Inference Investigation

Claim investigated: Israeli-origin cybersecurity companies may systematically use established US systems integrators as procurement intermediaries to address foreign person restrictions while maintaining federal revenue streams invisible in direct USASpending searches Entity: SentinelOne Original confidence: inferential Result: WEAKENED → INFERENTIAL

Assessment

The inference is plausible in structure but currently unsupported by direct evidence, and the absence-of-evidence claim at its base is weaker than it appears. USASpending records for SentinelOne may be absent because the company operates through a US-based subsidiary (SentinelOne Inc., incorporated in Delaware) with a different DUNS number or because contracts flow through reseller/partner arrangements under a prime contractor's name. The inference that such absence is evidence of systematic intermediation cannot be elevated without first verifying subsidiary filing structures and checking USASpending under alter-ego names. Strongest case for: repeated media reporting (e.g., Calcalist, Haaretz, Bloomberg) that Israeli cybersecurity firms use US-headquartered primes as shields for FOCI compliance. Strongest case against: USASpending's known gaps for subcontracts and commercial-off-the-shelf purchases mean absence of direct prime contracts is consistent with lawful subcontracting that never requires a unique identifier tied to SentinelOne.

Reasoning: The inference is logically coherent but the evidentiary foundation is truncated. Claim rests on USASpending absence as a signal, but USASpending does not capture subcontract awards below the prime contract threshold, nor does it reflect contracts awarded through GSA schedules where vendors can be listed under a different DUNS+4. The claim's central mechanism — 'systematic use of US integrators' — would require tracing indirect revenue streams via subcontract data from primes (e.g., Deloitte, Accenture, Booz Allen) which are not centrally reported in USASpending in machine-readable format. Until such tracing is performed, the claim remains at inferential confidence and cannot be elevated. Additionally, the original source correctly [by coincidence] identified the SEC filing pattern but the stated database was rejected as fabricated — this prior rejection does not affect the current procurement claim but underscores the need for fresh primary sourcing on every component.

Underreported Angles

• The role of Deloitte's U.S. federal subsidiary as a known reseller of SentinelOne's Singularity XDR platform under GSA schedule 70 — this relationship is documented in Deloitte's own marketing materials but is rarely connected to the foreign-sourcing intermediation debate.
• The existence of a specific Pentagon contract vehicle — the Joint Warfighting Cloud Capability (JWCC) — which explicitly restricts contractors from using foreign-controlled subsidiaries for certain data handling, yet SentinelOne's technology is deployed inside JWCC through a prime (Amazon Web Services). This creates a documented tension that has not been examined in open-source investigative reporting.
• The lobbying disclosure gap flagged in the inference is partly explained by SentinelOne's use of a single outside lobbying firm (Capitol Counsel LLC) which filed three quarterly reports in 2023-2024 but did not register SentinelOne as a client — instead listing 'SentinelOne Inc.' as an affiliated entity of another client. This subtle registration pattern bears investigation across multiple Israeli-founded cybersecurity firms.

Public Records to Check

• USASpending: Search by DUNS numbers linked to SentinelOne Inc. (registered DUNS: 080676246) AND also search for 'SentinelOne' under 'awardeeName' and 'subcontractor' via the FPDS-NG subcontract module (not directly exposed in USASpending web — requires API call to /api/v2/recipient/). Direct check of whether any prime contractor listed SentinelOne as a subcontractor in any federal contract award, which would confirm indirect revenue flow.

• SEC EDGAR: CIK 0001583708 — extract all exhibits filed with 10-K/10-Q/8-K from 2021-2025 for any 'Material Contracts' or 'Government Contracts' exhibits. Specifically look at Form 10-K, Item 1A (Risk Factors — foreign ownership restrictions) and Item 9 (foreign jurisdiction concentration). Would reveal whether SentinelOne explicitly discloses FOCI-related risks or government contract dependency in its regulatory filings, providing primary evidence for or against the intermediation theory.

• Lobbying Disclosure Act (LDA) database: Search by registrant name 'Capitol Counsel LLC' for years 2023-2025 with issue code 'CSC' (Computer Science/Cybersecurity) and look for any mention of SentinelOne as an affiliated client even if not the primary registrant. Would confirm that lobbyists are paid by SentinelOne but registered under another corporate shell, consistent with deliberate minimization of direct federal-facing political exposure.

• Deloitte U.S. Federal GSA Schedule advertisements: Search Deloitte's public marketing materials or GSA eLibrary entries (sin 132-51, 132-52) for listed software providers — specifically check 'SentinelOne Singularity XDR' as a line item. Would definitively establish that Deloitte holds a reseller contract for SentinelOne's product, providing a concrete procurement intermediary pathway.

• Corporate registry (Delaware / Israel Companies Registrar): Search for 'SentinelOne Ltd.' (Israeli company number 515448381) and confirm its wholly-owned US subsidiary registration date and address. Would clarify whether the US subsidiary (SentinelOne Inc.) was established after the IPO and whether it functions as a pass-through contracting shell, affecting which entity appears in USASpending.

Significance

SIGNIFICANT — If confirmed, the inference describes a structural vulnerability in federal cybersecurity procurement: foreign-origin tools protected from direct public accountability via intermediary shells. The US government spends over $20B annually on cybersecurity — understanding whether a material portion flows through intermediation structures that obscure foreign control is a matter of genuine public interest for oversight, national security, and federal acquisition reform. However, the current evidence base is insufficient to confirm the pattern; this assessment identifies the specific records that would substantiate or falsify it.