CrowdStrike has expanded its Agentic Security Workforce, introducing new mission-ready agents that extend the Falcon platform and drive the evolution of the agentic SOC. New agents bring agentic automation to common Falcon platform tasks such as app creation and data onboarding, accelerating outcomes and liberating analysts to focus on the strategic decisions that strengthen security.
“If agents are expected to think, reason, and act like an expert analyst, they must be trained on expert experience, not legacy playbooks,” said George Kurtz, CEO and founder of CrowdStrike. “That’s the difference between static automation and true intelligence – playbooks train automation, people train intelligence. CrowdStrike’s agents learn from the world’s best SOC operators, giving them the judgment to act autonomously and the discipline to stay under defender command.”
Expanding the Agentic Security Workforce
Delivered through Falcon platform modules, the Agentic Security Workforce unites existing agents trained on millions of Falcon Complete SOC decisions across prevention, detection, investigation, and response, with new agents that streamline common tasks based on real-world platform usage and expertise. Unlike automation platforms trained on machine-generated playbook data, CrowdStrike agents inherit expert human judgment to reason over massive datasets and take autonomous action as an elite analyst would. New and updated agents include:
- Foundry App Creation Agent (Falcon Foundry): Empowers teams to build and deploy custom security applications without code. Using natural language, analysts describe what they need, and the agent plans, designs, and accelerates the path from idea to application.
- Data Onboarding Agent (Falcon Next-Gen SIEM): Accelerates data onboarding into Falcon Next-Gen SIEM by streamlining data pipeline creation – from ingestion and configuration to real-time validation and troubleshooting.
- Updated Exposure Prioritization Agent (Falcon Exposure Management): Includes newly added authenticated scanning and continuous visibility from Falcon Exposure Management. Powered by ExPRT.AI, it prioritizes action, showing teams exactly what to fix first and automatically remediate with risk-based patching through Falcon for IT.
Orchestrating the Agentic SOC
Charlotte AI AgentWorks and Charlotte Agentic SOAR extend the power of the Agentic Security Workforce into a fully connected defense system spanning the agentic ecosystem and the full security lifecycle. AgentWorks enables organizations to build no-code, custom agents. Charlotte Agentic SOAR serves as the orchestration layer that allows analysts to unify and command CrowdStrike, custom-built, and third-party agents to reason over shared context and execute coordinated workflows. Together, these innovations accelerate the agentic SOC to life, giving defenders the AI advantage to outthink and outpace AI-accelerated threats.
