SentinelOne Set to Acquire Observo AI

AI-native security provider SentinelOne has announced its intent to acquire Observo AI, a data streaming platform for managing AI-native telemetry pipelines.

SentinelOne aims to boost SIEM and autonomous SOC capabilities

This acquisition will be key in serving as an immediate complement and catalyst for SentinelOne’s AI SIEM and data offerings. Further, it will enable SentinelOne to deliver open, intelligent, and autonomous security operations by reimaging how SOC teams collect, enrich, and act on data across their security ecosystem.

The acquisition projects to close in SentinelOne’s third quarter of fiscal year 2026.

“Security is, at its heart, a data problem, and legacy, rules-based data pipeline platforms simply weren’t built for today’s ever-growing attack surface and data-rich security operations,” said Tomer Weingarten, CEO and co-founder of SentinelOne. “Observo AI is miles ahead of its rivals and will uniquely benefit customers with an AI-native data architecture– one that is open by design, intelligent by default, and built for the scale and speed needed for autonomous security operations. As a result, we can deliver significant new customer and partner value– and customer and partner choice– by allowing for fast and seamless data routing into our AI SIEM, or any other destination.”

Observo’s real-time telemetry pipelines address data-based complexities

As organizations face challenges with costs, complexity, and delays resulting from the continuous increase in security data volumes, this acquisition announcement comes at an opportune time. Observo delivers an AI-native, real-time telemetry pipeline that ingests, enriches, summarizes, and routes data across the enterprise before it reaches a SIEM or data lake– allowing customers to reduce costs, improve detection, and act faster.

Telemetry and legacy SIEM are hamstrung by rigid pipelines and high storage costs, SentinelOne says. With the acquisition of Observo AI, SentinelOne will now be able to give its AI SIEM, XDR, and standalone data customers an alternative to breaking down silos and unlocking the value of all security data to redefine the pipeline as policy-driven, adaptive, and optimized for the Autonomous SOC.

SOC teams will be empowered to resolve threats quickly, reduce data costs, and streamline operations across their environments. Among the capabilities delivered at the edge, in stream, and at hyperscale will include:

• Freedom to integrate anything, anywhere: Observo AI supports open formats (like OCSF, JSON, OTLP, and Parquet), which allows enterprises to easily ingest, route, enrich, and forward telemetry to any destination, including SIEMs, data lakes, security tools, and cloud platforms. There’s no lock-in, and data is available where and how it’s needed.
• AI-driven enrichment and filtering at the source: Data is already working for users before it is stored or analyzed. Observo AI performs classification, masking, correlation, and summarization in real-time using AI models, ensuring that only the most relevant, enriched, and context-rich telemetry flows are downstream. Enabling faster detection, sharper response, and lower costs.
• Efficiency without sacrifice: Observo AI redefines cost-efficiency with intelligent reduction of data volume by up to 80 percent and the ability to rehydrate full-fidelity logs on demand. Organizations gain lean, real-time operational pipelines and access to historical context when needed.
• Fleet-scale security, data governance, and observability: Designed for enterprises with thousands of data sources, Observo AI features centralized fleet management, zero-touch updates, PII masking, and automated discovery of new data types to ensure data integrity, compliance, and a robust security posture across the environment.
• Built for human and machine intelligence, Observo AI empowers both human analysts and AI agents to act faster and smarter with natural language querying, threat enrichment, and context-aware anomaly detection, fueling an ecosystem where people and machines operate in concert, not conflict.

The long-term goal: one platform powering the whole security operation

The Observo AI acquisition will strengthen the foundation of SentinelOne’s Singularity Platform with an intelligent, policy-driven data pipeline optimized for real-time enrichment, filtering, and routing, before data reaches storage or analytics layers. This builds on SentinelOne’s years of investment in hyperscale data infrastructure.

“This acquisition marks the next phase in SentinelOne’s vision to build the most autonomous, open, AI-powered security platform in the industry,” said Weingarten.

Combined, the result is an end-to-end architecture that ingests data from anywhere, enhances it in transit, and stores it with full fidelity to deliver faster insights, lower costs, and improved control across the entire security data lifecycle.

Additionally, the foundation unlocks the next frontier of security: agentic AI workflows, where autonomous agents leverage enriched, real-time data to detect, decide, and respond with human-level reasoning at machine speed.

“Observo AI was born in the AI and cloud era to help security and DevOps teams tackle previously unimaginable data problems as a means of defending an ever-growing attack surface,” said Gurjeet Arora, co-founder and CEO of Observo AI. “Bringing together Observo’s AI-native data pipeline with the world’s best AI-native cybersecurity platform is a huge win for customers and an opportunity for our team to work with an unprecedented network of partners, sellers, and fellow innovators. As part of SentinelOne, we have a rare opportunity to define the future of autonomous security and solve the data problems that make that possible.”

This move comes on the heels of SentinelOne’s acquisition of Prompt Security. Read more about that move and how it’s meant to secure GenAI use and protection across AI tools.