Check out your Company Bowl for anonymous work chats.
LLM security benchmarks look impressive. They’re also misleading. Our team identified five issues: • Most benchmarks treat security as a series of isolated, multiple-choice questions. In reality, security work is a complex, multi-step workflow involving pivoting and context-switching. • Models are tested on isolated tasks in controlled environments as opposed to live workflows • “Reasoning” gains observed in math and code don’t transfer to analyst-level thinking • Benchmarks are increasingly using LLMs to grade other LLMs, often from the same model family. This creates a self-referential "black box" of evaluation that is easy to game but hard to trust. • Operational metrics like time-to-detect and time-to-contain are absent These limitations matter because benchmarks are increasingly used to justify real SOC automation decisions. If we are going to trust AI with SOC automation, we must move beyond static scoring systems. Passing an exam is not the same as running an incident to ground. If AI is going to sit inside the SOC, we need evaluations that reflect real pressure, messy data, broken telemetry, and human judgment 📘 LLMs in the SOC (Part 1): Why Benchmarks Fail Security Operations Teams Read the research from Gabriel Bernadett-Shapiro and Edir Garcia Lazo and see what today’s benchmarks crucially miss. https://s1.ai/benchmk1
This is the week in cyber. This is SentinelOne’s Good, Bad & Ugly cyber news roundup. ⬇️ ✅ GOOD: Enforcement pressure hits fraud rings, hacker forums, and critical logistics • Spanish authorities arrested 34 suspects linked to the Black Axe group, and face charges for fraud including business email compromise and MiTM attacks across Europe. • The BreachForums hacking forum suffered another blow after its database was leaked, exposing details tied to roughly 324,000 accounts — weakening underground anonymity and raising the risk of identification for users. • A Dutch hacker was sentenced to seven years in prison for breaching IT systems supporting the ports of Rotterdam and Antwerp, with activity linked to attempted extortion and facilitating criminal operations. ⚠️ BAD: “Reprompt” shows how AI copilots can be hijacked for silent data theft • Researchers revealed an attack technique dubbed Reprompt that could allow adversaries to hijack a Microsoft Copilot session and trick it into exfiltrating sensitive data through prompt manipulation. 🤢 UGLY: PLUGGYAPE malware turns trusted messaging apps into a covert attack channel • Ukraine’s CERT-UA reported PLUGGYAPE malware operations targeting defense-linked victims, with attackers using Signal and WhatsApp as part of the delivery and interaction chain. Follow us for weekly GBU with practical defenses leaders can act on: https://s1.ai/GBU9-Wk3
Prompt injection isn’t magic — it’s math. In this technical primer from SentinelLABS, Phil Stokes breaks down exactly how attackers exploit the gap between human semantics and machine statistics. LLM attacks aren't just “prompt injection.” They are exploits of how Transformer-based models process input — from BPE tokenization quirks to gradient-based manipulation of attention. Understanding what happens inside the LLM when attacks work is the first step to defending against them. Read the full analysis: https://s1.ai/inside-llm-1
Last month, in our 2026 cybersecurity forecast, SentinelLABS warned that a US–Venezuela flashpoint would spill into cyber and information operations, pulling in Russia, China, and Iran. A few days later, real-world events underscored how quickly those pressures can surface and reshape the threat environment. This is what our intelligence-led security research focuses on: - Tracking geopolitical pressure before it escalates or ruptures - Modeling cyber fallout before it hits networks - Calling the shape of conflict — not just reacting to it Swipe through the rest of the forecasts that could shape this year. Read the full report: https://s1.ai/Predictns
Everyone talks about “autonomous SOCs”. Our Autonomous SOC Maturity Model was the first to bring clarity to the AI security era — giving teams a clear view of where they are and what comes next. One of our most bookmarked posts of 2025, still holding up. Learn more: https://s1.ai/Atnms-SOC
Agentic AI didn’t just change the endpoint — it broke the old model. Is your endpoint protection keeping up? This August post hit a nerve because agentic AI fundamentally redefines what “endpoint security” means. If you skimmed it earlier this year, it’s worth a re-read now. https://s1.ai/EDREvolv
Agentic AI didn’t just change the endpoint — it broke the old model. Is your endpoint protection keeping up? This August post hit a nerve because agentic AI fundamentally redefines what “endpoint security” means. If you skimmed it earlier this year, it’s worth a re-read now. https://s1.ai/EDREvolv
An instant classic. 🏀🔥 High tempo. A thrilling comeback. No let-up until the final buzzer. The SentinelOne Classic on Saturday lived up to its name, delivering exactly what a big-stage matchup should — intensity, execution, and nonstop energy from start to finish. Texas Tech Red Raiders 🤝 Duke Blue Devils
⏳ One week out. 🏀 Duke and Texas Tech meet in the SentinelOne Classic at Madison Square Garden — a matchup built for speed, high stakes, and big-moment execution. Two programs. Two styles. One winner. Who’s taking the W? Drop your pick in the comments. 👇
AI & Automation Day is almost here. Join security leaders, practitioners, and innovators for a half-day virtual event exploring how AI is reshaping cybersecurity — from fundamentals to real-world SOC automation. With 7 expert-led sessions, partner panels, and analyst insights, you’ll learn how to: 🔹 Strengthen defenses with AI-powered detection 🔹 Stay ahead of adversaries using AI at scale 🔹 Build a unified strategy for both AI for security and security for AI 🔹 Drive hyperautomation across the SOC 📅 January 20, 2026 🕒 Global broadcast times available ➡️ Save your seat: https://s1.ai/cyberforum
