CrowdStrike unleashed a new agentic security workforce across the CrowdStrike Falcon® platform. CrowdStrike is expanding agentic capabilities in two ways: mission-ready agents available in Falcon modules, and Charlotte AI AgentWorks, a new, no-code platform that makes every security team an AI builder. Together, these innovations deliver machine-speed capabilities to automate repetitive tasks, accelerate outcomes, and empower analysts to focus on the strategic decisions that strengthen security.
The Agentic Security Workforce is powered by the Falcon Agentic Security Platform, unveiled as the foundation of the agentic SOC.
“Our vision is that every security analyst will be in command of an agentic security workforce that eliminates the time-consuming and repetitive tasks better suited for machines,” said Michael Sentonas, president of CrowdStrike. “We started with seven of the most common and high-impact workflows, embedding the expertise of Falcon Complete analysts into agents that reason, decide, and act with the judgment of an elite analyst at machine-speed. And with Charlotte AI AgentWorks, customers can go further, building and customizing their own agents to extend these capabilities into the unique workflows of their environment.”
Mission-Ready Agents: Automating Analyst Workflows
The agentic SOC is more than tools, it’s an AI-powered workforce running at machine-speed, always under defender control. CrowdStrike’s first fleet of agents – powered by Charlotte AI – are designed to handle critical security workflows and automate repetitive tasks, freeing analysts to focus on higher-value work and accelerating outcomes. Available as part of Falcon modules and informed by millions of real-world decisions from Falcon® Complete Next-Gen MDR, these agents unlock even more value from the Falcon platform by scaling expertise and accelerating investigations. CrowdStrike’s first wave of agents includes:
Also Read: Exabeam and Cribl Partner to Power Scalable, High-Fidelity Threat Detection with Next-Gen Data Pipelines
- Exposure Prioritization Agent (Falcon Exposure Management): Automates vulnerability triage, shrinking backlogs and focusing remediation on exploitable risks.
- Malware Analysis Agent (Falcon Threat Intelligence): Analyzes files, maps malware families, and generates YARA rules – enabling defense at the family level instead of file-by-file.
- Hunt Agent (Falcon Threat Intelligence): Automates proactive threat hunting, continuously scanning for emerging threats.
- Search Analysis Agent (Falcon Next-Gen SIEM): Summarizes and interprets query results in seconds, reducing hours of manual analysis.
- Correlation Rule Generation Agent (Falcon Next-Gen SIEM): Recommends and tunes detection rules for advanced threats and insider risks.
- Data Transformation Agent (Falcon Next-Gen SIEM): Normalizes and translates data across tools, removing errors that stall automation.
- Workflow Generation Agent (Falcon Next-Gen SIEM): Converts natural language into automated workflows in Falcon Fusion, no coding required.
Charlotte AI AgentWorks: Build and Customize Agents
Alongside CrowdStrike-delivered agents, customers can now build and deploy their own. With Charlotte AI AgentWorks, every security team becomes an AI builder and orchestrator – using natural language to set the mission, define the data, and control behavior. With no coding and no friction, agents are built, tested, and deployed directly in the Falcon platform with enterprise-grade security and governance.
The Agentic Workforce with the Judgment of Elite Analysts
Trained on millions of expert SOC decisions from Falcon Complete Next-Gen MDR, CrowdStrike’s new security workforce operates with reasoning, oversight, and guardrails. Analysts can guide and collaborate with agents in real time, centralizing agentic defense in a single platform that scales expertise, accelerates investigations, and improves outcomes.
Agentic Response Collaboration
Charlotte AI can securely connect and collaborate with trusted third-party agents from partners including Abnormal AI, Corelight, ExtraHop, Google, GreyNoise, Proofpoint, Rubrik, Salesforce, ServiceNow, Zscaler, and others. This extends agentic defense across the broader enterprise ecosystem, with Charlotte AI as the trusted command plane for human–machine and multi-agent collaboration.
Source: BusinessWire