CrowdStrike Launches Agentic Security Workforce to Transform the SOC

AI has redrawn the cyber battlefield. Adversaries are already automating every phase of the kill chain to strike faster, scale wider, and overwhelm defenders. Manual workflows and conversational assistants help teams move faster, but still bind them to human speed.

Agentic AI changes the equation. It enables security teams to deputize trusted, mission-ready agents that reason, decide, and act on their behalf - at the speed of AI. The promise of agentic AI is clear: By deploying specialized agents to tackle time-intensive tasks, security teams can reclaim a speed advantage, close persistent labor and response gaps, and shift from reactive to proactive defense.

The modern threat landscape demands more than AI promise or "agent theater." It requires trustworthy, integrated agentic AI. Today, CrowdStrike is unveiling industry-first enhancements to CrowdStrike® Charlotte AI™ that unlock human-to-agent and agent-to-agent collaboration, and seven agents delivered across the CrowdStrike Falcon® platform that transform how work gets done - always under human control. Forged from our category-leading threat hunting, exposure management, and next-gen SIEM technologies, and orchestrated by Charlotte AI, these agents help teams automate repetitive tasks and accelerate outcomes, helping security teams reclaim time and redirect focus toward strategic security initiatives.

The future of defense isn't assistive. It's agentic. That's why, alongside these innovations, we're making Charlotte AI available to CrowdStrike customers with qualifying modules as a platform entitlement with monthly credits to help teams get started.

Meet the New Agents

Today we're introducing seven new agents built to eliminate some of the biggest bottlenecks in the SOC. These aren't generic tools; they're mission-ready operators that scale expertise, drive consistent outcomes, and act at machine speed.

What makes them different? They're forged on the Falcon platform; purpose-built for agentic defense and the industry's richest AI data layer. That means every agent is context-aware, deeply integrated, and always under human command - bridging the gap between AI hype and real-world impact, and giving teams the confidence to scale their agentic SOC without sacrificing trust or control.

These agents soon will be available to customers of supported Falcon platform modules and through Charlotte AI AgentWorks.

Exposure Prioritization Agent: Know What to Fix First

Triaging vulnerabilities is overwhelming. Security teams often waste hours deciphering CVEs and chasing vulnerability context across tools. Analysts need clear, organized insight to know their most critical risks. The Exposure Prioritization Agent summarizes vulnerabilities in plain language, validates exploitability with Falcon platform telemetry, and maps their impact to business-critical assets. It then delivers a prioritized, high-confidence list of what to fix first so teams can cut through the noise and quickly eliminate real risk. Available to customers of CrowdStrike Falcon® Exposure Management.

Figure 1. The Exposure Prioritization Agent is shown analyzing the combined exploitability, business impact, and risk of CVE-2023-38408

Malware Analysis Agent: Defend Against Evolving Malware at Scale

Malware analysis, among the most time-consuming and complex workflows, forces analysts to manually reverse, classify, and compare files. This slows response and makes it harder to keep pace with AI-enabled adversaries. Analysts need a faster way to analyze malware samples, connect observables, and recommend defenses at scale.

The Malware Analysis Agent delivers that speed and intelligence. It researches hashes, extracts configuration files, compares code similarities, and recommends responses in seconds. By coordinating sandboxes, YARA engines, and malware search, it delivers instant attribution, generates YARA detection rules automatically, and enables analysts to defend against entire malware families, not just single samples.

The result is AI-powered threat intelligence that transforms fragmented observables into actionable insight and operationalizes them across detection, hunting, and response. Available to customers of CrowdStrike Falcon® Adversary Intelligence Premium.

Figure 2. The Malware Analysis Agent harnesses agentic AI to dynamically select and run critical investigative processes, quickly providing analysts with clear summaries and actionable next steps to identify and stop the threat.

Hunt Agent: Bring Advanced Threat Identification to Every Security Team

Many security teams struggle with threat hunting because they don't know where to start or what to look for, or lack the time or expertise to craft effective queries. Some attempt to bridge the gap with manual research or applying "what-if" scenarios, but these approaches are time-consuming, inconsistent, and often miss emerging threats.

CrowdStrike's Hunt Agent is the industry's first and only AI agent that brings expert-level threat hunting to every SOC. It delivers threat hunting capabilities that constantly scan your environment for emerging threats, focusing the hunt on the most important assets and highest risks. Built on CrowdStrike intelligence and updated with the latest adversary tradecraft, it turns complex hunting results into clear guidance, enabling analysts to quickly interpret findings and take action. Available to customers of Falcon Adversary Intelligence Premium.

Figure 3. The Hunt Agent continuously scans for threats and delivers clear, actionable results, enabling analysts to interpret findings and respond immediately.

Data Transformation Agent: Streamline Investigations by Transforming Security Data

Transforming security data across systems is tedious and syntax-heavy, and often bottlenecks investigations and response workflows. Analysts need a way to normalize and reshape data without coding expertise. The Data Transformation Agent lets analysts describe transformations in plain language and automatically converts them into executable queries, streamlining SOAR workflows and enabling interoperability across the SOC. Available to customers of CrowdStrike Falcon® Next-Gen SIEM via CrowdStrike Falcon® Fusion SOAR.

Figure 4. The Data Transformation Agent accelerates data transformation use cases, such as building advanced conditions, without the need to learn another expression language.

Search Analysis Agent: Unlock Actionable Insights from Security Event Data

Threat hunting and advanced queries often require specialized expertise that many analysts lack, leaving powerful data underutilized. Teams need a way to interact with complex event data in plain language. The Search Analysis Agent interprets natural-language questions, explores relationships, and delivers results in clear, actionable insights - making advanced event analysis accessible to analysts of any skill level. Available to customers of Falcon Next-Gen SIEM.

Figure 5. The Search Analysis Agent enables you to ask questions about your security event data in natural language to receive instant insights and analysis.

Correlation Rule Generation Agent: Accelerate Rule Creation and Tuning

Writing and tuning detection rules is time-consuming and requires deep query knowledge, limiting SOC agility. What teams need is a way to create high-quality rules quickly without relying on scarce expertise. The Correlation Rule Generation Agent dynamically generates, validates, and optimizes rules - accelerating authoring while ensuring accuracy and consistency across detections. Available to customers of Falcon Next-Gen SIEM.

Figure 6. The Correlation Rule Generation Agent dynamically generates, validates, and optimizes detection rules without being a query language expert.

Workflow Generation Agent: Fast-track Workflow Creation with Charlotte AI

Building SOAR workflows from scratch is complex and time-intensive, especially for less experienced users. Analysts need a faster, simpler way to automate investigations and response. The Workflow Generation Agent allows teams to describe workflows in natural language and instantly converts them into executable Falcon Fusion SOAR workflows, reducing learning curves and enabling consistent automation at scale. This capability, powered by Charlotte AI, will initially be available through the Charlotte AI conversational interface and available in Falcon Fusion SOAR later this year.

Figure 7. The Workflow Generation Agent helps analysts streamline their workflow creation with natural language, while reducing the learning curve for new team members learning the ropes.

These agents will be available across their supporting modules and through Charlotte AI AgentWorks, scaling analyst expertise and automating routine tasks with the same rigor and precision as CrowdStrike's elite SOC experts.

Reimagine Human-Agent Collaboration with Charlotte AI

Charlotte AI is evolving with groundbreaking enhancements that lay the foundation for the agentic SOC, where humans and agents (including third-party agents) collaborate to drive faster, more efficient response.

At RSA 2025, we announced Charlotte AI Agentic Response, a new capability whereby Charlotte AI drives investigations, asking and answering questions a seasoned analyst would, trained on the battleground insights of the CrowdStrike Falcon® Complete Next-Gen MDR team. Today, we're taking it further by making Charlotte AI Agentic Response a dynamic workspace for human-to-agent and agent-to-agent collaboration during investigations.

Rather than waiting for Charlotte AI to complete its analysis, analysts will be able to guide Charlotte AI in real time, prioritizing questions, injecting knowledge, and augmenting investigations with organizational context - grounding Charlotte AI in the unique reality of every team. At launch, Charlotte AI will also connect to trusted ecosystem partners (with integrations from Corelight, ExtraHop, GreyNoise, Proofpoint, Salesforce, ServiceNow, Rubrik, Google, Abnormal AI, and Zscaler), enriching investigations with deep cross-domain context to drive faster, more accurate analysis.

Figure 8. Charlotte AI Agentic Response collaboration unites analysts, Charlotte AI, and third-party agents in a real-time canvas to collaborate as investigations unfold.

Democratizing Charlotte AI for All

Charlotte AI is the AI-powered interface and agentic orchestration engine of the Falcon platform, powering chat, embedded insights, and agentic operations across detections, investigations, and response. Starting today, every eligible CrowdStrike customer¹ will have access to Charlotte AI, supported by a monthly allocation of credits to experience its capabilities.

This marks a fundamental shift: AI is no longer a luxury- it's the new standard for every security team. By extending Charlotte AI to all customers, we're ensuring every defender, regardless of size or maturity, can immediately put AI to work: scaling work, accelerating investigations, and reclaiming the advantage over AI-powered adversaries.

While advanced capabilities like Agentic Detection Triage and Agentic Response remain exclusive to the Charlotte AI module, we're putting the power of mission-ready AI in the hands of every security team, including our newly announced agents, conversational AI, embedded capabilities across the Falcon UI (like command-line explanations), Agentic Workflows through Falcon Fusion SOAR, and Charlotte AI AgentWorks.

The Next Era of Defense Is Here, and It's Agentic.

Together with Charlotte AI AgentWorks, the industry's first dedicated workspace for building custom security agents, CrowdStrike is unveiling the new agentic security workforce, with Charlotte AI at the helm. In the era of AI-powered adversaries, operationalizing an agentic defense will be the dividing line between resilience and risk. CrowdStrike is the only platform making it real, and delivering it at scale.

1. Applies to customers who have licensed Falcon Insight XDR, Falcon Exposure Management, Falcon Cloud Security, Falcon Adversary Intelligence, Falcon for IT and Falcon Next-Gen SIEM. AI credit amounts do not increase with the number of qualifying modules. Additional credits are available for purchase.