SentinelOne this week unveiled Purple AI Athena at the RSAC Conference in San Francisco. This latest evolution advances Purple AI from its origin primarily as an advanced LLM-based chatbot assisting SOC analysts in finding and understanding threats, into a full agentic AI solution.
Very loosely, agentic AI autonomously responds to situations rather than to human natural language queries about situations, often through orchestration with multiple separate but related solutions. It consequently has the potential to dramatically reduce the time from situation occurrence to situation remediation.
However, it is worth noting that Athena isn’t a simple jump from chatbot to full agentic – SentinelOne has continuously worked on systems to increase SOC efficiency using automation. Its Singularity Hyperautomation solution is an example. It is a no-code platform that allows security teams to connect and optimize workflows without requiring coding skills. Other examples include Purple AI Auto Triage and Purple AI Auto Investigate.
Gregor Stewart, VP of AI at SentinelOne likens these individual solutions to ‘boxes’. “Those boxes achieve certain outcomes. Collections of related boxes, when they’re allowed to talk to one another, can achieve more complex outcomes. But this is very difficult to achieve by traditional automation means. We often know the types of operations that are needed to do something, but we’re not sure how many and in what order for any particular case.”
This is effectively the purpose of the new Purple AI Athena – to gain the full synergistic value of combining and using the different boxes, but in an autonomous manner not requiring constant human direction.
Athena itself is built on three pillars. The first is deep analysis at machine speed, claiming to mirror “the iterative thought process and deductive reasoning of experienced SOC analysts”. It independently analyzes suspicious activity across multiple sources, orchestrates response steps and remediates in seconds rather than hours. It reduces alert fatigue while increasing SOC skill levels – and shrinks the mean time to respond (MTTR).
The second pillar is full-loop remediation – meaning an incident can be detected and triaged autonomously with Athena running continuously. If it is a recognized threat, the correct response will be highlighted. If it is determined to be a new threat, rules for detection will automatically be added to the detection engine to improve future detection and triaging. This latter aspect draws on the automated workflow capabilities of Singularity Hyperautomation to create the new rules.
The third pillar is described as seamless and agnostic data source integration. “SecOps teams can tap directly into third party SIEMs, security data lakes and other security data sources,” says the firm. This allows Athena customers to avoid costly migrations and provides immediate outcomes across the entire environment.
“AI and automation have long held the promise of fundamentally transforming security operations and supercharging analysts to detect and respond – at machine speed – to threats from even the most sophisticated nation state adversaries and cyber criminals,” comments Tomer Weingarten, co-founder and CEO at SentinelOne. Agentic AI brings fulfilment of that promise closer.
The jury is still out on the complete accuracy and trustworthiness of artificial intelligence. “Today’s organizations are challenged with how to properly harness AI while contending with the potential risks introduced by its usage,” admits SentinelOne.
Hallucinations and biased responses still occur, and errors can be made. But continuous efforts to improve the working of AI now means it is now generally considered ‘accurate enough’; and while this may seem a dangerous statement it is no different than our current reliance on human endeavor.
Skilled SOC analysts can and do make errors, often errors of omission caused by alert fatigue and insufficient data. Human error and AI error may have different causes; but it is never suggested that human errors should disqualify human operators. We should perhaps offer the same acceptance to modern AI – it is generally good enough, is much faster, doesn’t get overworked, and misses fewer threats.
Related: How Hackers Manipulate Agentic AI With Prompt Engineering
Related: Terra Security Raises $8M for Agentic AI Penetration Testing Platform
Related: Kenzo Security Raises $4.5 Million for Agentic AI Security Operations Platform
Related: 7AI Launches With $36 Million in Seed Funding for Agentic Security Platform