SentinelOne

🚨 This week, cybercrime spilled over from malicious networks and software registries directly into physical offices. 🚦 The Good: Dutch authorities dismantled a major Russian-linked hosting network and seized 800 servers, while a cybercriminal was sentenced for breaching an Oregon state government network. The Bad: The FBI warns that the Silent Ransom Group is escalating from social engineering to dispatching physical operatives with USB drives directly to victims' offices for data extortion. The Ugly: The multi-ecosystem "TrapDoor" supply chain campaign is poisoning npm, PyPI, and Crates.io packages, uniquely targeting AI coding assistants to trick them into exfiltrating developer secrets. This was the week in cyber. 🔗 Full technical breakdown: https://s1.ai/GBU9-Wk22

From day one, SentinelOne was architected to stop novel, machine-speed threats. We were purpose built to be a Leader in the AI era. For the sixth consecutive year, Gartner has named SentinelOne a Leader in the Gartner® Magic Quadrant™ for Endpoint Protection. What's driving the recognition: ✅ Autonomous detection and response at machine speed ✅ Unified visibility across endpoint, identity, cloud, and AI ✅ AI usage control through the Prompt Security acquisition ✅ AI-native from day one — not retrofitted 📖 Read the full report: https://s1.ai/GrtnrMQ26

~50% of SentinelOne's ARR now comes from emerging solutions. That's what platform expansion looks like. This quarter, our emerging solutions — AI, Data, Cloud, and more — reached half of our total ARR, alongside record net new ARR growth and the launch of Purple AI Auto-Investigations. 📈 Q1 FY2027 highlights: - $1.163B ARR — +23% YoY - $277M Revenue — +21% YoY - Record net new ARR growth - 4% Operating Margin (non-GAAP) — ~550 bps improvement YoY - 22% Adjusted FCF Margin (non-GAAP) — ~230 bps improvement YoY - $0.04 EPS (non-GAAP) — +83% YoY - ~50% of ARR from Emerging Solutions Securing modern enterprises requires machine-speed defense — and infrastructure built for what's next, not retrofitted for it. Thank you to our customers, partners, and Sentinels. 🔗 Read the press release: https://s1.ai/Q1-27-PR 🎧 Listen to the call: https://s1.ai/Q1-27-Ern

The AI era made your existing attack surface more valuable to adversaries — and exposed AI API keys are up 140% year-over-year to prove it. The May edition of Code Purple is live. Inside this newsletter: 🔗 How Wayfinder Frontier AI Services powered by Anthropic's Claude and SentinelOne's elite operators — exposes end-to-end attack paths and stops them before adversaries can finish building them. 🪱 SentinelLABS uncovers PCPJack, a predatory credential worm that evicts rival threat actors, skips cryptomining entirely, and goes straight for AWS, Kubernetes, and 30+ cloud services. 🎭 Trust as a Vulnerability: Meet Reaper, a macOS stealer that spoofs Apple, Google, and Microsoft in a single attack chain. The victim never sees an unfamiliar name. 🧱 We red-teamed a government AI that blocked every jailbreak until we attacked its structure. A JSON-wrapped phishing payload and a Base64-encoded instruction were all it took. 🤖 The Invisible Attack Surface: Most security teams can't tell you how many AI agents are running in their environment right now. Prompt Security for Agentic AI closes that gap. The bottom line: The threats are faster, smarter, and hiding in plain sight. Frontier defense has to match that autonomously, continuously, and at machine speed. Read the full May edition of Code Purple here:

From day one, SentinelOne was architected to stop novel, machine-speed threats. We were purpose built to be a Leader in the AI era. For the sixth consecutive year, Gartner has named SentinelOne a Leader in the Gartner® Magic Quadrant™ for Endpoint Protection Platforms. Autonomous detection. Machine-speed response. Built for this moment. 📖 Learn more: https://lnkd.in/dt5VJi4p

🚨 This week, cybercrime hit global networks, endpoints, and core OS defenses simultaneously. 🚦 The Good: International police made 201 cybercrime arrests across the MENA region, Ukraine unmasked an infostealer operator who compromised 28,000 accounts, and authorities seized a criminal VPN used by ransomware groups. The Bad: Researchers exposed “SHub Reaper,” a deceptive macOS infostealer spoofing Apple, Google, and Microsoft. It bypasses security mitigations to lift credentials and drop persistent backdoors. The Ugly: Microsoft warned that threat actors are actively exploiting two Windows Defender zero-days in the wild, turning endpoint protection engines against themselves to escalate privileges. This was the week in cyber. 🔗 Full technical breakdown: https://s1.ai/GBU9-Wk21

✨ “Progress doesn’t come from repeating what exists. It comes from the courage to see what hasn’t been seen, to invite voices not yet heard, and to boldly reshape the mold.” That’s not just a quote from Rachel Park, AVP of Product Marketing at SentinelOne, it’s a blueprint. As the daughter of Korean and Cantonese immigrants, she grew up navigating cultures, languages, and perspectives—learning early on that complexity isn’t something to simplify, but something to embrace. That upbringing didn't just shape her identity — it sharpened her instincts as a marketer and a leader.  Rachel believes the best teams are built on diverse perspectives, high integrity, and a shared willingness to do hard things. It’s not about fitting a mold—it’s about bringing your experiences forward to unlock new ways of thinking, solving, and collaborating. Now, as a new mother, her thinking on legacy has sharpened even further. She's passing on traditions, resilience, and community — and that same intentionality shows up in how she leads. At SentinelOne, that belief in community and authenticity fuels how teams support one another, innovate, and grow—together. This Asian American and Pacific Islander Heritage Month, we’re proud to spotlight Rachel’s story—one that reminds us that difference isn't a hurdle to overcome on the way to leadership. More often, it's the thing that gets you there. 👉 Read more about Rachel’s journey: https://s1.ai/AAPI-2026

Turn blind trust into verified control with Prompt Security for Agentic AI. AI agents use trusted workflows and permissions to bypass traditional security. They act and execute. They hold credentials. Call APIs. Modify data. Chain actions across business-critical systems, at machine speed, without per-step human approval. Every agent in your environment is a non-human identity reasoning, deciding, and executing on your behalf. Most security teams can't tell you how many are running right now. That's the gap. And it's why we built Prompt for Agentic AI Security, SentinelOne's real-time discovery and governance control plane for the agentic layer. It surfaces every agent and MCP server across your environment (sanctioned or shadow). It maps what each one can reach, what it can do, and what permissions it holds. It scores risk dynamically. It enforces least privilege before unauthorized action chains can fire. And it gives you a full audit trail of every decision an agent made and every system it touched. Security shouldn’t be the reason your organization can't adopt agents. It should empower you to adopt them with confidence. Learn more: https://bit.ly/4nO5NIE

Industry-leading runtime protection, activated in one click in the AWS console. SentinelOne's Singularity Platform is now available through Amazon Web Services (AWS) Security Hub Extended. AI-powered endpoint protection, deployable in minutes from the AWS console customers already use. Turn on SentinelOne’s endpoint and detection and response (EDR), and cloud workload security with a single click. Deploy it seamlessly across their environment, and manage it alongside their broader AWS security signals all in one place. Use the AWS budgets and commitments you already have. One contract. One bill. No new procurement cycle. Security procurement simplified. Coverage complete. As Melissa K. Smith, our SVP of Global Strategic Partnerships, put it, "We're removing friction so teams can get to protection faster." Available now in all commercial AWS regions → https://s1.ai/AWS-HbExt

In case you missed it — SentinelLABS cracked a 20-year-old mystery: Fast16, a state-grade sabotage tool that predates Stuxnet by five years. Swipe right to learn more. Full SentinelLABS report: https://s1.ai/fast16 Andy Greenberg's WIRED piece (excellent companion read): https://s1.ai/WIRED-F16