SentinelOne is set to acquire Observo AI in a deal that could redefine how security teams handle data - shifting the focus from storing raw telemetry to enriching and acting on it in real time.
Observo AI takes a different tack on security data. Instead of pushing raw telemetry downstream into a SIEM or data lake, its pipeline processes everything in real time, right at the point of ingestion. Data is classified, enriched, and summarized as it flows, stripping out the noise and surfacing what matters. The result is a cleaner, faster stream of insights that lowers costs, sharpens detections, and speeds up response. For SOC teams, that shift is immediate: they spend less time wrestling with bloated datasets and more time acting on intelligence, whether through automation or human analysis.
Expanding Capabilities Across the Platform
Bringing Observo AI into the fold gives SentinelOne a chance to rethink how security data actually moves. What used to be locked inside rigid, expensive pipelines can now flow openly across systems, since Observo supports widely used formats like OCSF, JSON, OTLP, and Parquet. Instead of waiting until data lands in a SIEM or data lake, enrichment and filtering happen at the source. Telemetry arrives already carrying context, correlation, and masking, which sharpens detections and strips away the need for redundant processing. The payoff is twofold: less wasted storage - volumes can drop by as much as 80 percent - while still keeping the option to pull back full-fidelity logs when they’re needed. On top of that, Observo adds centralized fleet management, zero-touch updates, and automated discovery of new data types, so governance and compliance scale smoothly across thousands of sources. Just as important, it makes the data more useful. Analysts can search and investigate in plain language, while AI agents can spot anomalies and enrich threats on the fly. The result is an environment where people and machines complement each other instead of competing for control.
Building on SentinelOne’s AI-Native Foundation
For SentinelOne, this acquisition extends far beyond feature expansion. It strengthens the Singularity Platform’s core data architecture, giving it the ability to ingest from any source, enrich data in transit, and maintain fidelity in storage. The result is not just faster insights and lower costs, but a more resilient and future-ready foundation for security operations. This architecture also paves the way for agentic AI workflows, where autonomous systems can draw on high-quality telemetry to make decisions and act in real time with a degree of reasoning that was once the sole domain of human analysts.
The Bigger Picture in Cybersecurity
AI has stopped being an “add-on” in security and is the core story. Security has always been a data problem, and the future belongs to architectures that are not only built for scale but also capable of adapting as adversaries evolve. SentinelOne’s move underscores a bet on AI-native designs - open, policy-driven, and adaptive pipelines that transform the economics and effectiveness of defense. By embedding intelligence directly into the data layer, SentinelOne and Observo AI are positioning themselves to deliver security operations that are faster, more adaptive, and increasingly autonomous.