SentinelOne
@sentinelone.com
The world’s most advanced, autonomous AI-powered cybersecurity platform. We empower the world to run securely, with leading organizations trusting us to Secure Tomorrow™. Secure your enterprise: http://sentinelone.com/request-demo/
Understanding what happens inside the LLM when attacks work is the first step to defending against them.
Read the full analysis: s1.ai/inside-llm-1
Read the full analysis: s1.ai/inside-llm-1
Inside the LLM | Understanding AI & the Mechanics of Modern Attacks
Learn how attackers exploit tokenization, embeddings and LLM attention mechanisms to bypass LLM security filters and hijack model behavior.
s1.ai
January 15, 2026 at 4:35 PM
Understanding what happens inside the LLM when attacks work is the first step to defending against them.
Read the full analysis: s1.ai/inside-llm-1
Read the full analysis: s1.ai/inside-llm-1
LLM attacks aren't just “prompt injection.” They are exploits of how Transformer-based models process input — from BPE tokenization quirks to gradient-based manipulation of attention.
January 15, 2026 at 4:35 PM
LLM attacks aren't just “prompt injection.” They are exploits of how Transformer-based models process input — from BPE tokenization quirks to gradient-based manipulation of attention.
In this technical primer from @sentinellabs.bsky.social, @philofishal.bsky.social breaks down exactly how attackers exploit the gap between human semantics and machine statistics.
January 15, 2026 at 4:35 PM
In this technical primer from @sentinellabs.bsky.social, @philofishal.bsky.social breaks down exactly how attackers exploit the gap between human semantics and machine statistics.
Swipe through all the forecasts that could shape this year.
Read the full report: s1.ai/Predictns
Read the full report: s1.ai/Predictns
January 13, 2026 at 9:46 PM
Swipe through all the forecasts that could shape this year.
Read the full report: s1.ai/Predictns
Read the full report: s1.ai/Predictns
This is what our intelligence-led security research focuses on:
- Tracking geopolitical pressure before it escalates or ruptures
- Modeling cyber fallout before it hits networks
- Calling the shape of conflict — not just reacting to it
- Tracking geopolitical pressure before it escalates or ruptures
- Modeling cyber fallout before it hits networks
- Calling the shape of conflict — not just reacting to it
January 13, 2026 at 9:46 PM
This is what our intelligence-led security research focuses on:
- Tracking geopolitical pressure before it escalates or ruptures
- Modeling cyber fallout before it hits networks
- Calling the shape of conflict — not just reacting to it
- Tracking geopolitical pressure before it escalates or ruptures
- Modeling cyber fallout before it hits networks
- Calling the shape of conflict — not just reacting to it
Built to help government teams reduce complexity and respond faster — across every environment.
Learn more: s1.ai/GovRAMP
Learn more: s1.ai/GovRAMP
SentinelOne Achieves GovRAMP Authorization at the High Impact Level for its AI-powered Singularity Cybersecurity Platform
SentinelOne reinforces its leadership position in public sector resilience with AI-driven protection securing state and local governments nationwide.
s1.ai
January 8, 2026 at 2:19 PM
Built to help government teams reduce complexity and respond faster — across every environment.
Learn more: s1.ai/GovRAMP
Learn more: s1.ai/GovRAMP
That means security meeting the highest standards of trust and compliance.
January 8, 2026 at 2:19 PM
That means security meeting the highest standards of trust and compliance.
📘 Read the @sentinellabs.bsky.social 2025 Review → www.sentinelone.com/blog/12-mont...
12 Months of Fighting Cybercrime & Defending Enterprises | The SentinelLABS 2025 Review
From ransomware repurposed for espionage to increased exploitation of cloud platforms, learn about the key trends from SentinelLABS research in 2025.
www.sentinelone.com
January 6, 2026 at 5:00 PM
📘 Read the @sentinellabs.bsky.social 2025 Review → www.sentinelone.com/blog/12-mont...
⚙️ LLM-enabled malware isn’t about intelligence.
It’s about operational acceleration. s1.ai/llm-mw
It’s about operational acceleration. s1.ai/llm-mw
Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware
LLM-enabled malware poses new challenges for detection. SentinelLABS presents groundbreaking research on how to hunt for this new class of threats.
s1.ai
January 6, 2026 at 4:59 PM
⚙️ LLM-enabled malware isn’t about intelligence.
It’s about operational acceleration. s1.ai/llm-mw
It’s about operational acceleration. s1.ai/llm-mw
🧠 Contagious Interview showed adversaries monitoring CTI platforms in real time — watching defenders watch them. s1.ai/nk-ops
Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms
DPRK-aligned threat actors abuse CTI platforms to detect infrastructure exposure and scout for new assets.
s1.ai
January 6, 2026 at 4:59 PM
🧠 Contagious Interview showed adversaries monitoring CTI platforms in real time — watching defenders watch them. s1.ai/nk-ops
🔍 FreeDrain exposed crypto phishing at industrial scale — 38K+ subdomains abusing trusted platforms.
Cybercrime now operates like a business. s1.ai/FreeDrain
Cybercrime now operates like a business. s1.ai/FreeDrain
FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network
FreeDrain is a modern, scalable phishing operation exploiting weaknesses in free publishing platforms to steal cryptocurrency on a global scale.
s1.ai
January 6, 2026 at 4:59 PM
🔍 FreeDrain exposed crypto phishing at industrial scale — 38K+ subdomains abusing trusted platforms.
Cybercrime now operates like a business. s1.ai/FreeDrain
Cybercrime now operates like a business. s1.ai/FreeDrain
AI emerged as a force multiplier — not a revolution.
Faster spam. Scaled fraud. Automated tradecraft.
Speed became the advantage.
Faster spam. Scaled fraud. Automated tradecraft.
Speed became the advantage.
January 6, 2026 at 4:59 PM
AI emerged as a force multiplier — not a revolution.
Faster spam. Scaled fraud. Automated tradecraft.
Speed became the advantage.
Faster spam. Scaled fraud. Automated tradecraft.
Speed became the advantage.
The real risk isn’t “superintelligent malware.” It’s industrialized extortion — faster, noisier, and harder to disrupt.
Full @sentinellabs.bsky.social analysis by Gabriel Bernadett-Shapiro, Jim Walter, and @alex.leetnoob.com: s1.ai/llm-rw
Full @sentinellabs.bsky.social analysis by Gabriel Bernadett-Shapiro, Jim Walter, and @alex.leetnoob.com: s1.ai/llm-rw
LLMs & Ransomware | An Operational Accelerator, Not a Revolution
LLMs make competent ransomware crews faster and novices more dangerous. The risk is not superintelligent malware, but rather industrialized extortion.
s1.ai
December 17, 2025 at 8:07 PM
The real risk isn’t “superintelligent malware.” It’s industrialized extortion — faster, noisier, and harder to disrupt.
Full @sentinellabs.bsky.social analysis by Gabriel Bernadett-Shapiro, Jim Walter, and @alex.leetnoob.com: s1.ai/llm-rw
Full @sentinellabs.bsky.social analysis by Gabriel Bernadett-Shapiro, Jim Walter, and @alex.leetnoob.com: s1.ai/llm-rw
At the high end, we predict actors are moving toward self-hosted, open models.
Why? Fewer guardrails. Less provider telemetry. More control.
Why? Fewer guardrails. Less provider telemetry. More control.
December 17, 2025 at 8:07 PM
At the high end, we predict actors are moving toward self-hosted, open models.
Why? Fewer guardrails. Less provider telemetry. More control.
Why? Fewer guardrails. Less provider telemetry. More control.
Much of this mirrors everyday enterprise workflows — repurposed for crime.
LLMs compress timelines, reduce effort, and let attackers operate across more languages and environments.
LLMs compress timelines, reduce effort, and let attackers operate across more languages and environments.
December 17, 2025 at 8:07 PM
Much of this mirrors everyday enterprise workflows — repurposed for crime.
LLMs compress timelines, reduce effort, and let attackers operate across more languages and environments.
LLMs compress timelines, reduce effort, and let attackers operate across more languages and environments.
Despite the hype, we found no new class of AI-driven ransomware attacks at scale. Instead, LLMs accelerate what already works:
• Faster phishing & recon
• Multilingual targeting 🌍
• Streamlined data triage & negotiation
• Faster phishing & recon
• Multilingual targeting 🌍
• Streamlined data triage & negotiation
December 17, 2025 at 8:07 PM
Despite the hype, we found no new class of AI-driven ransomware attacks at scale. Instead, LLMs accelerate what already works:
• Faster phishing & recon
• Multilingual targeting 🌍
• Streamlined data triage & negotiation
• Faster phishing & recon
• Multilingual targeting 🌍
• Streamlined data triage & negotiation
2025 showed us a clear trajectory: Security is moving toward unified data, autonomous workflows, and AI-native analysis — all essential for operating at the scale modern environments demand.
December 16, 2025 at 5:51 PM
2025 showed us a clear trajectory: Security is moving toward unified data, autonomous workflows, and AI-native analysis — all essential for operating at the scale modern environments demand.
What We Learned From the Defender: Across the industry, defense evolved toward cohesive AI security.
December 16, 2025 at 5:51 PM
What We Learned From the Defender: Across the industry, defense evolved toward cohesive AI security.