![[The AI Show Episode 151]: Anthropic CEO: AI Will Destroy 50% of Entry-Level Jobs, Veo 3’s Scary Lifelike Videos, Meta Aims to Fully Automate Ads & Perplexity’s Burning Cash](https://www.marketingaiinstitute.com/hubfs/ep%20151%20cover.png)
_Andrea_Danti_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Google Pixel 10 series launch date might actually be August 20 [Update]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/09/Pixel-9-Pro-XL-camera-bar-low-light.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![Apple AI Launch in China Delayed Amid Approval Roadblocks and Trade Tensions [Report]](https://www.iclarified.com/images/news/97500/97500/97500-640.jpg)
SentinelOne Global Service Outage Root Cause Revealed
Cybersecurity company SentinelOne has released a comprehensive root cause analysis revealing that a software flaw in an infrastructure control system caused the global service disruption that affected customers worldwide on May 29, 2025. The outage, which lasted approximately 20 hours, was fully restored by May 30 at 10:00 UTC, preventing customers from accessing the SentinelOne […] The post SentinelOne Global Service Outage Root Cause Revealed appeared first on Cyber Security News.
Cybersecurity company SentinelOne has released a comprehensive root cause analysis revealing that a software flaw in an infrastructure control system caused the global service disruption that affected customers worldwide on May 29, 2025.
The outage, which lasted approximately 20 hours, was fully restored by May 30 at 10:00 UTC, preventing customers from accessing the SentinelOne management console and related services.
However, their endpoint protection remained operational throughout the incident. The company has confirmed this was not a security-related event, and no customer data was lost.
According to the official analysis, the disruption occurred when critical network routes and DNS resolver rules were automatically deleted due to a software flaw in a soon-to-be-deprecated control system.
SentinelOne Global Service Outage
The incident began at 13:37 UTC on May 29 when the faulty system was triggered by the creation of a new account during SentinelOne’s ongoing transition to a new Infrastructure-as-Code (IaC) architecture.
“A software flaw in the control system’s configuration comparison function misidentified discrepancies and applied what it believed to be the appropriate configuration state, overwriting previously established network settings,” the company explained. The deprecated system restored an empty route table, causing widespread loss of network connectivity across all regions.
The outage significantly impacted security teams’ ability to manage their operations, though endpoint protection continued uninterrupted.
Customer reports began flowing to SentinelOne Support at 13:55 UTC, just 18 minutes after the initial system failure. Engineering teams identified missing routes on Transit Gateways by 14:27 UTC and immediately began restoration efforts.
SentinelOne’s communication strategy encompassed multiple channels, including announcements on their Customer Portal, email notifications to all customers and partners, social media updates on platforms such as Reddit, and blog posts to keep stakeholders informed throughout the recovery process.
Console access was restored by 20:05 UTC, with full service restoration achieved approximately 14 hours later.
The company has implemented several corrective measures following the incident. SentinelOne is auditing EventBridge and other automatically triggered functions to prevent the deprecated control code from being activated during their architectural transition.
The company is also accelerating its migration to the new IaC infrastructure to eliminate the risks associated with running split architectures.
Additionally, SentinelOne has backed up all Transit Gateway configurations and is improving recovery automation to prevent manual restoration delays in future incidents.
The company is also developing an independently operated public status page and has updated high-severity incident playbooks to ensure better customer communication.
Notably, Federal customers using GovCloud environments were completely unaffected by this incident, though they were notified for transparency purposes. This highlights the segregated nature of SentinelOne’s infrastructure designs for different customer segments.
The incident underscores the complexities technology companies face when modernizing critical infrastructure while maintaining service continuity and demonstrates the importance of robust incident response procedures in cybersecurity operations.
Celebrate 9 years of ANY.RUN! Unlock the full power of TI Lookup plan (100/300/600/1,000+ search requests), and your request quota will double.
The post SentinelOne Global Service Outage Root Cause Revealed appeared first on Cyber Security News.
