CrowdStrike has announced the expansion of its Agentic Security Workforce, introducing a new generation of intelligent agents designed to enhance the Falcon platform and propel the evolution of the agentic Security Operations Center (SOC). Building upon the first series of agents unveiled at Fal.Con 2025, these latest additions bring AI-powered automation to critical Falcon platform functions such as application development and data onboarding — empowering security teams to achieve faster results while focusing on high-impact strategic defense decisions.
“For agents to truly think, reason, and act like expert analysts, they must be trained with real-world expertise, not outdated playbooks,” said George Kurtz, CEO and Founder of CrowdStrike. “That’s the key difference between traditional automation and genuine intelligence. Playbooks train automation — people train intelligence. Our agents learn directly from the world’s top SOC professionals, giving them the insight to act independently while remaining under defender control.”
Cyber Technology Insights : Hack The Box Powers First Cybersecurity Training Labs in LinkedIn Learning
Expanding the AI-Driven Security Workforce
Integrated within the Falcon platform, the Agentic Security Workforce combines existing agents — trained on millions of Falcon® Complete SOC decisions across prevention, detection, investigation, and response — with new agents that simplify frequent operational tasks. Unlike conventional automation systems that rely on machine-generated workflows, CrowdStrike’s agents are modeled on human analytical expertise, enabling them to interpret large-scale datasets and make autonomous, informed decisions.
The newly introduced and enhanced agents include:
Foundry App Creation Agent (Falcon Foundry): Allows security teams to design and deploy custom security applications without any coding. Using natural language, analysts can describe requirements, and the agent automatically plans, designs, and expedites the creation process from concept to deployment.
Data Onboarding Agent (Falcon Next-Gen SIEM): Simplifies and speeds up data onboarding for Falcon® Next-Gen SIEM. It automates the entire data pipeline — from ingestion and configuration to real-time validation and troubleshooting — ensuring seamless integration and faster time-to-value.
Enhanced Exposure Prioritization Agent (Falcon Exposure Management): Now features authenticated scanning and continuous visibility powered by ExPRT.AI. It prioritizes remediation actions based on risk, showing teams which vulnerabilities to address first and automating patching through Falcon® for IT.
Cyber Technology Insights : Cybersecurity Leader Armis Closes $435 Million Round at $6.1 Billion Valuation
Building the Agentic SOC of the Future
The expansion also introduces Charlotte AI AgentWorks and Charlotte Agentic SOAR, two innovations designed to connect and orchestrate the entire agentic ecosystem.
Charlotte AI AgentWorks enables organizations to develop their own no-code custom agents, extending the flexibility and adaptability of the Falcon platform.
Charlotte Agentic SOAR acts as the orchestration layer that integrates CrowdStrike, custom-built, and third-party agents into a unified defense framework. It allows analysts to coordinate autonomous reasoning and synchronized workflows across multiple environments.
Together, these capabilities deliver the foundation for a fully connected, AI-driven SOC, enabling security teams to outthink, outpace, and outmaneuver threats enhanced by artificial intelligence. CrowdStrike’s expansion of the Agentic Security Workforce underscores its mission to redefine cybersecurity operations — blending human expertise with autonomous intelligence to create the next frontier in digital defense.
Cyber Technology Insights : CrowdStrike and CoreWeave Partner to Power the Secure AI Cloud for the Agentic Era
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
