AI has transformed both the way attackers operate and the way defenders respond. Today’s adversaries use AI to change tactics in real time, forcing defense tools to react at unprecedented speed. Many SOCs struggle to keep up due to the limitations of legacy automation and a lack of new adaptive capabilities. Even the most advanced attack protocols cannot anticipate scenarios and all data variations, because protocols are predictable, but adversaries are not. Essentially, SOC teams need systems that can understand context, evaluate options, and act at greater speed through enhanced analytics capabilities.

Under this scenario, the CrowdStrike company’s Agentic Security Workforce solution announces new improvements resulting from the use of agents that expand the capabilities of the Falcon platform, and that accelerate the evolution of the autonomous SOC.

Building on the first wave of agents introduced at Fal.Con 2025, these new agents incorporate autonomous automation of common tasks on the Falcon platform, such as application creation and data ingestion, so results are accelerated and analysts can focus on strategic decisions that strengthen security and bring more efficient operational capabilities to the organization.

CrowdStrike agents learn from the best SOC operators in the world, gaining the judgment to act autonomously

Included in the Falcon platform modules, the Agentic Security Workforce solution combines existing agents trained with millions of Falcon Complete SOC decisions in prevention, detection, investigation and response, with new agents that optimize common tasks based on real-world use of the platform and human experience, progressively expanding automated defense capabilities.

In the words of George Kurtz, CEO and founder of CrowdStrike, “if agents are expected to think, reason and act like an expert analyst, they must be trained with the experience of experts, not with old manuals.” These statements highlight the importance of the cognitive capabilities of intelligent systems to adapt to changing environments.

The manager has also pointed out that CrowdStrike agents learn from the best SOC operators in the world, acquiring the criteria to act autonomously and the discipline to remain under the command of the defenders. “That is the difference between static automation and true intelligence: manuals train automation, people train intelligence,” he concludes.

Greater agent-based security

Unlike automation platforms trained on machine-generated data, CrowdStrike agents rely on human judgment to reason over large volumes of data and act autonomously, just as an elite analyst would. These hybrid capabilities between human learning and AI define a new era for cybersecurity.

Among the innovations contributed by the new agents, the following stand out:

  • Foundry Application Build Agent (Falcon Foundry): Enables teams to create and deploy custom security applications without coding. Using natural language, analysts describe what they need and the agent plans, designs and accelerates the process from idea to application, demonstrating advanced interpretation and execution capabilities.
  • Data Ingestion Agent (Falcon Next-Gen SIEM): Accelerates data ingestion into the Falcon Next-Gen SIEM by simplifying the creation of data pipelines, from ingestion and configuration to real-time validation and troubleshooting.
  • Exposure Prioritization Agent (Falcon Exposure Management): now includes authenticated analytics and continuous visibility from Falcon Exposure Management. Powered by ExPRT.AI, it prioritizes actions by showing exactly what needs to be fixed first and applies automatic risk-based patches using Falcon for IT.

Orchestrating the autonomous SOC

Charlotte AI AgentWorks and Charlotte Agentic SOAR extend the power of the Agentic Security Workforce into a fully connected defense system that spans the entire autonomous ecosystem and entire security lifecycle. These tools provide centralized orchestration capabilities and optimize collaboration between different agents.

Moving forward, AgentWorks will allow organizations to create custom agents without code. Charlotte Agentic SOAR acts as the orchestration layer that allows analysts to unify and control custom and third-party CrowdStrike agents to reason about a shared context and execute coordinated workflows.

Together, these innovations bring the autonomous SOC to life, giving security managers an artificial intelligence advantage to anticipate and overcome AI-powered threats.

Powered by CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon platform leverages real-time attack indicators, threat intelligence, evolving attack techniques, and rich enterprise-wide telemetry to deliver hyper-accurate detections, automated protection, and remediation backed by advanced decision-making and adaptation capabilities.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.