‘Everybody wants to say they have agents,’ Weingarten tells CRN. ‘But tangible outcomes [with agentic]? That’s a whole different story right now.’
Among the throngs of cybersecurity vendors that have recently released AI agents for use by partners and customers, the typical approach falls short of truly improving cyber defense with agentic, SentinelOne Co-Founder and CEO Tomer Weingarten told CRN.
“Everybody wants to say they have agents,” Weingarten said during an interview Wednesday. “I think it’s just coming from these companies needing to rush something out and to say, ‘We’re here, we’ve got agentic capabilities.’ But tangible outcomes [with agentic]? That’s a whole different story right now.”
[Related: SentinelOne CEO Tomer Weingarten’s 5 Boldest Statements At OneCon 2025]
Weingarten spoke with CRN during SentinelOne’s OneCon 2025 conference in Las Vegas, which saw the company debut an array of AI-powered products for security analysts in a move toward fulfilling the vendor’s vision for an “agentic SOC” (Security Operations Center).
SentinelOne, in fact, is the first to deliver what could be considered a “fully agentic” SOC offering, Weingarten said. That’s in contrast to other major vendors that have focused more heavily on providing individual AI agents for various security tasks — such as alert triage or threat investigation — as well as on providing platforms for organizations to build their own agents, he said.
“If you look at any other platform out there, those claims of being an agentic SOC are basically, ‘I’m going to give you some way to build agents, and you will figure it out. I’ll give you different types of agents. And you will build the workflow, figure out how it works,’” Weingarten said.
“Now the liability is on you,” he said. “They give you this ‘agent studio’ concept where they say, ‘Oh, you want agents? No problem. You can build any agent that you want. Here you go. Now you can say that you’re fully agentic.’”
What SentinelOne is aiming to do instead is to provide a “turnkey” agentic SOC platform, Weingarten said — which can become increasingly autonomous over time, as partners and customers learn to trust the decision-making of the agentic system.
“If the guardrails are very set and the outcome is relatively predictable after you’ve run it in trial mode for however long you want — then at that point, you can [gain] a level of confidence,” he said.
And if a partner or customer reaches the stage of trusting the agentic system, “why would I need to go to an agent studio? ‘Oh, I need the triage agent and I need the investigation agent and the forensic agent.’ Why?” Weingarten said. “Why are you [the vendor] making this my problem as the customer, when you’re the cybersecurity expert? What’s the deal here?”
Ultimately, what cybersecurity industry vendors need to prioritize now is moving from an agent-focused approach to delivering truly agentic systems, he said.
“That’s where I think a lot of [vendors] in cybersecurity are just missing it,” Weingarten said. “They give you components. They don’t focus on the experience or on the outcome.”
‘Huge Opportunity’ For Partners
For solution and service provider partners of SentinelOne, the opportunities are abundant in helping customers get ready for an agentic SOC transition, he said. Partners can tap into the newly announced integration of technology from SentinelOne’s recent acquisition of Observo AI, which can optimize data pipelines for autonomous threat detection and response, according to SentinelOne.
In the short-term, however, the even larger growth opportunity is around enabling customers to secure GenAI usage among employees, Weingarten said. To assist on that front, SentinelOne debuted a portfolio of new AI security offerings this week in connection with its recent acquisition of Prompt Security.
“I think the biggest immediate opportunity for partners is to come in and help customers adopt AI securely. Whether it’s agentic studios or employee usage, Prompt gives you that complete umbrella to secure AI, no matter where it lives,” Weingarten said. “So that’s a huge opportunity, and it’s a ‘now’ opportunity.”
‘It’s Stupid Not To Get Prepared’
Speaking with CRN, Weingarten also discussed how future geopolitical conflict could fuel dramatically increased cyberattacks and disinformation. During a keynote session at OneCon, SentinelOne executives presented an assessment that a Chinese invasion of Taiwan by 2027 — as well as a Russian invasion of a second European country by 2030 — are both highly probable.
While there is of course no certainty in the assessments, “we know likelihood and we know probability,” Weingarten told CRN. “Now if you feel like the probability is relatively high, then it’s stupid not to get prepared. It’s stupid not to put investment in everything you can, to try and lower the likelihood of [impact] if and when these things occur.”
What follows is more of CRN’s interview with Weingarten.
Do you see geopolitics becoming a bigger factor than in the past for cybersecurity?
I think it’s just going to be taking another form. If you think about it, geopolitics drives the entire threat landscape. Cybercrime obviously is a big component in that as well. Sometimes the lines are very blurry between cybercrime and state-sponsored [activity]. I do think that when you peel off beyond the cybersecurity intrusions that we are all thinking about and trying to protect from, there’s another layer — which is disinformation and influence warfare. In the past five to seven years, we’ve seen more and more activity. It’s very under the radar, very hard to attribute. I think that is something that we’re going to start seeing — or at least start noticing — more and more. [We may start] realizing that some of the things that we consume may not be as innocent and unbiased as we think these things are.
The other facet is the manipulation of the [AI] models that we trust, and that’s actually something that we’ve already started seeing. At this point, I think the model companies are successful in keeping those at bay. But it’s very clear that when you think about these models — ChatGPT or Claude or Gemini — they index the web. They’re almost a new form of a search engine, and they are feeding from what’s on the web to establish their knowledge base, to establish their answers on specific topics. If you poison some of these pages on the web and you create fake content, and you create different opinions, and you do it in a certain volume — you can actually impact what these models eventually will output. So I think we’ll just find more layers of nation-state grade warfare — to just sway public opinion to create discord. Ultimately some of these things can be weaponized, to even topple democracy. But I think what’s clear is that reality can relatively easily be manipulated.
So this is one result of the continuing fusion of the physical and digital worlds, then?
Digital warfare today, intelligence gathering, open intelligence — all of that, obviously, is fused into how every army and military is operating. I think it’s not far-fetched to see [more of that]. We’ve actually seen some evidence of that even with Russia invading Ukraine. It was probably one of the first instances of a fully declared, broad daylight usage of hybrid warfare — which means some cyber elements, some digital elements, and some obviously traditional warfare. But when you think about these geopolitical moves, you understand that it is in many cases also [about], what do you want to control in this day and age? You want to control compute. You want to control the chips. So there’s a lot that’s at stake — but it all comes back to compute, to energy, to resources, natural resources. All of that is kind of becoming one and the same. That’s why I think you’re seeing that blurring of the lines between cyber and AI, but then the physical world and the physical resources that you need to actually run AI. That’s where things can become almost commingled.
But we may have not seen the full brunt of what China or Russia can do yet in terms of cyberattacks?
These are theories. And I think that no matter how much proof you’re seeing, most folks don’t subscribe that something is happening until the moment that it’s actually happening, almost no matter what you put in front of them. I think that’s the state of affairs.
But we can become more prepared. I think that’s the [key] thing. Let’s say this is not for certain. None of us can predict the future — not in a very accurate manner at least. So we don’t know what things are going to happen. We don’t know the timeline. But we know likelihood and we know probability. Now if you feel like the probability is relatively high, then it’s stupid not to get prepared. It’s stupid not to put investment in everything you can, to try and lower the likelihood of [impact] if and when these things occur. That’s what we’re dealing with in all of cybersecurity, it’s all about probabilities. Where do we need to put more firepower to lower the probability of an intrusion or damage? And how do we mitigate risk as a whole? So all these concepts are very similar.
As far as preparing though, do you feel like most of the security tools we have today are autonomous enough to protect us?
It’s a problem that is unsolvable with the current tool sets that we all have. That’s why you read about breaches every day. If it was something we could have solved with the tools that we have, you would assume there would be fewer breaches. But it’s just not the case. So I think that when you then try and understand, how are these breaches happening? What we realize time and time again is that it’s always the same broad-based concept — which is, [the attackers] through the cracks. They go through where things are just not connected enough, and one side does not know about the other, and thus I can compromise an organization — almost regardless of the defenses that they have.
When you look at the vision we’ve put in place, and the acquisitions that we’ve done, ultimately what we’re trying to do is make it easy to monitor everything. If you can’t monitor it, you don’t know it’s there and you don’t know what’s happening.
Visibility also [requires] a ton of data. If you are truly going to monitor everything that’s part of an attack surface, the next immediate thing is to connect all the data. With a few clicks in Observo AI, everything is connected, everything is flowing. Now what do you do? Do you need to hire large numbers of people to parse through all these different things? Obviously, that’s not scalable. That’s where the autonomous SOC vision comes in. Basically you say, I want to program AI that’s going to be efficient enough, accurate enough, intelligent enough, structured enough and safe enough to be able to do those correlations for me and filter down all the noise.
Between all of that, you sometimes find very meaningful signal. And sometimes that signal cannot arise if you don’t connect it with other surfaces. Scattered Spider is a perfect example of something that can be totally preventable in the age of the autonomous SOC. [You just need] cross-source detection of stolen credentials, and [detection of] misuse of a privileged account that is now accessing things they should not access, or logging into devices they’ve never logged in to into the past. But if you don’t fuse user authentication data sources and endpoint protection data sources and potentially network firewall sources and threat intelligence and stolen credential sources, you have no way to ascertain that this [system] is compromised. The completeness of data and how you parse through the data — those are the two most immediate issues we have.
You mentioned you believe SentinelOne is delivering the first “fully agentic” SOC platform — what’s the biggest place where you feel you’re ahead of others?
I think the simplest thing I can point to is, it’s one click, turnkey, and it works. If you look at any other platform out there, those claims of being an agentic SOC are basically, “I’m going to give you some way to build agents, and you will figure it out. I’ll give you different types of agents. And you will build the workflow, figure out how it works, figure out how you take the alerts that the platform is generating and the agents that I’m supplying to you — and here you go.” Now the liability is on you. And I have no idea how you audit it, and I have no idea what the approval chain is, and I have no idea if it’s going to be accurate for you, and I have no idea what the outcome is going to be for you — but I gave you the agents. That’s kind of what I feel is happening in cybersecurity today. It’s like, everybody wants to say they have agents. So they give you this “agent studio” concept where they say, “Oh, you want agents? No problem. You can build any agent that you want. Here you go. Now you can say that you’re fully agentic.”
But that’s a different thing from an agentic SOC in your view?
Yes. I think it’s a move from the agent concept to [an agentic] system concept. And that’s where I think a lot of [vendors] in cybersecurity are just missing it. They give you components. They don’t focus on the experience or on the outcome. We [as vendors] control everything — why would we now offload things to the customer to have to figure out? We know where the data is coming from. We know the investigation steps. We have the MDR service. We’re monitoring all these things. Why wouldn’t we be able to build logic that is autonomous enough — based on agentic capabilities — that you can just launch. And today it’s launched. I think tomorrow, if you’re seeing it work in a trusted manner, and the verdicts are continuously valid and accurate, then turn it on. Let’s just start having this run in the background and do the work for you, with human supervision. But if the guardrails are very set and the outcome is relatively predictable after you’ve run it in trial mode for however long you want — then at that point you can start saying, “For these next 100 alerts, have all of them be agentically investigated.” And then after that process finishes, you get a distilled screen that tells you [the verdicts] with a level of confidence. Why would I need to go to an agent studio? “Oh, I need the triage agent and I need the investigation agent and the forensic agent.” Why? Why are you [the vendor] making this my problem as the customer, when you’re the cybersecurity expert? What’s the deal here? And I think it’s just coming from these companies needing to rush something out and to say, “We’re here, we’ve got agentic capabilities.” But tangible outcomes [with agentic]? That’s a whole different story right now.
SentinelOne also has a long history of focusing on autonomous security?
100 percent — we kind of coined the term autonomous security way back when, before ChatGPT, because we actually embedded machine-learning models that worked autonomously for endpoint protection. It was not done for the entire enterprise dataset. But the concept was very clear. And then we went and bought a data analytics company — because we realized what we can do for endpoint, we should be able to do for every surface in the enterprise. And if we can bring all of those together, then you’ve got a radically different way to think about cybersecurity.
When we think about the autonomous SOC, you can’t decouple it from the SIEM story. It’s almost like, if the autonomous SOC is fulfilled correctly, it will make the SIEM a thing of the past. The autonomous SOC comes with the data ingestion and the data storage and the data parsing, which is like three fourths of what the SIEM is doing.
And you’re also supporting third-party products to a large degree?
Our investment is in the brain that can understand what to do. [For instance] our role is not to come and say, “We’re going to give you a new vulnerability management solution.” Our role is to say, “You’ve got Qualys, Tenable, Rapid7 — amazing. We can now tap into that and make it 10 times better.” Because we have the decision-making brain. We can run the prioritization, we can give the full context and we can instruct these products on what they should be doing in place of the human that, right now, is pushing 100 different buttons and running after patches. Here, imagine a flow where we’re not the patching mechanism — but through threat intelligence, I now got an alert that there’s a new active exploitation campaign for SharePoint. And by virtue of my monitoring, I see that you have 100 servers in your environment that are vulnerable to this in an active campaign. What comes next is, you’ve got risk in here and this is the proposed patching plan — click here to put it into Qualys. It’s not, “Click here to deploy SentinelOne to patch the vulnerability.” So that’s where we want to be focused. We want to be focused on the intelligence. We want to be focused on the logic. We want to be focused on solving the big issues — not on just building more controls for the enterprise and adding another buck to our P&L. It’s a philosophy more than anything else. But it does create a lot of focus for us, and it does create a faster cadence of development. [If you can] solve that then everything else becomes much, much better — even if you don’t control it, even if it’s not our technology.
What do you see as the biggest opportunity for partners at this stage?
First and foremost [it’s about] security for AI. The pull from the customers is amazing. It’s nothing that I’ve seen before. It’s very clear that everybody’s looking for ways to regulate generative AI usage in the corporate environment. I think the biggest immediate opportunity for partners is to come in and help customers adopt AI securely. Whether it’s agentic studios or employee usage, Prompt gives you that complete umbrella to secure AI, no matter where it lives. Whether it’s on the endpoint in the cloud, it doesn’t really matter. So that’s a huge opportunity, and it’s a “now” opportunity. A lot of them are already having these conversations. So I think that’s just going to get more and more comprehensive as we go forward.
The second thing is, to get to the autonomous SOC, the first step is to start getting data in. Let’s start to route the data. Let’s start figuring out, how do we move data from which systems? And how do we optimize, filter and enrich all these data sources? That is [the capability of] Observo AI. Data pipelines are that first building block for the autonomous SOC. Because if you can’t route the data efficiently into the data lake, into LLMs, into other destinations, then you’re kind of stuck. There are quite a few companies that are trying to work with data, wherever data is at, without trying to move it or route it or stream it. I think that is just showing very low yields. So it’s not far-fetched to see that data pipeline [technology] is going to be required in order to unlock this real-time mode of operation. You can make any promise in the world. But if I need to work off of Splunk, and you are telling me, “Go query Splunk and figure out what to do” — I can do that, but it’s going to take minutes and minutes [to get an answer]. So maybe the outcome is, “Oh yes, I found something bad on Splunk” — great, but it happened an hour ago, and the attackers are already out and they took all your data. I think people are very quickly going to realize, if you can’t do it streaming, if you can’t do it near real-time, it becomes meaningless.
Where do you see the autonomous SOC going next?
I think that we would love to show that machines can deal with cybersecurity in a highly accurate manner. That’s what we’ve proved for the endpoint — [where we offer] a fully autonomous agent that works with no human supervision whatsoever, albeit for a much narrower-scope problem. What we would love to show is exactly the same thing, but for anything you connect to the platform. So ideally, next time I’m on the OneCon stage I’ll show how I myself — one human — can click and secure an enterprise deployment of 100,000 employees, end-to-end, in three minutes on stage. And I think it’s fully doable.
