SentinelOne CEO On ‘Tremendous’ AI Opportunity For MSSPs, Doubling Down On Partner Program

The cybersecurity vendor is looking to get even more aggressive in its work with the channel in the coming year with expanded incentives and a massive push around delivering advanced AI-powered security, SentinelOne CEO Tomer Weingarten says during an interview with CRN.

SentinelOne is looking to get even more aggressive in its work with MSSPs and other channel partners in the coming year with expanded incentives and a massive push around delivering advanced AI-powered security, SentinelOne co-founder and CEO Tomer Weingarten told CRN.

During an interview at the 2025 XChange Best of Breed Conference, Weingarten disclosed that the cybersecurity vendor has a major partner program update in the works that aims to enable solution and service providers to expand beyond SentinelOne’s core EDR (endpoint detection and response) offering and into other fast-growing areas such as cloud security, GenAI data protection and next-generation security operations.

The arrival of agentic AI, in particular, is a “tremendous thing for the channel,” he said during the conference Tuesday, hosted by CRN parent The Channel Company in Atlanta.

“I think for MSSP providers, the art of the possible for them just went from managing EDR and using platforms like ours to now being in the position with the EDR provider to manage the entire enterprise security stack. That’s a 10X opportunity for every single MSP provider,” Weingarten said. “EDRs have been a tremendous source of growth for MSP partners. Now that they have that footprint and they already have the platform, you can [easily] say, ‘OK, let me now connect more data sources, more footprints into my existing platforms. And all the policies I’ve had in place, all these capabilities I’ve used from an EDR perspective, I now get it for any other new data source that I connect into the environment.’”

The increased availability of AI-driven security capabilities from SentinelOne means that many repetitive tasks can now be automated across all of the vendor’s different products, he said.

“To me, if they’re able to really internalize that and to learn it, they’ll be able to benefit more than almost anybody else in this AI generation,” Weingarten said. “Because customers are not going to figure it out themselves. I think that’s why MSPs are so powerful.”

Ultimately, “if the channel ecosystem matures to the point that it can also start automating for the customer, I think this is just a huge [opportunity] that they can monetize. And they’ve got all the technology to do it,” he said. “As far as I’m concerned, [SentinelOne is] giving you all the bits and pieces to build a whole new business for the next generation.”

At the same time, SentinelOne is designing a new “next-generation” partner program with enhanced incentives as well as training that will emphasize how AI can be utilized for modern security, according to Weingarten.

All in all, “we’re doubling down with our channel ecosystem,” he said.

During the wide-ranging, 45-minute interview, Weingarten also discussed how to approach cyber resilience in the wake of the 2024 global IT outage, as well as his support of work at Palo Alto University addressing the mental health crisis and its connection to technology usage.

What follows is more of CRN’s interview with Weingarten.

SentinelOne has very strong Israel roots. How did you react when you heard the news that the hostages have been freed?

Obviously, [there’s been] such joy across the country. It’s really unbelievable. [It’s] amazing closure. We’re all just completely overjoyed. We were kind of paused for two years as a nation. Mostly the hard work starts now, and peace is something that we need to make sure is lasting. That’s always the challenge in the Middle East. But the Israeli people are incredibly resilient. If you’re an Israeli, you probably have lived through just a couple of wars, sadly enough. Hopefully, this will be the last.

What’s your view of the cyber threat landscape today, and what do you see as the most troubling threats?

The threat landscape has just been getting more sophisticated with time. It’s obviously even more true today, with attackers harnessing generative AI. … We’re seeing attackers leverage two main approaches with AI. One is get stuff done faster and at more scale. So basically run, deploy, infiltrate, exfiltrate—do all of it in the course of a minute. For years in this industry, we worried about dwell times that were maybe days, even weeks—all of that’s going away. What you’re seeing right now is from the point of figuring out an exploit, to the point of entry, to the point of exit, you can look at a completely automated attack that takes a minute. A lot of what you see us doing is geared toward not just bringing another product for cybersecurity, an amazing silver bullet to deal with that, but really understanding that you require a whole new architecture to deal with real-time attacks. [It’s an architecture] that in most enterprises today doesn’t exist. Today, most enterprises, most businesses don’t even have the level of visibility and the latency required to address an attack that takes one minute to come to life and to go away. We [are aiming to] provide a new architecture that starts with collecting the data, starts with processing and then orchestrating response in as close as can be to real time—that is the mission for us.

Could you talk a little more about this new architecture and what it should look like—and what these channel partners should be telling their customers about it? And how they should be planning for it?

It’s really clear that everybody has hundreds of security controls and hundreds of security products in their environment. It’s totally unrealistic to think that somebody is going to come in and deploy this magical platform to replace all of that. That’s not going to happen. Our role, I think, has shifted from giving you tremendous endpoint protection to now helping you make more of the security investments that you already have. If you think about it, if you had a way to connect all these products in a very seamless way [you could] take all the telemetry that stems off of them—even from your SIEM. [And then] everywhere that you have data, you’d want a super easy capability to deploy something that would connect all the dots, unify the data, start streaming it. If you can do all of that in a real-time streaming fashion, then the question becomes, ‘OK, I now have this visibility. I'm able to cross-correlate all these different data points. Now, can I apply AI in real time, as the data is streaming, so I can find all these issues that might exist in the environment? And now that I found those issues, can I orchestrate autonomous—or close to autonomous—action to then go back and say I’ve seen something with my email provider that correlates to my network firewall. Can I now understand what intelligent action needs to happen, and can I now click OK and have that action take place across my entire enterprise stack?’ The role for the service provider, for the channel partner, is to come in and deploy and then supervise. I think this is the big shift we’re going to see with AI. It’s going to be less about, let’s tweak, let’s manage. [They’ll just need to] focus on, ‘We have a system that’s running and we’re maybe supervising some of the actions’—but then it’s becoming more and more automatic. So maybe in 12 or 24 months from today, we’re all sitting here and there’s almost an autonomous, or semi-autonomous decision-making brain that is orchestrating everything you have in your network environment, everything from the cloud to on-premise. You just want visibility, you want control, and you want to do it at a scale that today is practically impossible.

What would be some examples of specific tools that AI will have a major impact on going forward?

CSPM [cloud security posture management] is a system that you deploy in the cloud, and it’s centered on giving an understanding of what type of misconfigurations you have and then giving you a long list of remediation steps to go and try to plug all these holes. I think that we’re not too far from the day where you can basically point a pretty significantly trained security LLM on, your, let’s say, AWS environment, or [Google Cloud] environment, or Oracle, or whatever it is—and basically say, show me the misconfigurations. Show me the plan to remediate them. You go step by step, and you click, ‘OK,’ and it’s pretty much done. So I think a lot of the stuff that we’ve been selling, deploying, implementing in the past decade—I think a lot of it’s going to become irrelevant. [Either that] or, if you’re leaning on it, you’re probably just not doing stuff fast enough, and efficient enough. I think that’s really where we see AI and the inception of agentic capabilities.

We had Jay Chaudhry here yesterday from Zscaler, and he talked about a future where SIEM goes away. How does that ring to you?

I think so. It's pretty true. I think [that] the SIEM as it’s designed today—with all these dashboards and normalization and indexing and schemas—I think that goes away. I think that you kind of don’t need that layer. You need to move to a meta layer, I would say—almost like a meta platform that will just on-board data in the most seamless way, in the easiest way. This is why [we are acquiring] Observo. We looked at about 15 different companies that were doing something in the data pipeline space. [They’re] a company that does it in a completely AI-native way, where you don’t need to maintain all these connectors, and you can get up and running within a week. When was the last time that somebody here deployed an enterprise-scale production system for security in a week? That stuff rarely happens. But I truly believe we’re moving into a world where it’s getting more and more democratized, and you’ll be able to deploy things with ease, see almost immediate customer value—and then obviously turn on or off whatever ingestion, whatever processing you want, on those data streams. By the way, when we think about Observo, it’s not necessarily about, ‘I’m going to give you a data pipeline to route all the data to me.’ No, we’re not about that. Some vendors are kind of a closed garden. For us, it’s giving customers the freedom to route data anywhere they want, and to optimize data and to save money and filter data and make sure that we’re not drowning in useless data. It’s really about creating a world where you get the data you need and then you can take action. Right now, it’s just not the case.

I found this both interesting and frightening—some of the researchers in your lab recently discovered LLM-enabled malware. Can you talk about how big of a leap forward this is for malware, and how do you protect against it?

It wasn’t surprising one bit. We were looking to see when that was going to happen. It does provide for another level of obfuscation and polymorphism for malware-based attacks. LLM-based attacks are only going to get more prevalent. Right now, it’s relatively easy to detect [LLM-based attacks], but it’s going to get more sophisticated. I think it’s going to make our life as an endpoint provider harder. But that’s our job.

You previously spoke about how there is a risk for both partners and customers that, as they try to anticipate agentic AI, they might get locked into an approach that quickly becomes obsolete. Can you talk about the threat that poses?

We've seen that already—on the productivity side, I would say, more than security. But they buy into this promise—’We’re going to get this chatbot, and then it’s going to do everything.’ And [several months pass] and they don’t really see the gains. I think the good news is that it seems like a lot of folks are ready to continue to experiment. They understand we’re in this experimentation stage. They understand that they cannot be left behind. So they cannot allow themselves even to say, ‘I already invested in something and I’m not going to experiment with anything else.”’ The not-so-good news is that there’s still a high degree of confusion. There’s a huge degree of ‘marketecture’ where people are talking in concepts and possibilities. In the lab, you can achieve a lot. But then you try to go to a production environment, you try to do things on a slightly bigger scale, and it’s not as trivial. What I’ve seen is that people just go back and go narrower and narrower. And then what you’re seeing today is that [it] maybe could’ve been done without AI at all, just with some intelligent automation. But sprinkle some agentic to it, and it sells well.

Let’s talk about the evolution of the channel. How do you see the rapid changes in AI technology, with agentic AI impacting the MSSP or security solution provider business model in areas like increased automation?

I think it’s a tremendous thing for the channel. I think for MSSP providers, the art of the possible for them just went from managing EDR and using platforms like ours to now being in the position with the EDR provider to manage the entire enterprise security stack. That’s a 10X opportunity for every single MSP provider. EDRs have been a tremendous source of growth for MSP partners. Now that they have that footprint and they already have the platform, you can [easily] say, ‘OK, let me now connect more data sources, more footprints into my existing platforms. And all the policies I’ve had in place, all these capabilities I’ve used from an EDR perspective, I now get it for any other new data source that I connect into the environment.’ I think with this move towards more autonomous data lakes and the data pipelines, they can easily say, ‘OK, let me just connect all of it to the platform I’ve been using.’ Arguably, EDR has been the most automated solution in the market for a while. It’s something that, at least for SentinelOne, you deploy it and you maybe configure it for the first 30 days of operation. But after that, it works. That’s it. So when you think about what they can do now with data lakes, it’s doing that across every other footprint. It doesn’t replace the products that are deployed, the controls that are deployed. At the same time, it gives them the ability to manage everything from one single place. And if you add hyperautomation capabilities to it, I think this is where it’s able to start getting really, really smart. Because hyperautomation is where they can take all the workflows, all the work that they’ve been doing manually for years and design an automated workflow [using] drag-and-drop. So now all these repetitive tasks, all these validation tasks, everything that they’ve been doing—they can now do automatically and across every footprint. So to me, if they’re able to really internalize that and to learn it, they’ll be able to benefit more than almost anybody else in this AI generation. Because customers are not going to figure it out themselves. I think that’s why MSPs are so powerful. So if the channel ecosystem matures to the point that it can also start automating for the customer, I think this is just a huge [opportunity] that they can monetize. And they’ve got all the technology to do it. As far as I’m concerned, [SentinelOne is] giving you all the bits and pieces to build a whole new business for the next generation.

How are you working to continue improving how you enable and reward partners with your channel program?

We’re doubling down with our channel ecosystem. We’re designing a new, next-generation [program] for everybody that will include all of these different components in data ingestion, data orchestration, obviously in the data lake. And we want to teach them. So we’re going to beef up our university capabilities, our cyber university, to make sure that we can show folks what’s actually possible and what opportunity really looks like. If they can then embrace it, then they become the enabler for generative AI adoption, which is big. Instead of it being innately a vendor like IBM or ServiceNow, we want to make sure it’s distributed and democratized, so it gets to every business and they can implement it for every business. So that, to me, is the opportunity. The midmarket in cybersecurity [is] a $100 billion market opportunity. The majority of it doesn’t sit in the Fortune 500. It sits in that [market] that you all serve. So remembering that just paints the picture of what your ability is. And don’t forget that there’s still a lot of runway in the core endpoint space to go after—[displacing] the older antivirus, EDR Gen 1 providers.

How big of an investment are you making in this new partner program?

Next year is going to be a big year for us. We just crossed $1 billion ARR, which is pretty amazing. That kind of puts us in the top 10 of cybersecurity providers. If you factor in our growth, that puts us in the realm of the top three in the world. And when we think about that scale, we are looking at a much broader capability set and customer estate as we go through next year. And we also have new ways to sell our platform. We just introduced our Flex pricing program, which really allows you to go in and sell the platform one time and let customers take whatever they want via that structure. It’s been very effective with partners. We did a soft launch with a few select partners. Going into next year, we obviously want to incentivize channel partners to use that structure more and more. It’s going to be incredibly yielding for them. So we’re also changing how we think about margins, and how we think about teaming up with channel partners globally. [Previously] we were a fast-coming upstart. Now we’re a scaled player, and that’s also reflected in what we do in the channel. You’re going to see us double down significantly. You’ll see us get more aggressive with our Flex program and make it more lucrative for channel partners. It really allows customers to take anything on the platform with such ease of use. And today, our platform has about 30 different capabilities. We’ve got a full cloud security stack, full EDR, vulnerability management, MDR capabilities, SIEM solutions, data pipelines, data orchestration, GenAI DLP. So there’s a lot that our customers can consume from the platform today. And I think this is the inflection point for us, where the channel needs to start using us as a full platform solution versus just selling a great EDR. They can still do that, but at the same time, if they already sold EDR, the opportunity for an EDR customer to expand is incredibly significant.

Last year, we had the CrowdStrike outage, and after that, Microsoft delivered a private preview of Windows endpoint security platform with the user mode alternative to kernel access. How did that impact SentinelOne and the security market in general?

It didn’t really hurt us. I think those are the architectural changes that are long-haul changes. There’s nothing that can happen tomorrow. It’s going to take some significant time to re-architect, to get to the point that there’s no kernel involvement for endpoint security products. We're all trying to get there. I think that some of the components need to move outside the kernel for that vendor. We always have a very different architecture, where what we do in the kernel is the bare minimum, and then everything else we do naturally is in user space. If we don’t need to have it in the kernel, we don’t put it in the kernel. It’s the most sensitive spot in the endpoint. It’s been, architecturally speaking, no news for us. But we always kind of felt that that should be the architecture to begin with. That’s already the way it works in macOS. Since the outage, I think there's obviously a much bigger focus on resilience. Now, by the way, everybody has outages. But also, all outages have not been created equal. And I think that the type of outage that we saw through that global catastrophe is the worst kind of outage. It’s an outage with no redundancy, no resilience, no backup. And I think that was the very disorienting thing for customers. They were like, ‘How can this happen?’

You spend a significant amount of time working on the board of trustees for Palo Alto University, which focuses on psychology and counseling, and you’ve talked a lot about the mental health crisis that we’re seeing here in this era. Can you just talk about why mental health is an important topic for you—and also, what role do you see technology playing in the future of care?

It’s a huge topic, and I think that it’s becoming even more important with generative AI. Because what we’re seeing today is that none of us really understand the impact of generative AI—much like we did not understand the impact of social media 10 years ago. We now are free to use all these different systems, and we do not understand the societal impacts. I’m not talking about the doomsday scenario where AI shuts all of us down—I’m not saying that it’s not plausible, but I’m not talking about that. I’m really talking about how our mind evolves as we use these systems. I think what a lot of us don’t realize is that our consumption of information through digital means today—and then by proxy, through ChatGPT or [other AI apps]—is so pervasive that we don’t even stop to question how legitimate is the information that we’re consuming. We sometimes know that what we’re consuming is not legitimate. It doesn’t negate a lot of the impact that it has on our mind. I think what we’re seeing today online is such a huge crisis, and there’s going to be some impact on our own mental, cognitive capabilities. With Palo Alto University, one of the missions is how do we do enough research to find and highlight all these problems? And then, what’s the role of technology? And how can we actually fuse the profession of mental health and make it more embedded into tools like ChatGPT? So instead of ChatGPT pretending to be a therapist—and we’ve already seen one case when a teen took his life—you want to make sure that you’re embedding professionals inside of these models as experts and you’re building the right guardrails that come from the right research. But right now, there’s not enough research. There’s not enough control. There’s not enough guardrails. So the advantage of having PAU is that PAU sits in Palo Alto, in Silicon Valley, with all of us tech companies. So it’s a huge cause, and it’s something that I hope will get better in time. But we need more people pushing in that direction for sure.