Silverfort and SentinelOne are merging identity security with AI-powered threat detection. The timing couldn't be more urgent.

by Kasun Illankoon, Editor in Chief at Tech Revolt

[For more news, click here]

There's a number that should alarm every enterprise security team: 89 seconds.

That's how long it took for the first infection to spread after a North Korean state actor hijacked the npm credentials of a trusted open-source maintainer on March 31, 2026. No human could have caught it in time. No manual workflow could have stopped it. By the time a security analyst finished their morning coffee, the damage was already done.

One week earlier, a different kind of attack unfolded, this time, an autonomous coding assistant quietly modified a popular AI library called LiteLLM and pushed a trojaned version without any human ever touching the keyboard. It was just a normal, automated workflow. Except it wasn't.

These aren't isolated incidents or future threat scenarios. They are the present-tense reality of modern enterprise security, and they expose a fundamental gap: most organizations are still defending machine-speed attacks with human-speed tools.

The Identity Crisis at the Heart of AI Security

For decades, identity security meant protecting usernames and passwords. Then came multi-factor authentication, single sign-on, and zero trust architectures. But the explosion of AI agents, autonomous workflows, and non-human identities (NHIs) has shattered that framework entirely.

Modern enterprises aren't just populated by employees. They're populated by service accounts running database queries at 3 a.m., APIs silently exchanging tokens between microservices, cloud workload identities provisioning infrastructure on demand, and increasingly, AI agents executing complex multi-step tasks on behalf of humans, all at machine speed, all using legitimate credentials, all invisible to traditional security tools.

This is the identity problem that Silverfort and SentinelOne are now jointly tackling. The two companies announced a strategic partnership designed to secure human, AI agent, and non-human identities at runtime, not after the breach, not during the post-incident review, but in the moment the threat is executing.

The ambition is significant: a unified, real-time control plane that connects identity and endpoint intelligence into what the companies call "a single decision fabric." In plain terms, it means the moment a compromised credential attempts to move laterally inside a network, the system doesn't just log it, it stops it.

Why 44 Seconds Changes Everything

When SentinelOne's behavioral AI caught the trojaned LiteLLM package mid-execution, it did so in under 44 seconds, preemptively killing the malicious process chain before it could do damage. The source? Anthropic's Claude Code, running with unrestricted permissions as part of an automated development pipeline.

This detail matters enormously. The attack didn't come from a phishing email or a stolen password sold on a dark web forum. It came from a trusted AI tool embedded in a legitimate workflow. The attack surface isn't the perimeter anymore, it's the workflow itself.

This is the convergence that makes the Silverfort-SentinelOne partnership particularly well-timed. Silverfort brings deep expertise in discovering and protecting non-human identities: the service accounts, machine-to-machine authentications, and AI agent identities that most security platforms either ignore or can't see.

SentinelOne brings AI-powered detection across endpoints, cloud workloads, and user identities through its Singularity Platform — the same platform that flagged the LiteLLM attack before human eyes ever saw it.

Together, they're addressing something neither company could do effectively alone: correlating what an identity is doing at the endpoint level with what it's authenticating as at the identity layer, simultaneously, in real time.

What the Joint Solution Actually Does

The technical integration centers on four core capabilities that represent a meaningful step forward from point-solution security.

The first is runtime identity security at scale. Silverfort enforces access controls, including MFA, just-in-time access, and adaptive policies, across all identity types, including legacy systems and proprietary applications that have historically been left outside the security perimeter. This closes a gap that attackers have exploited for years: once inside a network, moving to an unprotected legacy application is trivially easy.

The second is AI-powered correlation. By combining endpoint signals from SentinelOne with identity signals from Silverfort in real time, the joint platform can detect behavioral anomalies that neither system would catch independently. A service account that normally queries one database suddenly authenticating to a financial system at an unusual hour becomes a detectable signal, not just a log entry.

The third is autonomous response. When a threat is confirmed, the integrated system can block it without waiting for a human to approve the action. This is the critical capability gap the LiteLLM and Axios attacks exposed: the attacks moved faster than human response times allow. Autonomous enforcement is no longer optional — it's the only defense that operates at the right speed.

The fourth is surgical incident response. Rather than taking down entire systems during a breach — a disruptive and costly approach — the platform is designed to allow responders to isolate and remove threat actors precisely, keeping business operations running while the threat is contained.

"Security architectures built around isolated tools are failing to keep up with modern threats," said Ron Rasin, Chief Strategy Officer at Silverfort. "By unifying runtime identity enforcement with autonomous AI Security, we are helping organizations stop identity-driven attacks before damage occurs, and preparing them to secure the next generation of AI-powered environments. Together, this joint solution enables organizations to secure their entire environment from a single platform, consistently across both cloud and on-premises environments."

The Bigger Picture: Agentic AI Is Changing the Attack Surface Forever

The Silverfort-SentinelOne announcement arrives at a moment when the security industry is grappling with a fundamental question: as enterprises hand more autonomy to AI agents, who is responsible when those agents become attack vectors?

Photo: Melissa K. Smith, SVP of Global Strategic Partnerships & Initiatives at SentinelOne

The answer, increasingly, is that no single tool can answer that question alone. Endpoint detection that doesn't understand identity context will always be playing catch-up. Identity security that doesn't see what's happening at the endpoint level will always be missing the full picture.

What the partnership signals is a broader shift in the industry: the era of best-of-breed tools operating in silos is giving way to integrated platforms that can reason across security domains simultaneously. Identity risk, which for too long was treated as a compliance checkbox rather than a runtime threat, is finally becoming a first-class signal in AI-driven threat detection.

"In cybersecurity, the strongest defense is a unified one," said Melissa K. Smith, SVP of Global Strategic Partnerships & Initiatives at SentinelOne. "By joining forces with Silverfort, we're moving beyond traditional boundaries to create a security ecosystem that is truly autonomous. We want to take the guesswork out of identity protection. Together, we're delivering a level of visibility and real-time enforcement that neither identity nor endpoint tools could achieve alone, ensuring our customers remain resilient in an increasingly complex threat landscape."

The 89-second Axios attack and the 44-second LiteLLM response tell you everything you need to know about where enterprise security is heading. The threats are autonomous. The attacks are machine-speed. And the only viable defense — increasingly — is one that meets them on equal terms.