Today, AI-native security specialist SentinelOne is announcing their intent to acquire Observo AI, a key data streaming platform for AI-native telemetry pipeline management. The deal will serve as an immediate complement and catalyst to SentinelOne’s AI SIEM and data offerings, which are already amongst the company’s fastest growing solutions, delivering a record contribution to quarterly bookings in Q2 FY26. It will also help SentinelOne usher in a new era of open, intelligent, and autonomous security operations – reimagining how SOC teams collect, enrich, and act on data across their entire security ecosystem.
“This acquisition marks the next phase in SentinelOne’s vision to build the most autonomous, open, AI-powered security platform in the industry,” said Tomer Weingarten, SentinelOne’s CEO and co-founder.
The announcement comes as security operations teams struggle with costs, complexity and delays created by ever increasing security data volumes. These challenges are compounded by data platforms built before the AI-enabled SOC, modern security stack, and today’s increasingly fast and sophisticated attacks. Observo delivers an AI-native, real-time telemetry pipeline that ingests, enriches, summarizes, and routes data across the enterprise, before it ever reaches a SIEM or data lake. This empowers customers to dramatically reduce costs, improve detection, and act faster.
“Security is, at its heart, a data problem, and legacy, rules-based data pipeline platforms simply weren’t built for today’s ever-growing attack surface and data rich security operations,” Weingarten stated. “Observo AI is miles ahead of its rivals and will uniquely benefit customers with an AI-native data architecture – one that is open by design, intelligent by default, and built for the scale and speed needed for autonomous security operations. As a result, we can deliver significant new customer and partner value – and customer and partner choice – by allowing for fast and seamless data routing into our AI SIEM, or any other destination.”
Legacy SIEM models were built in an era of rigid ingestion, high storage costs, and manual operations. With Observo AI, SentinelOne will give its AI SIEM, XDR and standalone data customers a modern alternative to breaking down silos and unlocking the value of all security data – redefining the pipeline as policy-driven, adaptive, and optimized for the Autonomous SOC.
For customers, that means SOC teams can resolve threats faster, cut data costs dramatically, and simplify operations across the entire environment. These capabilities will be delivered at the edge, in stream, and at hyperscale. Observo AI supports open formats like OCSF, JSON, OTLP, and Parquet – allowing enterprises to easily ingest, route, enrich, and forward telemetry to any destination, including SIEMs, data lakes, security tools, and cloud platforms, without any lock-in.
Before data is stored or analyzed, it’s already working for you. Observo AI performs classification, masking, correlation, and summarization in real time using AI models, ensuring that only the most relevant, enriched, and context-rich telemetry flows downstream. That means faster detection, sharper response, and dramatically lower costs. With intelligent reduction of data volume by up to 80 percent, and the ability to rehydrate full-fidelity logs on demand, Observo AI redefines cost-efficiency with lean, real-time operational pipelines.
Observo AI also includes centralized fleet management, zero-touch updates, PII masking, and automated discovery of new data types, ensuring data integrity, compliance, and security posture across every corner of your environment. With natural language querying, threat enrichment, and context-aware anomaly detection, Observo AI empowers both human analysts and AI agents to act faster and smarter – fueling an ecosystem where people and machines operate in concert, not conflict.
“About seven years ago, my co-founder and I started looking at what type of solutions enable enterprises to figure out where the attack landscape is headed,” Weingarten commented. “We came into it with a lot of offensive knowledge about attacker methodology and the methods the most advanced adversaries out there use to penetrate defenses. We started thinking about the right approach to building security for the future. We know that most of the incumbent solutions that were there around seven years ago, like antivirus and firewalls, are very antiquated ways of protecting assets that just don’t cut it in the modern attack landscape. In the industry, we saw a lot of opportunity in the endpoint market. It’s a market that hadn’t been disrupted in years, with very large incumbents like Symantec and McAfee which had not innovated for a long time. This was very compelling to us.”
This led Weingarten to come up with his conclusion.
“Our decision was to create a solution that doesn’t just observe but reacts and deflects in real time,” he said. “We felt the approach we were considering was quite revolutionary, and something that would change the balance of power even between attackers and defenders.”
This acquisition builds on years of investment in hyperscale data infrastructure already at the core of SentinelOne’s Singularity Platform. Observo AI will enhance that foundation with an intelligent, policy-driven data pipeline optimized for real-time enrichment, filtering, and routing, before data ever reaches storage or analytics layers. The result is an end-to-end architecture that ingests data from anywhere, makes it smarter in transit, and stores it with full fidelity, delivering faster insights, lower costs, and greater control across the entire security data lifecycle. This foundation also unlocks the next frontier of security: agentic AI workflows, where autonomous agents leverage enriched, real-time data to detect, decide, and respond with human-level reasoning at machine speed.
“Observo AI was born in the AI and cloud era to help security and DevOps teams tackle previously unimaginable data problems as a means of defending an ever-growing attack surface,” said Gurjeet Arora, co-founder and CEO of Observo AI. “Bringing together Observo’s AI-native data pipeline with the world’s best AI-native cybersecurity platform is a huge win for customers and an opportunity for our team to work with an unprecedented network of partners, sellers and fellow innovators. As part of SentinelOne, we have a rare opportunity to define the future of autonomous security and solve the data problems that make that possible.”
SentinelOne will acquire Observo AI for a combination of cash and stock. The transaction is expected to close in SentinelOne’s third quarter of fiscal year 2026
“Remember that what you’re building is for the customer and the end user,” Weingarten concluded. “You’re building for the benefit of the world at the end of the day. You’re building something that protects everybody’s data.”