SentinelOne, a leader in AI-native security, has announced its intent to acquire Observo AI, a data streaming platform specializing in AI-native telemetry pipeline management, to bolster its AI SIEM and data offerings and advance autonomous security operations.
The acquisition aims to immediately complement SentinelOne’s AI SIEM and data solutions, which have already seen significant growth, contributing a record to quarterly bookings in Q2 FY26. This strategic move is expected to usher in an era of open, intelligent, and autonomous security operations, redefining how Security Operations Center (SOC) teams gather, enrich, and utilize data across their security ecosystems.
Security operations teams currently face challenges related to the costs, complexity, and delays caused by escalating security data volumes. These issues often lead to compromises that reduce visibility, limit protection, and slow incident response. Existing data platforms, built prior to the advent of AI-enabled SOCs and modern security stacks, struggle to cope with today’s rapid and sophisticated attacks.
Observo AI addresses these challenges with an AI-native, real-time telemetry pipeline. This platform ingests, enriches, summarizes, and routes data across an enterprise before it reaches a Security Information and Event Management (SIEM) system or data lake. This functionality enables customers to significantly reduce costs, enhance detection capabilities, and accelerate response times.
Tomer Weingarten, CEO and Co-founder of SentinelOne, stated, “Security is, at its heart, a data problem, and legacy, rules-based data pipeline platforms simply weren’t built for today’s ever-growing attack surface and data rich security operations. Observo AI is miles ahead of its rivals and will uniquely benefit customers with an AI-native data architecture — one that is open by design, intelligent by default, and built for the scale and speed needed for autonomous security operations. As a result, we can deliver significant new customer and partner value – and customer and partner choice – by allowing for fast and seamless data routing into our AI SIEM, or any other destination.”
Enterprises are generating unprecedented volumes of security and observability data from endpoints, cloud workloads, identity systems, and GenAI applications. Historically, telemetry has been constrained by rigid pipelines, high storage costs, proprietary formats, and outdated ingestion models. With Observo AI, SentinelOne intends to provide its AI SIEM, XDR, and standalone data customers with an advanced alternative that breaks down silos and unlocks the full value of security data. This will redefine the data pipeline as policy-driven, adaptive, and optimized for an Autonomous SOC, allowing SOC teams to resolve threats faster, drastically reduce data costs, and simplify operations.
These capabilities will operate at the edge, in stream, and at hyperscale, including:
* **Freedom to Integrate Anything, Anywhere**: Observo AI supports open formats such as OCSF, JSON, OTLP, and Parquet, facilitating easy ingestion, routing, enrichment, and forwarding of telemetry to any destination, including SIEMs, data lakes, security tools, and cloud platforms.
* **AI-Driven Enrichment and Filtering at the Source**: Before data is stored or analyzed, Observo AI performs real-time classification, masking, correlation, and summarization using AI models. This ensures that only the most relevant, enriched, and context-rich telemetry proceeds downstream, leading to faster detection, sharper response, and lower costs.
* **Efficiency Without Sacrifice**: The platform offers intelligent reduction of data volume by up to 80 percent and the ability to rehydrate full-fidelity logs on demand, enhancing cost-efficiency while maintaining deep historical context when needed.
* **Fleet-Scale Security, Data Governance and Observability**: Designed for large enterprises with thousands of data sources, Observo AI includes centralized fleet management, zero-touch updates, PII masking, and automated discovery of new data types to ensure data integrity, compliance, and security posture.
* **Built for Human and Machine Intelligence**: With natural language querying, threat enrichment, and context-aware anomaly detection, Observo AI aims to empower both human analysts and AI agents for faster, smarter action, fostering collaboration between people and machines.
This acquisition builds upon SentinelOne’s existing investments in hyperscale data infrastructure, which is central to its Singularity Platform. Observo AI will augment this foundation with an intelligent, policy-driven data pipeline optimized for real-time enrichment, filtering, and routing before data reaches storage or analytics layers. The result is an end-to-end architecture designed to ingest data from any source, enhance it in transit, and store it with full fidelity, leading to faster insights, reduced costs, and greater control throughout the security data lifecycle. This foundation is also expected to enable advanced agentic AI workflows, where autonomous agents leverage enriched, real-time data for detection, decision-making, and response at machine speed with human-level reasoning.
Gurjeet Arora, co-founder and CEO of Observo AI, commented, “Observo AI was born in the AI and cloud era to help security and DevOps teams tackle previously unimaginable data problems as a means of defending an ever growing attack surface. Bringing together Observo’s AI-native data pipeline with the world’s best AI-native cybersecurity platform is a huge win for customers and an opportunity for our team to work with an unprecedented network of partners, sellers and fellow innovators. As part of SentinelOne, we have a rare opportunity to define the future of autonomous security and solve the data problems that make that possible.”
Mr. Weingarten further stated, “This acquisition marks the next phase in SentinelOne’s vision to build the most autonomous, open, AI-powered security platform in the industry.” SentinelOne will acquire Observo AI through a combination of cash and stock. The transaction is projected to conclude in SentinelOne’s third quarter of fiscal year 2026, pending applicable regulatory approvals and customary closing conditions.
