SentinelOne Purple AI Agentic Investigations — Zero-Click Autonomous SOC Opened to All Customers

On June 17, 2026, SentinelOne opened Purple AI Agentic Investigations to all Singularity Platform customers via a free trial (through August 15, 2026). The 'zero-click' capability autonomously detects, investigates, and responds to threats — when a threat crosses a defined threshold, Purple AI initiates an investigation, builds a full evidence chain, renders a verdict, and can trigger policy-driven responses without analyst involvement. It runs natively on endpoint, identity, cloud, and third-party telemetry already in the platform, requires no deployment, and uses a multi-model approach (Anthropic Claude + OpenAI GPT + SentinelOne Ultraviolet). Simultaneously, SentinelOne introduced Singularity Credits as a unified AI-work currency across the platform. Purple AI also exposes an MCP Server for external framework integration.

This is the first GA-level, zero-click autonomous investigation capability from a major XDR/EDR vendor opened to the full customer base, not a limited preview. The multi-model architecture and native platform telemetry integration address the core SOC scaling problem — investigation throughput, not detection — with a configurable human-in-the-loop dial and full audit trail.

All Singularity Platform customers should activate the free trial immediately to evaluate autonomous investigation quality and set appropriate autonomy thresholds before August 15 trial end. SOC managers should define escalation policies before enabling automated response actions.