Customers of cybersecurity firm SentinelOne were left without answers or a clear view of their security status for hours May 29 due to a console outage that the vendor has yet to explain, though it said in a brief statement that its “RCA [root cause analysis] suggests this is not a security incident.”
The outage that occurred midmorning took down the Mountain View, California-based company’s commercial customer consoles, through which enterprises and other organizations can view, monitor, and manage their cybersecurity systems. The outage lasted about six hours.
“We are aware of ongoing console outages affecting commercial customers globally and are currently restoring services,” SentinelOne wrote in the online notice about three hours after the blackout hit. “Customer endpoints are still protected at this time, but managed response services will not have visibility.”
Cybersecurity expert Kevin Beaumont succinctly summed up the situation in a brief post on the Mastodon social media site: “Managed response services not having access = your outsourced security detection and response has stopped.”
Customer Worry, Anger
The incident generated a lot of questions and worry online among enterprise security teams that suddenly found they had no way of gauging the situation with their cybersecurity protections and were further frustrated with the lack of communication from SentinelOne, which has reported more than 14,000 customers worldwide.
One person wrote that the system was “down for a few hours for us. Our SOC [security operations center] is still gathering details. I was concerned that although the agents were still running and providing protection, how was alerting impacted? It seems if an event occurred on an agent, there was no way to get an alert.”
Many of the postings on Reddit threads were from people complaining that they couldn’t reach company representatives and that the vendor took hours before sending out the notice.
“My first reports were around 10:15 AM Eastern, and the first notice wasn’t sent until around 2:30 PM – and even then, I didn’t personally receive anything,” one of the posters wrote. “I don’t know about you, but four hours of complete silence and zero visibility for a cybersecurity service is terrifying. Timely and transparent communication is critical in situations like this. Silence leaves your customers guessing and erodes trust.”
Wasn’t a CrowdStrike Situation
There were more than a few comparisons to the high-profile global outage of rival CrowdStrike last summer that was caused by a faulty software update that crashed 8.5 million Windows systems and ground to a halt operations at airports and other facilities.
Beaumont on this Mastodon page, 16 hours after the SentinelOne systems went back online, wrote that “overall a good response I thought, they stuck it on the front page of their website. Orgs did lack visibility and MDR [managed detection and response] coverage during the event, which sucks but hopefully lessons will be learnt.”
Strong Numbers, Soft Forecast
The systems failure came a day after SentinelOne reported its first Fiscal Year 2026 earnings, including a 23% year-to-year jump in revenue, to $229 million and a 24% increase in annualized recurring revenue (ARR), to $948.1 million and the number of customers with ARR of more than $100,000 was at 1,459, which was a 22% bump.
However, SentinelOne executives offered soft future guidance, which included revenue for the second quarter at about $242 million, a little less than the $244.88 million estimate, and a lowered forecast for the full fiscal year, from $1 billion to about $996 million. Financial nalyst expectations were at $1.01 billion.
