ONE autonomous platform to prevent, detect, respond, and hunt. Do more, save time, secure your enterprise: sentinelone.com/request-demo… 🐱‍💻

Mountain View, CA
🔥 🟣 Purple AI is here and now generally available! To learn more about the industry’s leading AI security analyst, watch the video below. 👉 Ready to transform your security operations? Get a demo: sentinelone.com/platform/pur…
29
23
98
61,246
Call it what you want: Autonomous SOC, Agentic SOC, AI SOC. The vision is the same. The reality varies wildly by organization and by team. As we said 18 months ago, the Autonomous SOC is a journey, not a destination. . A lot has changed in those 18 months. Some core foundational elements have not. The most autonomous systems operating at scale today work because of the doctrine, oversight structures, and defined conditions built around them. The AI is one layer of a much larger system. 18 months of real-world Autonomous SOC deployments confirmed this. Security teams doing that work are seeing it: → 75% faster investigations → 4x more threats handled → 42% fewer false positives 18 months ago, we mapped out the Autonomous SOC Maturity Model. Today we check in on where we are on the journey. Read the full blog: s1.ai/Autonomous-SOC
6
666
Endpoints are where most attacks start. IDC measured what effective endpoint protection is worth. A new IDC Report measures what SentinelOne Singularity Endpoint delivers. IDC interviewed seven organizations across seven industries independently. Inside the report: - The 3-year ROI IDC measured among SentinelOne customers - Annual savings per organization, in dollars and analyst hours - Real-world drops in remediation time and false positive rates - Insights from customers who have deployed Singularity Endpoint and Purple AI Independent IDC research, validated across seven organizations and seven industries. Swipe through for the full breakdown. Download the Business Value Report: s1.ai/IDC-BV
1
10
1,058
Five years ago, we started a conference with a single conviction: the research should speak for itself. Five years later, we have our answer. A real research-led community. @labscon_io 2026 is the final chapter, with the strongest program yet. Researchers, defenders, and the people who push this industry forward. This one's for you. Request an invitation. labscon.io
5
15
2,855
Law enforcement dismantled malware and scam infrastructure, a North Korean macOS implant disrupted AI analysis tools, and attackers exploited two high-severity vulnerabilities in Cisco edge devices. This is the Good, Bad & Ugly. ⬇️ ✅ GOOD - Authorities dismantled the Amadey and StealC malware networks, taking 326 servers offline and recovering 27 million stolen credentials. - Two Scattered Spider syndicate members pleaded guilty to orchestrating a £29 million cyberattack against Transport for London. - The DoJ took down HuiOne Guarantee's cloud account, effectively freezing the technological backbone supporting transnational scam operations. ⚠️ BAD - North Korean threat actors are deploying macOS.Gaslight, a persistent Rust-based implant targeting macOS environments. - The malware deploys a dedicated Python module to aggressively harvest sensitive authentication data across browsers and keychains. - Operators uniquely embed deceptive prompt injection payloads designed to deliberately pollute automated AI analysis systems. 🤢 UGLY - Threat actors are actively exploiting a critical server-side request forgery vulnerability to compromise Cisco Unified Communications Manager systems. - Adversaries also exploited a severe flaw in Cisco Catalyst SD-WAN controllers to bypass input validation and create hidden root-level accounts. - Attackers are increasingly targeting these critical edge network devices because they frequently lack deep forensic visibility. Full breakdown → s1.ai/GBU9-Wk26
1
4
12
1,884
AI is reshaping both the threat landscape and how security teams respond. SentinelOne co-founder and CEO Tomer Weingarten joins @Bloomberg Intelligence analyst Mandeep Singh on Tech Disruptors to discuss securing AI agents, the role of LLMs in the modern SOC, and how M&A and increasingly sophisticated tools are defining the future of cybersecurity. 📻 From Bloomberg's Tech Disruptors 🎙️ Featuring SentinelOne's Tomer Weingarten 🔊 Listen to the full interview: bloom.bg/4w3PzxH
3
12
1,419
@LabsSentinel analyzed macOS.Gaslight, a DPRK-aligned Rust implant. It gaslights the AI reading the output. Embedded inside the binary: a 3.5 KB prompt-injection payload. 38 fabricated "system" messages built to steer an LLM-assisted triage pipeline into aborting or refusing its analysis. Fake token expiries, out-of-memory kills, disk exhaustion, and bogus injection warnings. 🧵👇
2
6
23
2,467
At the time of writing: 0/61 detections on VirusTotal. The rest of the tradecraft is hardened: - C2 runs over Telegram, AES-GCM encrypted, certificate-pinned TLS - The bot token self-redacts, leaving only a placeholder in logs and crash artifacts - Python stealer harvests browser data, login keychain, and terminal history via a novel CPython delivery method
1
2
6
775
macOS.Gaslight uses a 38-message cascade that spoofs the triage harness's own prompt scaffold. The boundary blurs. Anyone building LLM-assisted analysis pipelines: treat what you're triaging as adversarial input. Always. Full analysis from SentinelLABS: s1.ai/gaslight
2
12
742
As a partner in @OpenAI's Daybreak Cyber Partner Program, SentinelOne is bringing GPT-5.5 into our offerings, starting with Wayfinder Frontier AI Services, to give security teams faster investigation, sharper prioritization, and earlier risk identification across the threats that matter most. From Gregor Stewart, our Chief AI Officer: “Defenders need AI that can reason across complex signals while staying grounded in the workflows and expertise security teams already trust. That’s why Wayfinder Frontier AI Services was built multi-model from day one. By incorporating GPT-5.5 through the OpenAI Daybreak Cyber Partner Program, we are reinforcing SentinelOne’s commitment to AI-accelerated security delivered through, defensive services that help identify risk proactively, grounded in deep telemetry, diverse AI reasoning, and elite human expertise.” Read more: bit.ly/4w4gvxA
2
4
14
1,813
Law enforcement dismantled massive phishing and malware networks, a ransomware cartel abused Microsoft Teams infrastructure, and a state-sponsored group targeted medical research data. This is the Good, Bad & Ugly. ⬇️ ✅ GOOD - Authorities dismantled Outsider Enterprise, a Chinese PhaaS operation responsible for $1.9 billion in financial losses via fraudulent SMS campaigns. - Google disabled thousands of associated domains and is actively coordinating with major U.S. carriers to aggressively block malicious text messages. - Europol and Eurojust successfully removed SocGholish malware infections from nearly 15,000 compromised WordPress websites and dismantled over 100 command servers. ⚠️ BAD - The DragonForce ransomware operation is utilizing custom malware, Backdoor.Turn, to conceal C2 communications within legitimate Microsoft Teams relay infrastructure. - Attackers leverage Microsoft’s TURN protocol to establish direct QUIC sessions, remaining undetected by network defenders observing only trusted outbound traffic. - The threat actors employ extensive BYOVD techniques, systematically deploying vulnerable drivers to achieve kernel-level privileges and actively terminate host security tools. 🤢 UGLY - PRC-linked espionage group UNC6508 breached legacy REDCap servers to stealthily steal sensitive research from a North American medical institution. - The attackers deployed the custom "InfiniteRed" malware, which intercepts user logins and receives commands via HTTP cookies to grant extensive execution capabilities. - Operators uniquely abused legitimate enterprise content compliance features to automatically exfiltrate emails containing specific geo-strategic and molecular discovery keywords. Full breakdown → s1.ai/GBU9-Wk25
2
2
12
1,396
Threats are accelerating. Frontier AI is re-writing the rules. One conference keeps you ahead. While other conferences traffic in ideas, OneCon delivers real-world outcomes. Unlock the skills, insights, and clarity to innovate safely and gain the advantage in a new age of cybersecurity. The AI era isn’t coming. It’s here, at OneCon. Register → onecon.io
1
11
965
Monitor, secure, and govern AI agents at scale: SentinelOne is a launch partner for @awscloud's new Amazon Bedrock AgentCore 3P Guardrails for AI agents. @prompt_security capabilities are now natively embedded in AgentCore. Every organization building and running AI agents on AWS needs the same security controls they rely on across the rest of their infrastructure. This integration puts those guardrails inside AgentCore, where the agents are running. Security policies configured once in AgentCore enforce consistently across all agent activity: prompt injection detection, PII exposure, tool-use validation, LLM response monitoring, and data leakage prevention. Read the full announcement: s1.ai/Bedrock-AgntCor
4
12
1,200
Purple AI is bringing frontier-AI into the modern agentic SOC. In today’s SOC, detections increase. Alerts queue. Verdicts wait on analyst availability. Coverage drops on nights, weekends, and during surges. Investigation capacity is the binding constraint of the modern SOC. Purple AI Agentic Investigation closes the gap. When a critical alert crosses the threshold, Purple AI acts. Autonomously. Zero-click agentic investigations that run natively in the Singularity Platform, where your data and workflows already live. It detects, investigates, verifies, and responds autonomously. Investigations that once took hours or days now take minutes and seconds. The degree of autonomous response stays on the SOC's terms. Every verdict carries a complete, auditable evidence chain. Automated workflows can be customized to include human gates. The agentic SOC is operational. Activate it in your Singularity console. s1.ai/agentic
1
3
11
1,101
🌟 SentinelOne is named a Major Player in the 2026 IDC MarketScape for Worldwide SIEM Platforms The rise of the agentic SOC requires a fundamentally new, AI-native approach to threat detection, investigation and response. SentinelOne’s Singularity AI SIEM brings together the power of petabyte scale hot storage, AI Data Pipelines, Hyperautomation, and our Purple AI SOC analyst to give defenders a decisive operating advantage against modern threats. 💪 Why it matters: Security teams are drowning in alert volume, spiraling data costs, and analyst shortages. SIEM is the operational core of the SOC, and the old guard wasn't built to handle today’s reality, let alone what's coming in the frontier AI era. What's new: IDC MarketScape recognized SentinelOne for its cloud-native Singularity AI SIEM, the data foundation that underpins the Singularity Platform and SentinelOne’s agentic threat detection, investigation and response. ➡️ The details: - Native EDR telemetry integration eliminates re-ingestion costs and enhances detection fidelity - Purple AI enables natural language querying, automated investigation, and AI-generated case summaries - Singularity Hyperautomation and Singularity AI Data Pipeline is built in, not bolted on as a third-party add-on
3
10
1,500
Law enforcement dismantled a major crypto laundering empire, a PRC-linked botnet targeted U.S. military infrastructure, and a self-replicating worm infected major open-source repositories. This is the Good, Bad & Ugly. ⬇️ ✅ GOOD - Europol dismantled the AudiA6 cryptocurrency laundering network, arresting two senior administrators and seizing vast digital assets. - The joint operation disrupted an industrial-scale infrastructure that laundered over $380 million for global ransomware syndicates. - The FBI seized 13 fraudulent websites used by Chinese intelligence operatives to recruit U.S. citizens holding sensitive government security clearance. ⚠️ BAD - The VOlt Typhoon-linked JDY botnet expanded its global footprint to over 1,500 compromised SOHO and IoT devices. - Operators are weaponizing the network to conduct stealthy distributed scanning and fingerprinting against U.S. military infrastructure. - The malware executes exceptionally fast SYN scanning using custom-crafted TCP packets to rapidly locate vulnerable edge devices. 🤢 UGLY - The Miasma supply chain worm recently compromised 73 Microsoft GitHub repositories to automatically trigger malicious code execution in developer environments. - Attackers evolved the campaign into the Hades variant, poisoning 19 PyPI packages with hidden setup files that execute silently during Python startup. - The malware deploys heavily obfuscated credential stealers and incorporates novel plain-text prompt injections to deceive LLM-based package analysis tools. Full breakdown → s1.ai/GBU9-Wk24
5
16
2,079
Another big win for SentinelOne customers looking to embrace and derisk Claude usage in the workplace. SentinelOne integrates directly with the Claude Compliance API, bringing AI activity into the security platform your teams already trust: → Prompt Security — Real-time policy enforcement on prompts and responses. Agentless. Works on both managed and unmanaged devices. → Singularity AI SIEM — Claude activity ingested as native telemetry, correlated against your full security picture. AI interactions no longer live in a silo. Security should move at the speed of AI. Now it can. 🔗 s1.ai/Claude-API
3
15
1,308
In the final video from our @labscon_io 2025 Replay series, @juanandres_gs argues that the experimental era of cybersecurity is ending. Years of piling complexity onto non-standardized software stacks have produced systems that have left security unsteerable and costly to human-only management. What changed the entire equation is the rise of large language models. JAGS describes them as a new source of cheap, effectively unlimited evaluative power, a "lossy compression of human knowledge." Used well, that kind of mechanized intelligence gives defenders a scalable way to assess, prioritize, and act. It also lowers the cost of analysis and changes how defensive work can be done at scale. This argument shapes JAG-S' broader point about how security should evolve. Drawing on cybernetics, he urges the industry to move beyond purely adversarial, agonistic design and toward systems where human expertise and artificial evaluative power work together to produce better outcomes. The blueprint is to build in, not bolt on. Rather than defending old product categories or familiar workflows, it’s time for a more standardized, automated, and sustainable future. Watch the keynote: s1.ai/LC25-JAGS
1
2
12
1,431
OneCon26 isn't most security conferences. We're opening the stage to the people actually doing the work — the ones shipping detections late at night., the researchers tearing apart novel malware, the defenders who fought an AI-driven attack in real time and lived to victoriously write the runbook. If you've built something that worked when it shouldn't have, broken something that everyone said was unbreakable, or seen a pattern nobody else is naming yet, that's the talk we want. Not theory. Not roadmap slides. The work, as it actually happened. Submissions close July 2, 2026. Analysts, architects, defenders — pitch us your sharpest idea. The agenda starts with you. → Apply to Speak: s1.ai/OneCon26-CFC
6
732
$100K. One world title. 400+ flags pulled from live attack campaigns. Your move. The Threat Hunting World Championship 2026 opened June 2. Compete against threat hunters around the world in brand-new 30-minute capture-the-flag rounds. The Top 200 players per region will advance to the September Regional Finals. Three regional champs earn an all-expenses-paid trip to OneCon26 in Vegas to compete live for the world title. With a charity donation made in their names. $100K+ pool. Every round pays. Compete from your seat. Enter now and start earning your rank today. → lnkd.in/gScPJbqX
8
910
Law enforcement dismantled massive cryptocurrency fraud rings, a Chinese cybercrime group expanded its global phishing footprint, and attackers exploited a critical authentication bypass in Palo Alto VPN portals. This is the Good, Bad & Ugly. ⬇️ ✅ GOOD - Spanish National Police arrested a suspect connected to a massive data leak exposing sensitive government employee information. - The U.S. Treasury officially sanctioned Iran's largest cryptocurrency exchange, Nobitex, for facilitating ransomware payments. - The DoJ disrupted widespread transnational cryptocurrency investment fraud networks across Southeast Asia, freezing $3.8 million in stolen digital assets. ⚠️ BAD - China-linked threat actor TA4922 is aggressively expanding its financially-motivated phishing campaigns into Europe and South America. - Attackers shift victim communications to out-of-band channels like WhatsApp and Teams to bypass enterprise security controls. - The group uses DLL side-loading to deploy advanced remote access trojans and secondary executables to harvest sensitive corporate data. 🤢 UGLY - Palo Alto Networks confirmed that threat actors are actively exploiting a critical authentication bypass vulnerability in GlobalProtect VPN portals. - Attackers retrieve public keys via standard HTTPS sessions to generate forged authentication cookies, frequently targeting local administrator accounts. - CISA added the flaw to its Known Exploited Vulnerabilities catalog as attackers successfully secured full VPN IP assignments to access internal networks. Full breakdown → s1.ai/GBU9-Wk23
1
9
1,403
Five years ago, @labscon_io started as an ambitious experiment. Could we build a brand-new conference centered entirely on original security research? Could we create a venue where the work spoke louder than the marketing, where researchers challenged assumptions, shared discoveries, and pushed the industry forward? The answer has been an emphatic yes. As we prepare for LABScon 2026, we're excited to announce that this will be the final edition of LABScon. If we're going to close this chapter, we're going to do it the only way we know how: by putting together the strongest program we've ever had. This year, we're looking for the work that will define what's next. The boldest ideas, the uncomfortable findings, the research that changes how we think about this unknown era that’s upon us. The final LABScon CFP is open now and closes June 19. To everyone who has spoken, attended, sponsored, volunteered, debated, argued, collaborated, and helped make LABScon what it became, thank you. What started as a conference became a real community, and we're incredibly proud of what we built together. Every project has a lifecycle. We're ending this one on our terms, at its peak, with gratitude for everything it accomplished and excitement for what comes next ;) See you in Phoenix! Submit at labscon.io
8
25
2,041