SentinelOne has introduced a new identity portfolio designed to enhance the security of both human user accounts and non-human identities, such as autonomous AI agents. This initiative comes in response to the increasing number of attacks that leverage legitimate access credentials.
The company’s approach recognizes that traditional methods of authentication and permission checks are inadequate on their own. Instead, it emphasizes the need for continuous validation of access during activities, allowing security teams to revoke permissions if suspicious behavior is detected.
Identity-driven intrusions continue to pose significant challenges, as attackers often obtain or misuse authorized credentials, allowing them to operate within established workflows. Once they have gained access, they can utilize approved tools and services for lateral movement and data theft, blending seamlessly into regular activity.
This issue is becoming more pressing as businesses experiment with or implement agentic AI systems. These intelligent agents may be granted access to sensitive corporate data, applications, and infrastructure, executing actions independently of direct human supervision. Their rapid operation and transient presence complicate the landscape of identity risk management within organizations.
Beyond Authentication
SentinelOne’s strategy prioritizes execution-based controls across the environments where identities function, which includes endpoints, browsers, AI tools, and automated workloads. The focus is on the continuous validation of actions, applying behavioral controls in real time.
This shift from verifying login validity to evaluating the appropriateness of ongoing actions post-authentication addresses a critical vulnerability: attackers typically do not need to bypass authentication again after gaining access, as their activities take place within sessions that appear legitimate.
Jeff Reed, the Chief Technology Officer of SentinelOne, linked this strategic direction to the increasing prevalence of machine identities in the workplace.
“The rise of AI as autonomous, non-human identities is expanding the attack surface and creating new governance challenges. Identity risk no longer begins and ends at authentication, and attackers are increasingly operating within authorized workflows,” said Reed. “SentinelOne is uniquely positioned to lead this evolution with our AI-native platform that was built to correlate identity, endpoint, and workload signals, enabling security teams to analyze behavioral intent and autonomously contain both human and machine-driven misuse as it unfolds.”
Product Components
The new portfolio is anchored by Singularity Identity, which serves as a valuable source of context about the identities acting within an environment. SentinelOne has also introduced Prompt Security, a tool designed to detect misuse in web browsers and AI applications. Additionally, Singularity Endpoint delivers essential system-level components, facilitating behavioral validation on endpoints.
This portfolio is part of the broader Singularity platform, which already encompasses endpoint security and various detection and response tools. The new identity features represent a movement toward a more integrated view of activity, evaluating identity and endpoint signals simultaneously rather than through disparate products.
Traditionally, identity systems in enterprise settings have concentrated on user accounts and fixed service accounts. However, SentinelOne differentiates between verifying human identity and assessing non-human intent, framing the latter as a matter of behavior rather than merely a static permissions check. This distinction is crucial, especially as AI agents can deviate from their intended functions or be manipulated through authorized workflows.
Market Context
The introduction of this identity portfolio aligns with a wider trend among security and identity vendors as organizations increasingly rely on software-driven identities, including service accounts, application identities, and machine-to-machine credentials. Attackers are focusing on exploiting identity pathways because they provide a straightforward entry into critical systems without needing to target software vulnerabilities directly.
Furthermore, browser activity has emerged as a significant area of concern. Numerous corporate workflows now depend on web applications and software-as-a-service (SaaS) tools, leading to potential misuse through session hijacking, credential theft, and unauthorized access to cloud data. Consequently, solutions that monitor browser activities are becoming essential as security teams strive to align user actions with data movement and policy violations.
SentinelOne’s focus on runtime validation and the ability to revoke access reflects a broader shift toward continuous assessment models in cybersecurity, aligning with zero trust frameworks and behavior-based detection methods. This proactive approach relies on gathering and analyzing telemetry across endpoints and application layers, along with responsive mechanisms that can act swiftly without disrupting genuine work activities.
In essence, SentinelOne emphasizes this identity expansion as a means to combat attackers’ use of sanctioned tools following the acquisition of valid credentials, aiming to minimize the duration of intruder activity before detection and response can take place.
Looking ahead, the company anticipates that identity risk management will evolve to encompass ongoing monitoring of actions performed by both human users and autonomous agents, particularly as automation and machine-driven activities continue to rise.
