CrowdStrike Unleashes the Agentic Security Workforce to Transform Security Operations
CrowdStrike introduces new, mission-ready agents out of the box to automate high-impact workflows; Unveils Charlotte AI AgentWorks, the first no-code security agent development platform that enables teams to build, orchestrate, and scale AI agents securely
Fal.Con 2025, Las Vegas – CrowdStrike (NASDAQ:CRWD) today unleashed a new agentic security workforce across the CrowdStrike Falcon® platform. CrowdStrike is expanding agentic capabilities in two ways: mission-ready agents available in Falcon modules, and Charlotte AI AgentWorks, a new, no-code platform that makes every security team an AI builder. Together, these innovations deliver machine-speed capabilities to automate repetitive tasks, accelerate outcomes, and empower analysts to focus on the strategic decisions that strengthen security.
The Agentic Security Workforce is powered by the Falcon Agentic Security Platform, unveiled today as the foundation of the agentic SOC.
"Our vision is that every security analyst will be in command of an agentic security workforce that eliminates the time-consuming and repetitive tasks better suited for machines," said Michael Sentonas, president of CrowdStrike. "We started with seven of the most common and high-impact workflows, embedding the expertise of Falcon Complete analysts into agents that reason, decide, and act with the judgment of an elite analyst at machine-speed. And with Charlotte AI AgentWorks, customers can go further, building and customizing their own agents to extend these capabilities into the unique workflows of their environment."
Mission-Ready Agents: Automating Analyst Workflows
The agentic SOC is more than tools, it's an AI-powered workforce running at machine-speed, always under defender control. CrowdStrike's first fleet of agents – powered by Charlotte AI – are designed to handle critical security workflows and automate repetitive tasks, freeing analysts to focus on higher-value work and accelerating outcomes. Available as part of Falcon modules and informed by millions of real-world decisions from Falcon® Complete Next-Gen MDR, these agents unlock even more value from the Falcon platform by scaling expertise and accelerating investigations. CrowdStrike's first wave of agents includes:
- Exposure Prioritization Agent (Falcon Exposure Management): Automates vulnerability triage, shrinking backlogs and focusing remediation on exploitable risks.
- Malware Analysis Agent (Falcon Threat Intelligence): Analyzes files, maps malware families, and generates YARA rules – enabling defense at the family level instead of file-by-file.
- Hunt Agent (Falcon Threat Intelligence): Automates proactive threat hunting, continuously scanning for emerging threats.
- Search Analysis Agent (Falcon Next-Gen SIEM): Summarizes and interprets query results in seconds, reducing hours of manual analysis.
- Correlation Rule Generation Agent (Falcon Next-Gen SIEM): Recommends and tunes detection rules for advanced threats and insider risks.
- Data Transformation Agent (Falcon Next-Gen SIEM): Normalizes and translates data across tools, removing errors that stall automation.
- Workflow Generation Agent (Falcon Next-Gen SIEM): Converts natural language into automated workflows in Falcon Fusion, no coding required.
Charlotte AI AgentWorks: Build and Customize Agents
Alongside CrowdStrike-delivered agents, customers can now build and deploy their own. With Charlotte AI AgentWorks, every security team becomes an AI builder and orchestrator – using natural language to set the mission, define the data, and control behavior. With no coding and no friction, agents are built, tested, and deployed directly in the Falcon platform with enterprise-grade security and governance.
The Agentic Workforce with the Judgment of Elite Analysts
Trained on millions of expert SOC decisions from Falcon Complete Next-Gen MDR, CrowdStrike's new security workforce operates with reasoning, oversight, and guardrails. Analysts can guide and collaborate with agents in real time, centralizing agentic defense in a single platform that scales expertise, accelerates investigations, and improves outcomes.
Agentic Response Collaboration
Charlotte AI can securely connect and collaborate with trusted third-party agents from partners including Abnormal AI, Corelight, ExtraHop, Google, GreyNoise, Proofpoint, Rubrik, Salesforce, ServiceNow, Zscaler, and others. This extends agentic defense across the broader enterprise ecosystem, with Charlotte AI as the trusted command plane for human–machine and multi-agent collaboration.
All platform customers will get access to Charlotte AI – including new mission-ready agents – with limited monthly credits. To learn more about CrowdStrike's Agentic Security Workforce and Charlotte AI AgentWorks, read our blog and visit here.
About CrowdStrike
CrowdStrike (NASDAQ:CRWD), a global cybersecurity leader, has redefined modern security with the world's most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.
Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.
Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.
CrowdStrike: We stop breaches.
Learn more: https://www.crowdstrike.com/
Follow us: Blog | X | LinkedIn | Facebook | Instagram
Start a free trial today: https://www.crowdstrike.com/free-trial-guide/
© 2025 CrowdStrike, Inc. All rights reserved. CrowdStrike and CrowdStrike Falcon are marks owned by CrowdStrike, Inc. and are registered in the United States and other countries. CrowdStrike owns other trademarks and service marks and may use the brands of third parties to identify their products and services.
Forward-Looking Statements
This press release includes descriptions of products, features, or functionality which may not currently be generally available. Any such references are provided for informational purposes only. The development, release, and timing of all features or functionality remain at our sole discretion and may change without notice. These statements are subject to risks, uncertainties, and assumptions that may cause actual results to differ materially from those expressed or implied. Customers should make purchasing decisions based only on services and features that are currently generally available. For more information on our existing offerings please talk to your CrowdStrike representative.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250916797981/en/
Media Contact
Jake Schuster
CrowdStrike Corporate Communications
[email protected]