Imagine if hunting for emerging threats was as straightforward as asking a colleague a simple question in plain language. Today, I’m excited to announce that SentinelOne has turned this into a reality with the launch of Purple AI.

Last April, we unveiled a first-of-its-kind AI-assisted platform that fuses data from SentinelOne’s real-time, embedded neural networks with a large language model (LLM)-based natural language interface to simplify threat hunting and help analysts boost productivity and scale their operations.

Today, we are excited to announce that Purple AI, the industry’s most advanced AI security analyst, is now generally available worldwide. Purple AI helps security teams detect earlier, respond faster, and stay ahead of attacks. It radically accelerates threat hunting, investigations, and response so security teams can save time, reduce costs, and better protect their environments.

Scaling Autonomous Protection Across the Enterprise

Purple AI is a force multiplier for security teams. It translates natural language questions into sophisticated PowerQueries within seconds, facilitates deep log analysis of native and third-party data, and provides one-click hunting quickstarts, suggested queries, and shareable investigation notebooks.

Early adopters perceived threat hunting with Purple as 80% faster, and 78% of those surveyed found investigation notebooks to be very or extremely helpful.

“The security insights provided by Purple AI have surpassed anything PruittHealth had before,” said Richard Bailey, SVP of IT at PruittHealth Connect Inc. “Purple AI assists in identifying weaknesses and vulnerabilities, thus bolstering PruittHealth’s overall security. Additionally, it enhances accuracy and reduces human error in data queries, allowing more time for other tasks.”

Maximizing the SOC’s Full Potential

Today’s security teams are dealing with a sophisticated threat landscape and endless alert queues that grow far faster than what teams can even hope to resolve. Staying ahead of adversaries requires both innovation and scalability, and Purple AI was specifically designed to empower your team to maximize their productivity.

Purple provides the following key benefits:

• Simplifying the Complex – Querying your Singularity Data Lake is as easy as asking a colleague a question. Simply ask Purple a question like, “Am I being targeted by FIN12?” without needing to reference data schemas or create complex queries. This enables faster and more effective threat hunting for every analyst.
• Up-Leveling the Entire SOC Team – Investigation notebooks make whole teams more efficient. Notebooks are auditable and shareable, and early adopters have used this as a knowledge-amplification tool. Senior analysts write plain language queries shared in an investigation notebook with their colleagues, which makes their expertise more accessible.
• Taking Hunts from Hours to Minutes – Accelerate SecOps with AI-powered analyses, auto-summaries, and suggested next queries. Purple AI provides pre-populated threat hunting ‘quick starts’ and uses the latest threat intelligence so analysts can begin a hunt with a single click.
• Safeguarding Your Data – Purple is designed for data protection and privacy by design. It is never trained with customer data and is architected with the highest level of safeguards.

What’s the Purple AI Difference?

As criminals around the world are starting to leverage AI-based, automated tools to execute malicious attacks, SentinelOne is taking this technology to help enterprises control all aspects of their security posture, from visibility and response, to supercharging SecOps and building long-term cyber resilience.

Speed & Visibility One Console, Platform & Data Lake

Responding to emerging threats requires both speed and deep visibility. Purple AI provides both, so analysts can see the full picture within the Singularity Platform. This means one unified console built on top of the industry’s most performant data lake for lightning-fast queries.

Purple AI is also the only AI security platform that supports the widely adopted Open Cybersecurity Schema Framework (OCSF), providing analysts with full data visibility and a single normalized view of native and partner data.

Threat Hunting Quickstarts & Guided Investigations

One of modern SOC teams’ biggest challenges is dealing with alert fatigue, which precludes proactive threat hunting and leads to missed notifications and burnout. Purple AI takes an intelligent, action-oriented approach to make threat hunting simple.

Security analysts are able to reduce critical MTTD through the Purple AI quickstart library, which provides suggested prompts to kick off investigations in natural language with a single click. Further, Purple will provide contextual suggested next queries to help analysts conduct faster, deeper investigations to better understand and mitigate critical risk.

Accelerated Collaboration Across the Board

Purple goes far beyond the now-popular chatbot experience. It helps analysts conduct deeper investigations that they can share across teams with auditable and auto-saved investigation notebooks. Since security analysts can now use natural language to conduct investigations, this means that the notebooks become artifacts they can share even with management and leadership teams without investing additional effort to make them understandable.

Open & Reliable AI

Purple AI focuses on transparency, prioritizing SentinelOne’s commitment to security and privacy. The platform employs the highest level of safeguards to protect and ensure you own your data, and models are not trained using customer data or requests. Purple is also designed so that SOC teams can easily view query translations for verification and analyst training.

Conclusion | Learn More About Purple AI

Purple AI is set to enhance the threat hunting experience for modern enterprises and provide security professionals with the tools they need to secure today, tomorrow, and beyond. Saving time and maximizing resources through Purple AI ensures enterprises can focus on business-critical operations and build up a strong and lasting cyber posture against even the most sophisticated threats.

Book a demo with the SentinelOne team to learn more about how Purple AI can help untap the potential of your security teams.