Company Dossier · Cybersecurity
SentinelOne
The company that taught software to fight back - and pointed it at every attacker on Earth.
2013Founded
$1B+ARR
NYSE: SPublic 2021
Mtn ViewHQ, California
The company that taught software to fight back - and pointed it at every attacker on Earth.
Somewhere right now, a piece of malware is touching a laptop it should not be touching. No analyst sees it. No alarm rings in a quiet office. A model trained on the behavior of attacks notices the shape of the thing, decides it is hostile, kills the process, and rolls the machine back to the second before it happened. That loop took milliseconds. That loop is SentinelOne's whole business.
The company sells the Singularity Platform: one agent, one data layer, watching endpoints, cloud workloads, identities, and a security data lake that does not forget. It is not antivirus with a fresh coat of paint. It is software built on the assumption that humans are too slow to be in the critical path, and that the only thing fast enough to stop a machine is another machine.
Security has to move at machine speed, because the attacks already do.
- The SentinelOne thesis, in one lineFor decades, antivirus worked like a bouncer with a photo book of known troublemakers. New face, no photo, no problem getting in. By the early 2010s the troublemakers had figured this out. Fileless attacks, zero-days, and quiet lateral movement walked past the photo book because they had never been photographed.
The honest version of the legacy security pitch was uncomfortable: we can protect you from yesterday's attack, reliably, every time. SentinelOne's founders looked at that and decided the bouncer should watch how people behave instead of memorizing faces. Behavior is harder to fake than a fingerprint.
Antivirus waits for a signature. Behavior doesn't wait for permission to look suspicious.
- Why the old model brokeIn 2013, Tomer Weingarten, Almog Cohen, and Ehud Shamir started the company on a premise that sounded slightly arrogant at the time: artificial intelligence, running locally on the device, could decide what was malicious on its own. Weingarten and Cohen were childhood friends. The plan was to put the judgment call - is this an attack? - inside the software, not inside a person reading a dashboard at 3 a.m.
Weingarten, who remains CEO and chairman, has made a point of saying SentinelOne sits outside the traditional Israeli cyber establishment, and that the distance is an advantage rather than a handicap. It is the kind of claim that is either branding or conviction. The funding history suggests investors took it as conviction.
Childhood friend of Cohen, the public face of the company, and the keeper of the "machine speed" gospel.
The engineering half of the original duo. Built early, left early, helped define the autonomous-agent idea.
Brought the security-and-defense instincts that shaped what the agent should actually hunt.
Endpoint was the door. The house kept growing.
SentinelOne started where the attacks landed - the endpoint - with behavioral AI, autonomous response, and a now-signature trick: one-click rollback that undoes ransomware damage as if it never happened. Then it kept expanding the definition of "thing worth protecting." It bought Scalyr and turned it into a security data lake. It bought Attivo Networks and added identity threat detection. It bought PingSafe and moved into cloud-native protection.
The newest chapter is the most on-trend, and SentinelOne knows it. Purple AI is an agentic security analyst: type a question in plain English - "did anything weird touch our finance servers last night?" - and it translates that into a real threat hunt across the platform. The irony is tidy. A company built to stop malicious automation now ships helpful automation as its headline feature.
One agent. Endpoints, cloud, identity, and a data lake that never forgets.
- The Singularity Platform pitchSkepticism is the correct posture toward any company that promises to defeat "every" attack. So look at what is measurable. SentinelOne crossed $1 billion in annualized recurring revenue in 2025. As of October 31, 2025, it had 1,572 customers each paying more than $100,000 a year, and no single customer accounted for more than 3% of revenue - a diversified base, not a house of cards balanced on three whales.
The other tell: non-endpoint products - cloud, identity, and the data lake - now drive roughly half of new bookings. The "endpoint company" quietly stopped being only an endpoint company.
Fig. 1 - A line that goes up and to the right, which is the only kind of line a public security company is allowed to show its board.
"Defeat every attack, every second of every day." Most corporate mantras are wallpaper. This one is closer to an engineering requirement. Every second means continuous, not scheduled. Every attack means autonomous, because no staffed team scales to "every." The slogan is the product roadmap with the jargon removed.
Partnerships extend the reach: deep integrations with AWS announced at re:Invent 2025 to secure customers' AI initiatives, OEM deals putting protection on commercial hardware, and a global network of managed service providers that brings the platform to companies without a 24/7 security team of their own.
We are not part of the Israeli cyber clique, which is our strength.
- Tomer Weingarten, Co-Founder & CEOThe threat is mutating. Attackers now have the same generative tools defenders do, which means the volume and creativity of attacks is about to stop being human-limited. SentinelOne's answer is to secure AI with AI - and to secure AI itself. The 2025 acquisition of Prompt Security was a bet that the next sensitive endpoint is not a laptop but a chatbot leaking company data one helpful answer at a time.
Back to that laptop from the opening - the one being touched by something it shouldn't be. A decade ago, that story ended with a breach notification, a forensics bill, and a bad quarter. Now it ends in milliseconds, with a process killed and a machine rolled back, while everyone in the office keeps drinking their coffee. SentinelOne did not make the attackers go away. It made them stop mattering quite so much.