SentinelOne Acquires Observo AI to Usher in Open, Autonomous Security Operations

SentinelOne to Acquire Observo AI

SentinelOne, a leader in AI-native security, announced plans to acquire Observo AI, a data streaming platform focused on AI-native telemetry pipeline management. This acquisition will strengthen SentinelOne’s AI SIEM and data services, which are among its fastest-growing offerings and recently contributed to record quarterly bookings in Q2 FY26.

The deal aims to transform security operations by improving how SOC teams collect, enrich, and act on data across their security environments. This comes at a time when security teams face rising costs, complexity, and delays caused by increasing volumes of security data, which limit visibility and slow response times.

Addressing the Data Challenges in Security Operations

Traditional data platforms were not built to handle the scale and speed required by modern AI-enabled SOCs and today’s sophisticated cyberattacks. Observo AI offers a real-time telemetry pipeline that ingests, enriches, summarizes, and routes data across enterprises before it reaches SIEMs or data lakes. This approach helps reduce costs, improve threat detection, and accelerate response times.

SentinelOne’s CEO, Tomer Weingarten, emphasized that security fundamentally revolves around data. Legacy, rules-based data pipelines can’t keep up with today’s data-rich security operations. Observo AI’s architecture is open, intelligent, and designed for scale, enabling seamless data routing into SentinelOne’s AI SIEM or any other system.

A New Chapter in Security Data: Open, AI-Native, Autonomous

Enterprises now generate massive amounts of security and observability data from endpoints, cloud workloads, identity systems, and GenAI applications. Traditional telemetry pipelines have been costly, siloed, and rigid, limiting the value of this data.

By integrating Observo AI, SentinelOne will offer customers a modern, policy-driven pipeline that breaks down silos and unlocks the full potential of security data. SOC teams will be able to detect threats faster, reduce data storage costs, and simplify operations. Key features include:

• Freedom to Integrate Anything, Anywhere: Supports open formats like OCSF, JSON, OTLP, and Parquet, allowing telemetry to be routed to any destination—SIEMs, data lakes, security tools, or cloud platforms—without vendor lock-in.
• AI-Driven Enrichment and Filtering at the Source: Applies classification, masking, correlation, and summarization in real time using AI models. Only the most relevant and enriched data moves downstream, improving detection speed and reducing costs.
• Efficiency Without Sacrifice: Reduces data volume by up to 80% while allowing full-fidelity logs to be rehydrated on demand. This provides lean operational pipelines with access to deep historical context when needed.
• Fleet-Scale Security, Data Governance, and Observability: Includes centralized fleet management, zero-touch updates, PII masking, and automated discovery of new data types, ensuring compliance and data integrity across large environments.
• Built for Human and Machine Intelligence: Features natural language querying, threat enrichment, and context-aware anomaly detection, empowering both analysts and AI agents to respond more effectively.

Building on SentinelOne’s AI-Native Data Foundation

This acquisition enhances SentinelOne's existing hyperscale data infrastructure at the core of its Singularity Platform. Observo AI’s intelligent, policy-driven pipeline enriches and filters data in real time before it reaches storage or analytics layers. The outcome is a streamlined architecture that ingests data from any source, makes it smarter during transit, and stores it with full fidelity.

This foundation supports faster insights, lower costs, and stronger control over the security data lifecycle. It also enables future advancements such as autonomous AI workflows, where AI agents use enriched real-time data to detect and respond with human-like reasoning at machine speed.

Observo AI’s co-founder and CEO, Gurjeet Arora, highlighted their mission to help security and DevOps teams manage complex data challenges. Partnering with SentinelOne opens new opportunities to advance autonomous security and solve critical data problems.

SentinelOne’s CEO described the acquisition as a key step toward building an open, autonomous, AI-powered security platform that delivers more value and choice for customers and partners.

Transaction Details

SentinelOne will acquire Observo AI through a combination of cash and stock. The deal is expected to close in SentinelOne’s third quarter of fiscal year 2026, pending regulatory approvals and customary closing conditions.