
English
0
1
11
978
SentinelOne
SentinelOne@SentinelOne·
Monitor, secure, and govern AI agents at scale: SentinelOne is a launch partner for @awscloud's new Amazon Bedrock AgentCore 3P Guardrails for AI agents. @prompt_security capabilities are now natively embedded in AgentCore. Every organization building and running AI agents on AWS needs the same security controls they rely on across the rest of their infrastructure. This integration puts those guardrails inside AgentCore, where the agents are running. Security policies configured once in AgentCore enforce consistently across all agent activity: prompt injection detection, PII exposure, tool-use validation, LLM response monitoring, and data leakage prevention. Read the full announcement: s1.ai/Bedrock-AgntCor
English
0
4
12
1.2K
SentinelOne
SentinelOne@SentinelOne·
Purple AI is bringing frontier-AI into the modern agentic SOC. In today’s SOC, detections increase. Alerts queue. Verdicts wait on analyst availability. Coverage drops on nights, weekends, and during surges. Investigation capacity is the binding constraint of the modern SOC. Purple AI Agentic Investigation closes the gap. When a critical alert crosses the threshold, Purple AI acts. Autonomously. Zero-click agentic investigations that run natively in the Singularity Platform, where your data and workflows already live. It detects, investigates, verifies, and responds autonomously. Investigations that once took hours or days now take minutes and seconds. The degree of autonomous response stays on the SOC's terms. Every verdict carries a complete, auditable evidence chain. Automated workflows can be customized to include human gates. The agentic SOC is operational. Activate it in your Singularity console. s1.ai/agentic
English
1
3
11
1.1K
SentinelOne
SentinelOne@SentinelOne·
🌟 SentinelOne is named a Major Player in the 2026 IDC MarketScape for Worldwide SIEM Platforms The rise of the agentic SOC requires a fundamentally new, AI-native approach to threat detection, investigation and response. SentinelOne’s Singularity AI SIEM brings together the power of petabyte scale hot storage, AI Data Pipelines, Hyperautomation, and our Purple AI SOC analyst to give defenders a decisive operating advantage against modern threats. 💪 Why it matters: Security teams are drowning in alert volume, spiraling data costs, and analyst shortages. SIEM is the operational core of the SOC, and the old guard wasn't built to handle today’s reality, let alone what's coming in the frontier AI era. What's new: IDC MarketScape recognized SentinelOne for its cloud-native Singularity AI SIEM, the data foundation that underpins the Singularity Platform and SentinelOne’s agentic threat detection, investigation and response. ➡️ The details: - Native EDR telemetry integration eliminates re-ingestion costs and enhances detection fidelity - Purple AI enables natural language querying, automated investigation, and AI-generated case summaries - Singularity Hyperautomation and Singularity AI Data Pipeline is built in, not bolted on as a third-party add-on
English
0
3
10
1.6K