CrowdStrike bets on AI agents to unlock explosive partner growth with AgentWorks platform

CrowdStrike CEO George Kurtz On Explosive AI Growth Potential For Partners

'The [partner] organizations who figure out how to harness agentic AI to provide a solution are going to do really, really well,' Kurtz tells CRN. CrowdStrike is investing to provide "foundational" platforms for solution and service provider partners to fully capitalize on the massive cybersecurity growth opportunities ahead related to AI and agents, according to CrowdStrike co-founder and CEO George Kurtz. With the new Charlotte AI AgentWorks Ecosystem collaboration, partners such as Accenture, No. 1 on CRN's 2025 Solution Provider 500, are enabled to create AI agents that are finely tuned to provide specific security outcomes for customers, he said. It's just one example of how the cybersecurity giant is doubling down on providing the AI and security capabilities needed to drive partner growth during the next technology wave focused around agentic, Kurtz said. All in all, "when we think about the ability for AI to help partners, I think their business is going to explode," he said. "The [partner] organizations who figure out how to harness agentic AI to provide a solution are going to do really, really well." During the interview with CRN, Kurtz also spoke about key areas of cyber risk that are increasingly fueled by AI as well as the reacceleration of endpoint security as a category amid the agentic boom. Meanwhile, the CrowdStrike CEO addressed the debate on Wall Street over whether LLM-powered tools such as Claude Code Security could displace existing cybersecurity platforms -- noting that the recently announced tool from Anthropic is focused on vulnerability scanning rather than preventing breaches. There's no question that CrowdStrike ultimately remains "in a great position for customers and to be part of the [security] solution going forward," he said. In addition, Kurtz discussed the expansion of CrowdStrike's partnership with Microsoft, most recently involving the addition of Microsoft Defender for Endpoint support in CrowdStrike's Falcon Next-Gen SIEM offering. What follows is more of CRN's interview with Kurtz. When it comes to AI being used by threat actors, what advancement is CrowdStrike seeing there? How much is it accelerating attacks? If you look at the breakout times that you've seen with our threat reports, it was 48 minutes down to 29 minutes, from getting on a system to pivoting and lateral movement. The fastest time was 27 seconds. What we're seeing is AI is being used in all these attacks, in some to automate the entire tool chain. In others [AI can] help an attacker who is on a system and maybe is not as familiar with it. So you'll see a PowerShell script be created, and you'll see other automation that we know is generated from an AI tool. So it's helped them, even if they don't have specific expertise in every platform that they might land on. We've dramatically seen the window that a defender had being compressed from a vulnerability or a zero-day becoming public to when it's being exploited. A lot of companies have a three-day patch window. Well, if the breakout time is 29 minutes, then your patch window is way different than your breakout time. We're also seeing more adversaries being created because [AI is] minting new adversaries with less skill. But when you combine that with an agentic tool, they have a lot of skill. So you're creating more adversaries with a higher level of sophistication just because they're leveraging AI. In terms of AI agents, what are the biggest security risks that you see? I think [the risk] is really around the OpenClaw model where you've got agents that are running in the context of the user on your desktop, with access to all your data files, with everyone plugging in their credentials to plug into Box and Dropbox and Google Drive and their email and every other thing that's out there. [If agents are] having access to shells, having access to data and workflows -- how do you even know what's going on? In February there were a whole bunch of malicious skills that got introduced into OpenClaw. [Then there are] latent attacks -- if you're poisoning memory, that's not going to show up for a while. [Attackers] have the ability to get a supply chain attack in and just wait. So this is really scary stuff. When it comes to endpoint security, what are you seeing there in terms of reacceleration of demand because of AI? The endpoint is really the manifestation of where AI takes place. And a lot of people for years have said, 'Is the endpoint [growth] slowing down?' There's all kinds of other technology. Well, it's not. And in fact, even with our latest two quarters of results, you can see core endpoint protection accelerating because people need to observe what's happening on the endpoint, they need to put governance around it and they need to protect it. And that's what we're delivering. We're in the best position to be able to do that because we're already doing that for humans. And now we're doing that for agents. We've enhanced and adapted the technology that people depend on. We call it AIDR, which includes our core technology as well as some of the things we've gotten from Pangea as well as Seraphic. But the tip of the spear now, where AI happens, is on your desktop. You have put out some strong statements that tools such as Claude Code Security will not be able to replace what vendors like CrowdStrike are offering. Since then, have you seen more proof that the position you spelled out is the right one? In talking to customers that have seen it -- and lots of folks have seen it -- they wholeheartedly agree. I keep asking, 'Has there been any [instance where] Claude Code actually prevented a breach?' I haven't seen it yet because No. 1, it's not in-line, and No. 2, it's not deterministic. And I think, from the standpoint that I outlined, if you're a net data creator and you're a platform of record, that puts you in a great position for customers and to be part of the solution going forward. There's a lot of great things that are happening with Claude and Claude Code. We're huge fans. But it's just way different. You can't look at scanning code and say that it's going to solve every security issue. Because I can tell you, even if there were zero vulnerabilities in every piece of code that's ever been written, that's not going to stop the breaches. It'd be a great thing for the world, but it's not going to stop the breaches. What would you say are the biggest ways CrowdStrike is working to ensure that AI is used securely? A big part of it is really trying to help, in security, come up with something that is realistic. On the one hand, you see companies that are like, 'Hey, we're going to throw AI at everything -- and if stuff breaks, we'll deal with it." And other companies are like, 'Hey, this stuff is dangerous, and we don't know what to do with it.' You've got to come in somewhere in the middle. I think what security companies like CrowdStrike can do is [we can] help enable AI. Because foundationally, it's going to change the world and has changed the world. You just need to be able to provide governance and protection around the use of it in a way that can help facilitate all the benefits to customers. You need security, and you need governance and compliance -- and you're not going to just get that from an LLM. In terms of announcements [at RSAC], you added Microsoft Defender for Endpoint support in your Next-Gen SIEM offering. How does that advance the offering? When you can get telemetry from almost any source into Next-Gen SIEM, I think it's a good thing. And obviously, there's a lot of Microsoft customers out there running Defender. And having the ability to ingest that and leverage that is good for customers and good for us. It further expands the data that we can take in and how we leverage Charlotte [AI] and her friends. What are the major updates when it comes to Charlotte? I think when you look at AgentWorks, that's part of the Charlotte family. And that's one of the things that we're really excited about -- the ability for our customers and partners to actually create their own security agents. Obviously, they're going to be using the data that's in Next-Gen SIEM and the platform itself. And if you have Defender data in there, then you have more opportunity to create broader workflows around that. We've listened to our customers, and while we have our own agents, they want the ability to rapidly create their own security agents for a specific task. And at this point, things are evolving very quickly. But it's creating these sort of swarms of agents that are specific in their area of focus -- and then it's combining those together and having Charlotte orchestrate all that for our customers. That's one piece specific to Defender. And then when we think about our partners, Accenture is one of the big ones -- where partners like Accenture will be able to create their own agents for their customers. At the end of the day, I think the big thing from a security perspective is getting the right outcome. So if you look at an Accenture or other partners like that, they're going to figure out what their customers want -- what outcome they want -- and then use technologies like Falcon and AgentWorks to be able to get that outcome for them. What is your message for channel partners about the opportunities related to AI? One of the things that I will talk about [in my RSAC keynote] is that autopilot in a plane has actually produced more pilots, not less pilots. So when we think about the ability for AI to help partners, I think their business is going to explode. Just asking a question and getting an answer [from AI] -- that's 2022. But you have so many customers who have a specific use case for how to implement agentic AI. Do we use NemoClaw? Do we use OpenClaw? Do we use something else? Do we use Claude Code? And you're going to need to build solutions that actually create an outcome. So I actually think there are going to be different skill sets. But the [partner] organizations who figure out how to harness agentic AI to provide a solution are going to do really, really well. And that's why we're excited about AgentWorks because we see that as being a foundational platform for security. Going back to Next-Gen SIEM, you just disclosed that your ARR in the category is up 75 percent year over year. What does the expansion of the Microsoft partnership do for that business? I think if you just zoom out a little bit, what we announced [previously is] being on the Microsoft marketplace. And then we announced the fact that customers could [utilize] Microsoft Azure credits. So now in the marketplace, customers can essentially use their Azure spend to procure CrowdStrike. And then the follow-up to that is, how do we take in Microsoft telemetry to expand the ecosystem and Next-Gen SIEM? What we've seen typically is that people who are using Next-Gen SIEM tend to use more of it because when they get it, they [see] it's much more performant than the legacy technology that it was replacing and it's much more cost-effective. So they're looking to put more and more into it, which ultimately means they're spending more with us. But they're getting more value out of what we're providing versus what they had. I think if you look at our partners and the hyperscaler marketplaces, we've done extremely well. So as an example, we did $1.5 billion with AWS. And prior to this relationship, we had zero with Microsoft. So I think you just have to look at the opportunity in front of us. Obviously, they're a big player. It's great for both joint customers to be part of the marketplace, and we look to expand that relationship and grow it over time. As far as the Microsoft partnership goes, it seems evident that these are much bigger business collaborations compared to what you were doing initially following the 2024 incident. Would you say the partnership has become a lot more strategic recently? I think you have to look at [the fact that] 10 years ago, the ecosystem was very different -- probably for both companies and [industrywide] for many companies. And today, there is just a recognition that there's this level of co-opetition. If you look at Microsoft, one of their big partners is OpenAI and one of their big competitors is OpenAI. So in 2026, it's just a different ecosystem. And I think there's a recognition by both companies that we're going to compete in areas, but we also are going to partner. And if we can get great outcomes for the customers that benefit both companies, that's a good thing.

CrowdStrike AgentWorks Expansion Gives 'Big' Boost To Security For Partners: CEO George Kurtz

The launch of the Charlotte AI AgentWorks Ecosystem collaboration enables partners such as Accenture to create AI agents that are finely tuned to provide specific security outcomes for customers, Kurtz tells CRN. CrowdStrike is aiming to enable partners to accelerate their strategies around building security agents with a major new expansion to the Charlotte AI AgentWorks platform, CrowdStrike Co-Founder and CEO George Kurtz told CRN. The announcement this week at RSAC 2026 includes a new collaboration around Charlotte AI AgentWorks, which is the company's no-code platform for building, testing, deploying and orchestrating security agents that debuted in September. [Related: 10 Cool AI And Agentic Tools Unveiled At RSAC 2026] Now, with the new Charlotte AI AgentWorks Ecosystem collaboration announced this week, partners such as Accenture will be enabled to create AI agents that are finely tuned to provide specific security outcomes for customers, Kurtz said during an interview with CRN at RSAC. Looking ahead, "one of the things that we're really excited about [is] the ability for our customers and partners to actually create their own security agents," he said. Based on feedback from partners and customers, it's clear that "they want the ability to rapidly create their own security agents for a specific task," Kurtz said. At RSAC 2026 on Wednesday, CrowdStrike unveiled the Charlotte AI AgentWorks Ecosystem, featuring a number of major launch partners. In addition to Accenture, No. 1 on CRN's Solution Provider 500, other major collaborators around the launch include Anthropic, OpenAI, AWS, Nvidia, Salesforce, Deloitte and Kroll. While the collaboration is aimed at boosting the generation of secure agents using Charlotte AI AgentWorks, it's also ultimately focused on enabling the creation of agentic security businesses around CrowdStrike's Falcon platform, according to the company. With Charlotte AI AgentWorks, "partners like Accenture will be able to create their own agents for their customers," Kurtz said. "At the end of the day, I think the big thing from a security perspective is getting the right outcome." For Accenture and other partners, "they're going to figure out what their customers want -- what outcome they want -- and then use technologies like Falcon and AgentWorks to be able to get that outcome for them," he said. Without a doubt, the Charlotte AI AgentWorks expansion announced by CrowdStrike this week is poised to help deliver "greater customization to the agentic SOC, helping clients build tailored agents they can trust," said Rex Thexton, CTO at Accenture Cybersecurity, in a quote included in a news release from CrowdStrike. The launch was among the numerous AI- and agentic-focused announcements from CrowdStrike this week at RSAC 2026 in San Francisco. CrowdStrike's announcements included general availability for its Falcon AI Detection and Response (AIDR) offering, AI agent discovery and shadow AI governance. The cybersecurity giant also launched its new Falcon Data Security offering, featuring AI-driven classification for sensitive data and protection of sensitive GenAI data, and updated Falcon Cloud Security to help with countering AI-driven cloud attacks. CrowdStrike also debuted the next AI-enhanced generation of its MDR (managed detection and response) offering with the launch of Agentic MDR, as well as unveiling Flex for Services, which brings the vendor's Falcon Flex subscription model to services from CrowdStrike and partners. Additionally, the company announced that it will now support Microsoft Defender for Endpoint within Falcon Next-Gen SIEM, the vendor's AI-powered SIEM (security information and event management) platform.

CrowdStrike Unveils AgentWorks: The New Standard for Secure AI Ecosystems

Collaboration partners including Accenture, AWS, Anthropic, Deloitte, Kroll, NVIDIA, OpenAI, Salesforce, and Telefónica Tech accelerate agentic SOC transformation for customers with CrowdStrike's no-code security agent development platform CrowdStrike introduced the Charlotte AI AgentWorks Ecosystem in collaboration with launch partners including Accenture, Amazon Web Services (AWS), Anthropic, Deloitte, Kroll, NVIDIA, OpenAI, Salesforce, and Telefónica Tech. The ecosystem enables customers to leverage CrowdStrike's no-code development platform and frontier AI models to securely build, orchestrate, and scale custom security agents, while opening new opportunities for partners to create agentic security businesses on the Falcon® platform. "AgentWorks enables every Falcon user to build their own agentic security workforce," said Daniel Bernard, chief business officer at CrowdStrike. "The future of security operations isn't humans replaced by agents. It's humans amplified by them. Our ecosystem makes the next-generation of security's workforce available for organizations of all sizes today." Technology Underpinning Cybersecurity's Agentic Ecosystem Without writing a single line of code, Charlotte AI AgentWorks enables every security team to build, test, and deploy custom agents directly in the Falcon platform with enterprise-grade security and governance. Through integrations with leading AI models such as Anthropic Claude, NVIDIA Nemotron, and OpenAI GPT, and AI infrastructure services like Amazon Bedrock and Amazon SageMaker, the AgentWorks ecosystem provides optionality across leading frontier models to accelerate workflows across the security lifecycle. A Platform for Partners to Build Technology providers and global system integrators including Accenture, Deloitte, Kroll, Salesforce, and Telefónica Tech are leveraging AgentWorks to open new business opportunities by designing and deploying security agents that meet unique customer needs. According to Rex Thexton, CTO at Accenture Cybersecurity, modern organizations are struggling to scale trusted, specialized AI despite a desperate need for machine-speed defense against evolving threats. To bridge this gap, Accenture is collaborating with CrowdStrike as a launch partner for the AgentWorks ecosystem, focusing on delivering a highly customizable "agentic SOC." By enabling clients to build tailored, reliable AI agents, the partnership aims to move beyond generic automation and define the next generation of secure, agent-driven cybersecurity operations. David Burg, Global Head of Cyber Risk at Kroll, emphasizes that as cyber threats intensify, security teams must prioritize both speed and precision to prevent breaches. By leveraging Charlotte AI AgentWorks, Kroll is effectively operationalizing AI within its managed detection and response (MDR) services. This allows for the creation of specialized agents that drastically accelerate the investigation process, giving organizations the agility needed to stop sophisticated attacks in their tracks. Building on this vision of high-speed defense, Telefónica Tech's Global Cybersecurity Director, Alejandro Ramos Fraile, argues that the future of the industry is "agentic by design." Through the AgentWorks ecosystem, Telefónica Tech is transitioning to an AI-Native SOC where human expertise and AI agents function as a unified, scalable system. This collaboration with CrowdStrike not only industrializes security knowledge into automated agents but also strengthens overall cyber resilience by making detection and response more industrial and proactive. Charlotte Agentic SOAR Securely Orchestrates the AgentWorks Ecosystem Charlotte Agentic SOAR enables orchestration and trust across the entire agentic SOC value chain, uniting the CrowdStrike Agentic Security Workforce, AgentWorks-built, and trusted third-party agents in a single coordinated system. CrowdStrike's native AI Detection and Response (AIDR), Agentic SOAR workflow level controls, and AgentWorks guardrails secure agent-to-agent and analyst-to-agent collaboration. CrowdStrike is opening Charlotte AI AgentWorks to its broader ecosystem, enabling partners to innovate, customers to deploy secure agents to stop breaches, and the entire ecosystem to benefit from Falcon.