SentinelOne to acquire Observo AI to boost AI-native security data

SentinelOne has announced its intention to acquire Observo AI, a data platform focused on AI-native telemetry pipeline management.

The planned acquisition is aimed at enhancing SentinelOne's AI SIEM and data business, with the goal of supporting customers in handling their security data more efficiently by making it easier to simplify, unify, and automate the fight against modern cyber threats.

Security operations focus

Security operations centres increasingly face challenges arising from the costs and complexity of handling large volumes of security data, which can ultimately result in reduced visibility and heightened risk. Traditional data platforms are often not designed to keep pace with AI-driven security operation centres or the rapidly evolving nature of cyber-attacks today.

Observo AI provides a data streaming platform that processes telemetry data in real time. Its technology is designed to manage ingestion, enrichment, and routing of enterprise security data before it reaches a SIEM or data lake, supporting organisations in their efforts to cut costs, improve detection, and act more swiftly in response to threats.

"Security is, at its heart, a data problem, and legacy, rules-based data pipeline platforms simply weren't built for today's ever-growing attack surface and data rich security operations," said Tomer Weingarten, CEO and Co-founder of SentinelOne. "Observo AI is miles ahead of its rivals and will uniquely benefit customers with an AI-native data architecture - one that is open by design, intelligent by default, and built for the scale and speed needed for autonomous security operations. As a result, we can deliver significant new customer and partner value – and customer and partner choice – by allowing for fast and seamless data routing into our AI SIEM, or any other destination."

Data integration and management

Modern enterprises generate significant volumes of security and observability data across various sources, ranging from endpoints and cloud workloads to identity systems and generative AI applications. Many organisations have found that existing telemetry pipelines are either too rigid, siloed by proprietary formats, or too costly to manage efficiently, leading to silos and difficulties in extracting value from security data.

With Observo AI, SentinelOne plans to offer its customers a policy-driven, adaptive, and optimised pipeline for security data. The solution aims to enable security operations teams to resolve threats faster, reduce data costs, and streamline operations at scale. The capabilities will be available at the point of data generation, during transit, and at scale, offering broad flexibility for customers.

AI-driven enrichment and cost efficiency

The integration will allow organisations to ingest data using open standards including OCSF, JSON, OTLP, and Parquet. Observo AI's platform performs real-time classification, correlation, and summarisation of incoming data streams using AI, which is intended to ensure that only the most relevant and enriched data is stored and forwarded for analysis. This approach is positioned to help reduce storage requirements and associated costs, potentially by up to 80 percent, while still allowing for full-fidelity log rehydration as necessary.

Observo AI also supports centralised fleet management, zero-touch updates, masking of personally identifiable information, and automated discovery of new data types, aligning with requirements for enterprise-scale governance and observability.

Strategic foundation

The acquisition will enhance SentinelOne's Singularity Platform, which provides hyperscale data infrastructure, by introducing an intelligent data pipeline optimised for real-time enrichment, filtering, and routing of security data prior to storage or analysis layers. This approach is intended to offer organisations faster insights, lower costs, and increased control over the security data lifecycle. SentinelOne also plans to advance the use of agentic AI workflows, where autonomous security agents can detect, decide, and respond to threats faster using enriched real-time data.

"Observo AI was born in the AI and cloud era to help security and DevOps teams tackle previously unimaginable data problems as a means of defending an ever growing attack surface," said Gurjeet Arora, co-founder and CEO of Observo AI. "Bringing together Observo's AI-native data pipeline with the world's best AI-native cybersecurity platform is a huge win for customers and an opportunity for our team to work with an unprecedented network of partners, sellers and fellow innovators. As part of SentinelOne, we have a rare opportunity to define the future of autonomous security and solve the data problems that make that possible."

"This acquisition marks the next phase in SentinelOne's vision to build the most autonomous, open, AI-powered security platform in the industry," said Weingarten.

Transaction details

SentinelOne will acquire Observo AI using a combination of cash and stock. The transaction is subject to regulatory approvals and other customary closing conditions, and is expected to be finalised in SentinelOne's third quarter of fiscal year 2026.