CrowdStrike CEO George Kurtz: 2026 Is ‘Breakout Year’ For Agentic SOC

The AI-powered ‘revolution’ augmenting the Security Operations Center means that ‘the SIEMs of yesterday are being replaced,’ Kurtz tells CRN.

The agentic-powered “revolution” that is transforming the Security Operations Center (SOC) is set to pick up speed this year, providing massive opportunities to AI-savvy solution and service providers, according to CrowdStrike co-founder and CEO George Kurtz.

In written comments provided for CRN’s CEO Outlook 2026 report, Kurtz said it’s clear that “2026 is the breakout year for the agentic SOC.”

[Related: 10 Hot Agentic SOC Tools In 2026]

“The SOC is in a complete state of revolution,” Kurtz wrote.

In part, this is because security teams “have to do more than they’ve ever had to do before” as a result of the need to secure AI adoption, he said.

At the same time, “security teams have to reinvent themselves” for the AI and agentic era, Kurtz wrote. “AI is here to transform everything, and security is no different.”

Kurtz added that the agentic SOC momentum is another indicator that the days are numbered for the traditional SIEM (security information and event management) platforms.

“The SIEMs of yesterday are being replaced,” he wrote.

Ultimately, “this creates a massive shared opportunity with partners to help customers operationalize AI agents across security workflows while securing the enterprise AI tools transforming how work gets done,” Kurtz said.

Kurtz made the comments as recently launched agentic SOC tools from vendors such as CrowdStrike become more widely adopted.

It’s clear that the ability to automate much of the entry-level threat triaging and investigation through agentic SOC platforms is a game-changer, BlackLake Security’s Kurt Wagner said in a recent interview with CRN.

The new agentic SOC tools are starting to prove that an easing of challenges such as alert fatigue and tool sprawl is entirely possible, said Wagner, director of sales at Austin, Texas-based BlackLake, No. 311 on CRN’s Solution Provider 500 for 2025.

Without a doubt, “having the ability to augment your SOC [with the new tools]—it becomes a force multiplier,” he said.

Unveiled in September, CrowdStrike’s Falcon Agentic Security Platform offers an “AI-ready” data layer that enables the expansion of agentic functionality on CrowdStrike’s platform, ultimately providing faster and more effective responses to threats, according to the company.

In August, meanwhile, CrowdStrike announced the acquisition of a data pipeline management startup, Onum, to boost its Next-Gen SIEM offering.

Crucially, the approach taken by CrowdStrike with its Falcon platform—around stitching all the necessary context together—can allow organizations to use agentic to correlate security risk in real time, said Chris Schueler, CEO of Kansas City, Mo.-based Cyderes, No. 98 on CRN’s 2025 Solution Provider 500.

“That’s what agentic is so amazing at,” Schueler said. “And that’s why we’re working with a powerhouse like CrowdStrike to redefine what AI looks like in a SOC.”

In an interview with CRN in November, Kurtz said that CrowdStrike’s “amazing ecosystem of partners” is playing a central role in enabling the agentic SOC transition.

“Partners are pivotal in being able to roll out the technologies and get an outcome,” he said.

While moving from an older system such as a "legacy SIEM,” an organization will usually have substantial existing data and workflows, meaning that “there is a process re-engineering that needs to take place,” Kurtz said.

“You’re moving people from this one-to-one relationship of, ‘I’ve got a threat, I’ve got to investigate a threat,’ to, ‘I’ve got AI agents that are investigating all these threats, and then I’m managing a fleet of AI agents,’” he said. “That takes a bit of change, and you need the right partners—particularly the strategic partners like the GSIs—to be able to help in those areas.”