SentinelOne brought three distinct product lines to RSAC 2026, and together they tell a clear story: AI agents need the same depth of security that endpoints got over the past decade — discovery, governance, red teaming, and autonomous investigation. All at machine speed.

Gartner projects AI cybersecurity spend will grow at 73.9% CAGR from 2024-2029 — more than double overall AI spend growth. SentinelOne is positioning to capture that market across the full AI lifecycle.

Prompt AI Agent Security: Real-Time MCP Governance

The headline product: a real-time discovery and governance control plane for AI agents and agentic workflows.

Prompt AI Agent Security extends SentinelOne’s Autonomous Security Intelligence — the same engine that powers endpoint, cloud, and identity protection — into the agentic layer. What it does:

  • Full MCP server visibility — discovers and monitors every MCP server operating across a customer’s environment
  • Real-time policy enforcement — controls agent interactions at machine speed, not after the fact
  • Risk assessment per agent — evaluates the security posture of every AI agent and agentic workflow
  • Automatic remediation — intervenes before unauthorized actions occur

The use cases SentinelOne highlights are specific and grounded:

  • An OpenClaw agent sending corporate data to an external endpoint without user awareness
  • A Claude Cowork agent escalating privileges across enterprise systems through unauthorized action chaining

Both scenarios are real attack patterns documented in the wild. The first mirrors the kind of data exfiltration risk that prompted China’s SOE ban on OpenClaw. The second echoes the privilege escalation chains demonstrated in the CodeWall McKinsey breach.

For OpenClaw users: this is the first major endpoint security vendor offering native MCP server monitoring and governance integrated into an existing enterprise security platform. If your organization uses SentinelOne for endpoint protection, your OpenClaw MCP servers can now be discovered, monitored, and policy-enforced through the same console.

Prompt AI Red Teaming: Hardening AI Apps Before They Ship

Traditional security testing — SAST, DAST, penetration testing — doesn’t cover AI-specific threats. Prompt injection, jailbreaks, privilege escalation through multi-turn conversations, data poisoning, and model drift require specialized adversarial testing.

Prompt AI Red Teaming provides:

  • Simulated AI attacks — prompt injections, jailbreaks, privilege escalation, data poisoning
  • Pre-deployment hardening — test and fortify AI applications before production release
  • Continuous evaluation — detect model drift, emerging vulnerabilities, and new attack vectors as threats evolve
  • Coverage for homegrown and first-party AI — not just third-party models, but the AI applications organizations build internally

This directly complements Cisco’s AI Defense Explorer Edition announced the same day. The market is converging on the same conclusion: organizations need self-service red teaming tools for AI applications, and they need them integrated into existing security workflows rather than as standalone point solutions.

Purple AI Auto Investigation: One-Click Agentic Forensics

Purple AI — first introduced at RSAC 2023 and now deployed in thousands of SOCs — gets its biggest upgrade with generally available Auto Investigation.

The capability: launch a complete, agentic forensic investigation with a single click. No playbooks, no manual correlation, no hours of analyst time.

How it works:

  1. Autonomous evidence gathering — pulls cross-stack data without additional data routing or extended permissions
  2. Threat synthesis — correlates signals and constructs complete attack timelines in real time
  3. Explainable verdicts — every conclusion comes with clear reasoning, not black-box outputs
  4. Closed-loop remediation — verdicts trigger automated response via Singularity Hyperautomation
  5. Human-in-the-loop governance — analysts maintain oversight and approval authority

The business impact: investigations that took hours or days now complete in minutes. In SentinelOne’s Q4 FY26 earnings call, the company reported that Purple AI was included in over 50% of all licenses sold during the quarter — the highest attach rate in the product’s history.

The Full AI Security Stack

Beyond the three headline products, SentinelOne also announced:

  • Data Security Posture Management (DSPM) — discovers cloud object stores and databases, classifies sensitive data, prevents high-risk data from reaching AI training pipelines
  • AI Security Posture Management (AI-SPM) — unified inventory of training jobs, notebooks, managed AI services, and inference endpoints
  • AI Workload Protection — runtime security for AI models in production, extending CWPP to AI-specific compute environments
  • Observo AI integration — AI-driven data pipeline management integrated into Singularity AI SIEM

The integrated approach is notable: data layer (DSPM) → infrastructure layer (AI-SPM + CSPM) → runtime layer (CWPP + Agent Security) → operations layer (Purple AI + SIEM). It’s the most comprehensive AI security stack announced by any single vendor at RSAC 2026.

The RSAC 2026 AI Agent Security Landscape

Day 1 of RSAC made it clear: every major security vendor is building for the AI agent era. The approaches differ in emphasis but converge on the same core capabilities:

VendorFocusKey Differentiator
CiscoNetwork + open sourceMCP proxy in SSE, DefenseClaw framework
CrowdStrikeEndpoint + shadow AIUnified discovery across endpoint/cloud/SaaS
SentinelOneRuntime + investigationsMCP governance, agentic auto-investigation
RubrikData + identitySAGE governance engine, identity attack recovery

The convergence is the story. AI agent security isn’t a niche market anymore — it’s the central theme of the industry’s biggest conference. And the products shipping this week aren’t vaporware roadmap slides. They’re GA releases with real enterprise customers.

SentinelOne is a Platinum Sponsor of RSAC 2026 (Booth N-5863). Purple AI Auto Investigation is generally available. Prompt AI Agent Security and Prompt AI Red Teaming are in preview.