SentinelOne and AWS strengthen their partnership to secure AI in the cloud: no-code automation, natural language searches, and controls against “shadow AI”

Cloud
Share on Pinterest Share on LinkedIn

Security advances at the pace of artificial intelligence. SentinelOne, an AI-native cybersecurity platform, announced at OneCon 2025 (Las Vegas) a series of integrations and designations with Amazon Web Services (AWS) to help organizations protect workloads, automate incident response, and accelerate AI projects with confidence. All available from AWS Marketplace.

The company summarizes its goal in one phrase: operationalizing AI security at scale. The proposal combines real-time protection with cloud elasticity and is highlighted by four key announcements: hyperautomation for response in AWS, CloudTrail analytics with natural language, Prompt Security tools for safe use of GenAI, and AWS’s Generative AI Competency certification.

“Security and innovation go hand in hand,” stated Ely Kahn, CPO of SentinelOne. “Collaboration with AWS allows us to leverage the full potential of AI and cloud without losing trust or control. Together, we provide the security foundation for the next generation of enterprise computing.”

Four Components to Secure AI on AWS

1) Hyperautomation for Incident Response in AWS (no code)

Singularity Hyperautomation integrates with AWS Security Incident Response to offer response playbooks and automated workflows via a visual canvas. Teams can isolate compromised resources, send notifications, Create cases, and trigger containment directly — without writing code. Additionally, it’s possible to add context from various sources (inside and outside the cloud), eliminate manual intervention, and reduce MTTR so analysts can focus on higher-value tasks.

Why it matters: Attack surfaces expand with AI and multi-cloud adoption. Declarative orchestration and reliable automation in AWS environments ease pressure on SOCs, standardize procedures, and decrease human errors during critical moments.

2) Purple AI: Threat Hunting and Investigation in CloudTrail Using Natural Language

The Purple AI feature enables teams to investigate and hunt threats across AWS CloudTrail logs using natural language queries, without proprietary syntax. Result: shorter learning curves, faster investigations, and streamlined audit/compliance workflows.

Examples of use:

  • “Show me anomalous logins in the last 24 hours from unauthorized regions.”
  • “List iam:PassRole actions by the most active user this week.”
  • “Detect creation of instances with unapproved AMIs.”

The paradigm shift is clear: from KQL/SQL to natural language questions, with built-in security context.

3) Prompt Security on AWS Marketplace: Visibility and Control of GenAI Usage

Prompt Security tools arrive in AWS Marketplace to help organizations adopt generative AI securely. They provide real-time visibility, usage policies, and data protections against risks like shadow AI, prompt injection, exfiltration, or accidental data leaks.

Operational translation:

  • Discover which GenAI applications and workflows are actually in use.
  • Enforce policies (what data can exit, which models, with what filters).
  • Block or sanitize prompts that are potentially dangerous.
  • Audit for compliance and prepare for audits.

4) AWS Generative AI Competency Designation

SentinelOne has earned AWS’s Generative AI Competency, a certification that validates technical expertise and successful security use cases for AI/GenAI on AWS. It enhances spend eligibility and grants access to experts with deep knowledge of emerging generative AI technologies within the AWS ecosystem.

For CISOs: it reduces the risk of “learning in production.” Partners with this credential tend to offer more predictable deployments and better alignment with cloud provider best practices.

Benefits for Security and Platform Teams

Less time to value. Hyperautomation eliminates manual steps and standardizes responses. Purple AI cuts hours spent on searches that previously needed specialized syntax expertise. Prompt Security enables safe adoption of GenAI with clear guardrails.

Cross-platform coverage. From IaaS infrastructure to GenAI workflows, supported by telemetry, context, and execution within a unified operational plane (Singularity Platform).

Scalability. Native integrations and availability in AWS Marketplace facilitate large-scale deployment, with consolidated licensing and support aligned with AWS.

Customer and Provider Perspectives

Relay Network reports achieving +100% visibility and -50% incident detection time, freeing engineers to accelerate development.
Meanwhile, Hart Rossman, Vice President of AWS Global Services Security, emphasizes the shared vision that encourages customers to adopt AI with robust protection, featuring visibility, automatic response, and advanced tools “as they innovate at scale.”

Tactical Signals for AWS Teams

  • SOC aiming for “fewer clicks and more context”: Hyperautomation + Purple AI can be a winning combination to shorten triage times and ensure more consistent containment.
  • Organizations with diffuse use of GenAI: Prompt Security helps shift from tolerance to effective governance (discovery, policies, leak prevention).
  • Multi-account/organization environments: no-code workflows prevent automation debt (fragile scripts) and create a portable playbook library.
  • Recurring audits: natural language queries about CloudTrail democratize analytics and facilitate compliance evidence gathering.

Why It Fits the Coming “Operational AI”

The industry is moving toward AI-enhanced SOCs and agentic responses that execute actions under human supervision. The SentinelOne–AWS partnership aligns key pieces:

  • Detection and context bolstered by AI.
  • Declarative automation for response (avoiding “runbooks in PDFs”).
  • GenAI usage controls to prevent hampering innovation.
  • AWS competency as a seal of good practices.

By 2026, expect fewer raw queries, more natural language; less manual response effort, more reliable orchestration; less opacity in GenAI, more clearly enforced policies.

Frequently Asked Questions

What is Singularity Hyperautomation for AWS, and what tasks does it automate?
It’s the no-code orchestration layer from SentinelOne that integrates with AWS Security Incident Response. It allows teams to isolate resources, send notifications, open cases, apply containment, and chain actions directly via a visual canvas, reducing errors and response times.

How does Purple AI work with CloudTrail, and what benefits does it bring to teams?
Purple AI interprets questions in natural language about AWS CloudTrail logs (no KQL/SQL). It accelerates investigations, active threat hunting, and audits, lowering barriers and standardizing findings among analysts with diverse skill levels.

What risks associated with GenAI does Prompt Security in AWS Marketplace mitigate?
It offers visibility, policies, and controls against shadow AI, prompt injection, exfiltration, and misuse of data. It enables discovery of GenAI applications, policy definition, prompt sanitization, and compliance audits.

What does SentinelOne having the AWS Generative AI Competency mean for clients?
It signifies trusted technical validation by AWS for AI/GenAI security projects, spending eligibility, access to specialized expertise, and best practices aligned with AWS AI services, reducing scaling deployment risks.

Sources

  • SentinelOne — SentinelOne and AWS Strengthen Collaboration to Power the Future of AI Security (OneCon, 06/11/2025).
Share on Pinterest Share on LinkedIn
Scroll to Top