CrowdStrike Unveils 'Agentic SOC' Vision, Betting on AI to Revolutionize Cybersecurity

At CrowdStrike Fal.con, CEO George Kurtz says AI can help it become the top cybersecurity platform - SiliconANGLE

At CrowdStrike Fal.con, CEO George Kurtz says AI can help it become the top cybersecurity platform Cybersecurity is already the No. 1 challenge facing most enterprises, and now artificial intelligence is providing both potent new tools to battle attackers and making it easier for those attackers as well. CrowdStrike Holdings Inc. is aiming to leverage AI to give enterprises and their security operations centers more and better services so they can stay ahead of those increasingly capable attackers. "When we think about how AI is transforming the world, it's also transforming what the adversaries are doing, and the speed at which they're moving has changed dramatically," CrowdStrike Chief Executive Officer George Kurtz (pictured) told theCUBE, SiliconANGLE Media's livestreaming studio, in an interview at CrowdStrike Fal.con, the company's annual conference in Las Vegas. "It used to be weeks, then days, then hours and minutes. Now it's seconds. The traditional SOC can't keep up." Not surprisingly, Kurtz views AI -- in particular agents, the autonomous systems seen as the next frontier of AI -- as the answer. CrowdStrike introduced two new agentic systems aimed at bolstering cybersecurity, which itself is threatened by generative AI making attackers more capable than ever. They're the Agentic Security Platform, an AI-ready data layer powering what Kurtz calls the "agentic SOC," and the Agentic Security Workforce, a series of ready-made agents for cybersecurity tasks along with a platform for customers to create their own custom agents. "One day we're going to have an autonomous SOC analyst that is literally going to do the work of the analyst and then be controlled by the human," Kurtz said. "It's going to allow people to do more and faster." Kurtz spoke with theCUBE's Dave Vellante and Rebecca Knight today in an interview at CrowdStrike Fal.con, where theCUBE is onsite for two days of interviews and analysis. They discussed CrowdStrike's new products, its essential advantage as the Reddit of data security, and the thinking behind today's $260 million acquisition of Pangea Cyber Corp. (* Disclosure below.) Kurtz noted that data is the overriding key to making AI large language models work, and nowhere more than in cybersecurity. Over its 14-year history, CrowdStrike has collected huge amounts of data and, even more important, annotated that data from telemetry on trillions of security events per day in a way that happens to make it useful to train LLMs. "CrowdStrike really has the Reddit of data security," he said in a reference to the social network known as the "front page of the internet." "We've got a treasure trove of security data that goes into our AI agents." More than that, he added, that enables customers to build more capable agents of their own with CrowdStrike's Charlotte AI AgentWorks. That's a no-code platform for building, testing, deploying and orchestrating security agents at large scale. Kurtz said CrowdStrike's ultimate goal is to build "Security AGI," a reference to the goal of some AI companies such as OpenAI to create "artificial general intelligence" as capable in many tasks as humans. He says that's a ways off, but he cited self-driving cars such as Waymo's that are climbing the levels of autonomy. "We get to something that's beyond what a human can do and is self-operating, continuously learns and is fully autonomous," he said. "We're going to do it first." But Kurtz acknowledged that AI agents will require people and new tools to manage them, especially as they proliferate potentially into the millions. That's one reason CrowdStrike today acquired Pangea for a reported $260 million. It provides protections against so-called prompt injection attacks, in which hackers aim to trick LLMs into skirting safety rules and exposing data. "There's so many different attacks at the prompt layer," Kurtz said. "The cool thing about Pangea is they actually built technology for the developers, as well as for the people who are consuming the AI technology. That's going to be a a big part of our strategy when you put it on the Falcon platform." A few cybersecurity companies such as CrowdStrike, Palo Alto Networks Inc. and Check Point Software Inc. are aiming to become the one platform their customers need -- despite the reality that customers still seem to want best-of-breed new tools. Kurtz said his mergers-and-acquisitions strategy differs from some others that have made huge acquisitions of established companies in that he wants to avoid the difficulty of incorporating old technologies. "What's best for our customers is a single platform," he said, and they're not served by being provided with older services that aren't integrated with that platform. He called that "digital taxidermy," explaining that "it looks alive, but its Frankenstein underneath. Our brand promise is that ... when we buy something ... we're going to integrate it all. We've been a platform for a long time." Stay tuned for the video of the interview to be posted here soon.

CrowdStrike bets on agentic AI with new Falcon data layer, automated security automation center agents - SiliconANGLE

CrowdStrike bets on agentic AI with new Falcon data layer, automated security automation center agents CrowdStrike Holdings Inc. today used the opening of its annual Fal.Con 2025 conference in Las Vegas to roll out innovations that address the growing need for enhanced security in the age of artificial intelligence: the Agentic Security Platform and the Agentic Security Workforce. Both new products are part of the company's blueprint for securing enterprises and their security operations centers in what it calls the "agentic era" of artificial intelligence. "The old model can't keep up," CrowdStrike Chief Executive George Kurtz (pictured) told 8,000 attendees of the conference this morning during his keynote. "The legacy SOC can't compete." Instead, he said, what's needed is an "agentic SOC." The Agentic Security Platform is designed to solve a fundamental problem: legacy enterprise architectures that were never built for the realities of AI-driven operations. According to CrowdStrike, the answer is a new AI-ready data layer, built natively for the agentic era and tightly integrated into the Falcon platform. The new offering is powered by what CrowdStrike calls the Agentic SOC, a security operations center where data, intelligence, agents and governance are unified into one environment. The new platform is centered around an "Enterprise Graph," which unifies telemetry from across the enterprise into a living, connected model with one query language built for AI. The graph employs a single, AI-optimized query language that makes every signal instantly actionable, whether by a human analyst or an autonomous agent. Complementing the graph is Charlotte AI AgentWorks, which CrowdStrike calls the industry's first no-code platform for building, testing, deploying and orchestrating trusted security agents at scale. The system is intended to let security teams set the mission, define the data and control agent behavior without writing code, opening up agent-building to a far broader range of users. The Agentic Security Platform includes an operating center that connects all agents through the Model Context Protocol and applies Falcon-grade governance for safe, large-scale collaboration. The center also features a dynamic, persona-aware design that uses natural language queries and role-specific workspaces to simplify analyst experience. The second release today, the Agentic Security Workforce, takes these ideas further by putting AI-powered agents directly into the hands of customers. Agentic Security Workforce seeks to address the issue whereby security analysts are drowning in repetitive, time-consuming tasks, while traditional defense cannot stop AI-speed threats. The company's answer is a fleet of security agents, trained on millions of expert SOC decisions with reasoning and guardrails. The new offering goes beyond co-pilots by introducing what CrowdStrike calls Agentic Response Collaboration. The feature allows Charlotte AI agents to securely connect and interoperate with trusted third-party agents and automates critical Falcon-native workflows. The company describes the customer benefits as both practical and strategic: eliminating repetitive tasks, enabling customized workflows, centralizing agentic defense under Falcon's governance framework and pointing toward a future in which analysts and agents operate side by side.

Why CrowdStrike Doesn't See AI Replacing Security Analysts: President Mike Sentonas

Instead, the role for SOC (Security Operations Center) analysts going forward will increasingly be focused around orchestrating a 'team of intelligent agents' to boost cyber defense, Sentonas says. For Security Operations Center (SOC) analysts on the front lines of cyber defense, the availability of powerful AI agents for automating routine security tasks means their roles are now becoming more essential, not less, CrowdStrike President Mike Sentonas said Wednesday. Sentonas made the comments during a week that saw CrowdStrike unveil a major expansion to its portfolio of AI-related capabilities, while laying out its "agentic SOC" vision in front of 8,000 attendees at its Fal.Con 2025 conference in Las Vegas. [Related: George Kurtz's 5 Boldest AI Statements At CrowdStrike Fal.Con 2025] On the whole, agentic is "the foundation of the modern SOC," Sentonas said during his keynote at Fal.Con Wednesday. "It's elevating the role of the analyst. It's not eliminating the analyst." Ultimately, "we need to go from analyst to orchestrator. We need to have the modern SOC with the analyst in the center, to start to work with a team of intelligent agents," he said. Notably, embracing this shift to the "agentic SOC" is made even more crucial by the fact that threat actors are clearly using the same AI-powered technology to dramatically increase the speed and effectiveness of their attacks, Sentonas said. With the newly announced Falcon Agentic Security Platform, CrowdStrike said it now offers an "AI-ready" data layer that enables the expansion of agentic functionality across its broad security platform, ultimately providing faster and more-effective responses to threats. The cybersecurity giant also debuted seven new agents for SOC analysts as well as a no-code platform for creating custom agentic tools, Charlotte AI AgentWorks. While many security analysts have questioned whether their roles might be on their way to redundancy in the wake of GenAI's arrival, those anxieties have begun to dissipate as the full potential for agentic SOC capabilities has become clearer, solution provider executives told CRN at Fal.Con this week. For instance, solution and service provider powerhouse Wipro, whose SOCs employ 2,000 people, has seen a palpable shift in this regard, according to Tony Buffomante, senior vice president and global head of cybersecurity and risk services at Wipro, No. 17 on CRN's Solution Provider 500 for 2025. "My personal experience has been that the fear of our analysts who I spoke to a year ago -- around, 'This is going to take my job' -- has subsided," Buffomante said. In its place, there's now a lot of "excitement" among analysts, he said. The overriding sentiment now is, "'This is really cool. Now I'm going to be able to do some higher-level things,'" Buffomante said. Specifically, Wipro has intentionally worked to help overcome those fears around analysts with a strong commitment to "upskill and uplevel everybody" around new AI and agentic technologies, he said. For many security analysts, the potential for AI agents to significantly improve satisfaction with their jobs -- and even their quality of life and mental health -- has been a massive factor as well, according to Chris Ebley, CTO at Blackwood, No. 93 on CRN's Solution Provider 500. Agentic offerings from CrowdStrike, for instance, show a major promise of being able to automatically handle the steps needed to determine that an alert is a false positive -- the types of tasks that SOC analysts are inundated with on a daily basis, Ebley said. This is a huge issue because for SOC analysts, there's little satisfaction in taking on tasks where it's highly probable that "you're reacting to something individually that's not a threat," he said. "It's hard to find the mission in that." The potential with agentic, on the other hand, is to eradicate the need for analysts to deal with monotonous issues such as false positives, according to Ebley. In such a scenario, AI agents could perform the investigation into an alert, identify the issue as being benign, fully document what happened and close the ticket, he said. "And a human never touches that process," Ebley said. "That's really attractive." All in all, CrowdStrike's latest debut of SOC capabilities -- which leverage agents but are fundamentally orchestrated by humans -- should prove much more compelling for security analysts and MSSPs than competing visions of an "autonomous SOC," said Chris Schueler, CEO of Cyderes, No. 98 on CRN's Solution Provider 500. The "autonomous SOC" concept is unfortunate, Schueler told CRN, and has helped to drive some of the fears among security analysts that they could be on track to be replaced. "If done correctly, there should be excitement, not fear" about AI in the SOC, he said. The bottom line for MSSPs such as Cyderes is that "we're aligned with CrowdStrike in [advocating a] human-led, AI-powered SOC," he said. "By casting the right vision for the SOC analyst, I think they'll 100-percent start to see, 'I can actually start to be a part of this mission of stopping threats, and not just be a cog in the wheel.'"

George Kurtz's 5 Boldest AI Statements At CrowdStrike Fal.Con 2025

The CrowdStrike co-founder and CEO used his Fal.Con keynote to discuss his vision for the 'agentic SOC,' AI detection and response and working toward the realization of security AGI. CrowdStrike is making its next big moves in AI with a focus on enabling a Security Operations Center (SOC) that is fundamentally powered by agents -- the "agentic SOC," CrowdStrike co-founder and CEO George Kurtz said Tuesday. At the same time, the cybersecurity giant is also "pioneering" a new category in AI security, "AI detection and response," in part through the just-announced deal to acquire AI guardrails startup Pangea, Kurtz said during his keynote at CrowdStrike's Fal.Con 2025 conference in Las Vegas. The offering builds on CrowdStrike's track record in its core segment of endpoint detection and response (EDR), as well as in areas including managed detection and response (MDR) and cloud detection and response (CDR), he said. [Related: 5 Big Takeaways From CrowdStrike's 2025 Partner Summit] And CrowdStrike is looking even further out by taking the initial steps toward developing security-focused artificial general intelligence, or security AGI, according to Kurtz. "The destination for me really is security AGI," Kurtz said during his Fal.Con keynote. With predictions that AGI as a concept is likely to still be years in the future, "this is not something that is going to be hit anytime soon, but it's what we're thinking about as the industry is moving forward," he said. "We think this is a big, bold vision, and we've got the company galvanized around that." Kurtz made the remarks as CrowdStrike also announced an array of new cybersecurity offerings related to AI and agents, including the Falcon Agentic Security Platform. The platform offers an "AI-ready" data layer that enables the expansion of agentic functionality on CrowdStrike's platform, ultimately providing faster and more effective responses to threats, according to the company. CrowdStrike also introduced a new set of AI agents through the launch Tuesday of its Agentic Security Workforce offering. The new agents are aimed at going beyond chatbot-based copilots by handling key security workflows across a number of Falcon modules, CrowdStrike said. Additionally, CrowdStrike also debuted Charlotte AI AgentWorks, which is a no-code platform for building, testing, deploying and orchestrating security agents. Ultimately, the agentic SOC is not about "building a better dashboard," Kurtz said. "The agentic SOC [is powered] by intelligent agents that don't just assist -- they reason, decide, and they act," he said. "The humans get elevated into a role where they're now controlling a fleet of agents, and letting the agents do the work on their behalf." What follows are Kurtz's five boldest AI statements at CrowdStrike Fal.Con 2025. 'Obsolete' Technology Vs. AI "The challenge that we have [in cyber defense] is, the old model can't keep up. We've got too many folks fighting the battle with obsolete technology, and you just can't keep up with the speed of what we're seeing in terms of the threats and how sophisticated these attackers have gotten. And when we think about GenAI, we've actually not only empowered the attackers to be more sophisticated, but we actually multiplied more of them. There are more people who can do this with a high level of sophistication than there were just two years ago because of these technologies. ... The SOC is trying to fight a 21st Century war with 20th century weapons. That has to change." 'Agentic SOC' Vision "So what is the new model? The new model is something where we have to reimagine what the SOC is going to be [and] we need to rebuild it to operate at the speed of AI. So let's talk a little bit about the agentic SOC. What I mean by the agentic SOC is not building a better dashboard. The agentic SOC [is powered] by intelligent agents that don't just assist -- they reason, decide, and they act. They operate across domains, identities, endpoints, cloud, SaaS. There's a few pillars that we believe are key to the agentic SOC [including] agentic detection, triage and workflow. ... Where we're going in the industry with this SOC transformation is [that] the humans get elevated into a role where they're now controlling a fleet of agents, and letting the agents do the work on their behalf." 'AI Detection And Response' "AI agents, to me, actually look a lot like a human. They have an identity, they have a workflow, they have access to resources, they have access to data. ... I'm excited to announce today that we acquired Pangea [which is] a leader in the space of protecting AI agents from the browser, application, gateway, cloud, in the development pipeline, as well as in production. ... We're pioneering AI detection and response ... For a computer, workload, endpoint, it doesn't matter -- you have to have visibility. You have to understand what it did. It's the same for an AI agent, because an AI agent is not only going to talk to data -- it's going to talk to another AI agent, that's going to talk to another AI agent, that's going to talk to an MCP server. And you're going to have to put guardrails. You're going to [need to] have visibility across the entire line. When someone says, 'Hey, what happened? What did this AI agent do?' [Having] an AI agent is like giving an intern full access to your network. That's scary. So you've got to put some guardrails around [the agent]." Build-Your-Own Security Agents "For us, it's about creating agents that do work on our customers' behalf. We created seven. But there's always going to be a need for [more] that we haven't thought about. We are announcing Charlotte AI AgentWorks [because] we want our customers to be able to build their own agents. So think about what you can imagine, what you could do, and how you want to streamline both security and IT elements in these agents. ... This fundamentally has the ability to change how we think about working in the SOC and moving us into that agentic workflow." Security AGI Is Coming "The destination for me really is security AGI. ... If we think about AGI itself, [Nvidia CEO] Jensen Huang talks about AGI -- [the concept of] AGI -- maybe five years out. Is it three? Is it five? Is it 10? Who knows. All I know is, things are moving pretty quickly. But part of what our teams are focused on, and building as we get up the stack of autonomy, is to get to a point where we could deliver security AGI. ... So you've got to move into something that can recursively get smarter and smarter until you hit that security AGI. So this is not something that is going to be hit anytime soon, but it's what we're thinking about as the industry is moving forward. ... As I said, it's a destination. There's not a product that we're shipping next week that has this. But as a company that's really on the forefront of doing these things, we think this is a big, bold vision, and we've got the company galvanized around that."

CrowdStrike Unveils New Agentic Security Platform For 'Deeper Layer Of Autonomy': CTO

The cybersecurity giant is also introducing new AI agents with the launch of its Agentic Security Workforce offering. CrowdStrike debuted a new agentic security platform to drive a higher degree of autonomy for cybersecurity teams along with new AI agents across its Falcon platform, in a pair of announcements Tuesday signaling where the security giant is heading next on AI. The newly announced Falcon Agentic Security Platform offers an "AI-ready" data layer that enables the expansion of agentic functionality on CrowdStrike's platform, ultimately providing faster and more effective responses to threats, according to the company. [Related: CrowdStrike CEO George Kurtz: 'Huge Service Opportunity' Ahead For Partners] In a briefing with media outlets including CRN, CrowdStrike CTO Elia Zaitsev said the company's Agentic Security Platform is the next major step in making the Security Operations Center (SOC) more autonomous. "Now we're heading into an even deeper layer of autonomy where we are really after what we call the agentic SOC," Zaitsev (pictured) said during the briefing with media. "We want multiple agents working orchestrated in an ensemble fashion, to progressively automate more and more aspects of what a human analyst does today." Key capabilities include an Enterprise Graph that unifies telemetry data from across an organization, enabling that data to be more easily leveraged by both AI and human analysts through a common query language. The Agentic Security Platform has "huge implications for human analysts [through] simplifying their workflows, their ability to work with all this complex, powerful data," Zaitsev said. Meanwhile, CrowdStrike also introduced a new set of AI agents through the launch Tuesday of its Agentic Security Workforce offering. The offering provides security analysts with "out-of-the-box capabilities to automate more and more of these steps, more and more of these specific tasks," Zaitsev said. The initial agents are aimed at going beyond chatbot-based copilots by handling key security workflows across a number of Falcon modules, CrowdStrike said. The agents can be utilized to provide exposure prioritization (in Falcon Exposure Management), malware analysis (in Falcon Threat Intelligence) and threat hunting (in Falcon Threat Intelligence), the company said. Additional agents are being introduced in Falcon Next-Gen SIEM, including agents for search analysis, correlation rule generation, data transformation and workflow generation, according to CrowdStrike. As part of the announcements Tuesday, CrowdStrike also debuted Charlotte AI AgentWorks, which is a no-code platform for building, testing, deploying and orchestrating security agents. Charlotte AI AgentWorks thus allows partners and customers to build and deploy "their own agentic systems with their own custom datasets and enterprise or organizational specific knowledge baked into it," Zaitsev said. The announcements came in connection with CrowdStrike's Fal.Con 2025 conference, which is being held this week in Las Vegas. Speaking to top partners at the conference Monday, CrowdStrike Co-founder and CEO George Kurtz said that the company's offerings around agentic and products such as Next-Gen SIEM are accelerating opportunities for partners to deliver services. The adoption of agentic, meanwhile, also creates opportunities for delivery of security in areas such as identity, Kurtz said. Most of the identities associated with agentic are non-human and often will need to have access to data, compute and workflows, he said. As for Next-Gen SIEM, "it does represent a huge opportunity from a market perspective for our partners, and a huge service opportunity," Kurtz said Monday during CrowdStrike's 2025 Partner Summit.