Some other announcements worth mentioning.
SentinelOne has unveiled its next generation of Purple AI, known as the Purple AI Athena release, which introduces advanced agentic capabilities designed to enhance cybersecurity operations. This new platform automates critical processes such as threat triaging and investigation, significantly reducing the time it takes to respond to security incidents. The Purple AI Athena release was announced at the RSA Conference 2025 and aims to support Security Operations teams by mirroring the reasoning and analytical skills of experienced security analysts. The aim is to integrate seamlessly with third-party security information and event management systems, streamlining operations and providing immediate insights across various security data sources.
Huntress has unveiled its enhanced Managed Identity Threat Detection and Response solution, designed to combat the rising threat of identity-based attacks, which now account for over 40 percent of security incidents in many organizations. A recent survey conducted by UserEvidence found that 67 percent of organizations reported an increase in identity-based incidents over the past three years, with 32 percent of businesses experiencing losses exceeding $100,000 due to these attacks. The new capabilities of Huntress’s solution include proactive detection of rogue applications, unwanted access, and monitoring of email delivery to prevent business email compromise scams.
Microsoft has announced that paid subscriptions will be required for the Windows Server 2025 hotpatching service, which allows administrators to install security updates without rebooting their servers. Starting July 1, 2025, users will need to subscribe at a rate of $1.50 per central processing unit core per month to access this feature. Currently available in preview, hotpatching will transition to a subscription model after June 30, 2025. Microsoft emphasized the importance of disenrolling from the preview program to avoid automatic subscription activation. This service, which has been in preview since 2024, is designed to enhance server management by reducing downtime during security updates. According to Microsoft, this advancement takes what was previously an Azure-only capability and expands it to on-premises and multi-cloud environments through Azure Arc.
Why do we care?
If you’re building or augmenting a SOC practice, this is a glimpse into where tooling is heading—AI copilots that make level-1 decisions autonomously. Integration with third-party SIEMs shows SentinelOne is trying to coexist, not dominate the full stack. That’s notable restraint.
Huntress isn’t pivoting—it’s expanding its SMB-focused stack to match enterprise-grade threats, with simpler implementation. That’s directly aligned with MSP needs.
As for Microsoft, paying to fix their mistakes is painful. This will increase costs for clients running high-core count systems, especially in regulated environments where patching is frequent. It also forces MSPs to rethink patch management value—is “no downtime” patching something customers are willing to pay for?