CrowdStrike Unveils Agentic Security Expansion: 5 Things To Know

The cybersecurity giant is debuting a number of new AI agents along with the new Charlotte Agentic SOAR platform.

CrowdStrike debuted a major expansion Wednesday to its Falcon Agentic Security offering while also introducing a new SOAR (security orchestration automation and response) platform powered by agentic technology.

The cybersecurity giant announced the new offerings in connection with its Fal.Con Europe 2025 conference, taking place in Barcelona this week.

The launches include a number of new AI agents along with the new Charlotte Agentic SOAR platform, according to CrowdStrike.

The launches come after CrowdStrike introduced its Falcon Agentic Security Platform in September, with the aim of driving a higher degree of autonomy for cybersecurity teams.

What follows are five things to know about CrowdStrike’s agentic security expansion.

Charlotte Agentic SOAR

The launch of the new Charlotte Agentic SOAR platform represents the orchestration layer for the company’s Falcon Agentic Security Platform, CrowdStrike said.

Charlotte Agentic SOAR allows security teams to “incorporate agentic GenAI systems to add and inject dynamic intelligence into these traditional workflows,” CrowdStrike CTO Elia Zaitsev (pictured) said during a briefing with media.

At the same time, the agentic SOAR approach is “still giving humans the ultimate control as to when and where those agentic systems may be involved and exactly what capabilities we're offering them — and under what scenarios,” he said.

Key capabilities for Charlotte Agentic SOAR include enabling security analysts to use natural language queries as well as drag-and-drop functionality to carry out a range of tasks — including connecting tools, defining guardrails and deploying structured playbooks as well as AI-powered workflows, CrowdStrike said.

Foundry App Creation Agent

As part of the expansion to the company’s Agentic Security Workforce offerings, CrowdStrike introduced a number of new agents including an agent that leverages the Falcon Foundry application development platform.

The new Foundry App Creation Agent is a no-code tool that “automatically converts the user's instructions and subsequent refinements into applications” through Foundry, Zaitsev said.

The agent generates the code and can also enable iteration and debugging before the user decides to publish the application through Falcon Foundry, he said.

Data Onboarding Agent

Meanwhile, as part of CrowdStrike’s Falcon Next-Gen SIEM platform, the company launched its Data Onboarding Agent to enable faster movement of data into the SIEM (security information and event management) system.

The agent works by “streamlining” the creation of data pipelines, covering the full range of functionality including ingestion, configuration, validation and troubleshooting, the company said.

The Data Onboarding Agent can thus “ingest and transform and parse data from third-party sources into the Falcon platform,” Zaitsev said. “This, of course, greatly speeds it up and simplifies the process of not just setting up those data pipelines, but also continuously monitoring and inspecting them and troubleshooting potential issues.”

Exposure Prioritization Agent

CrowdStrike also announced updates to its Exposure Prioritization Agent, which is included as part of the vendor’s Falcon Exposure Management module.

The updates add capabilities for authenticated scanning as well as continuous visibility from the Falcon Exposure Management offering, CrowdStrike said.

“This allows us to now take advantage of one of the newer capabilities we just released in exposure management, which is real-time, credentialed or authenticated network vulnerability assessments,” Zaitsev said.

Falcon for XIoT Expansion

Additionally, CrowdStrike on Wednesday announced an expansion to its Falcon for XIoT (extended IoT) platform, with the launch of new capabilities including “zero-touch” asset discovery.

The new capability provides automated identification and inventories of assets without the need for dedicated sensors or manual configuration, CrowdStrike said.

The update announced Wednesday also adds improved segmentation visibility as well as a unified interface for data related to industrial assets and vulnerabilities, the company said.