At RSA Conference 2025, CrowdStrike unveiled major advancements in cybersecurity automation with the launch of Charlotte AI Agentic Response and Charlotte AI Agentic Workflows. Building on its groundbreaking Charlotte AI Agentic Detection Triage, CrowdStrike moves beyond basic copilots, introducing autonomous reasoning and decision-making within the CrowdStrike Falcon® platform — setting a new standard for AI-native SOC operations.
1. The Evolution of Charlotte AI: From Copilot to Autonomous Cyber Reasoning
- Beyond Ask-and-Respond:
- Charlotte AI moves past traditional AI copilots to autonomous action and investigation without human prompts.
- Bounded Autonomy:
- Actions are executed within expert-defined parameters, ensuring security and compliance.
2. New Capabilities Unveiled
- Charlotte AI Agentic Response:
- Automates root cause analysis, maps lateral movement, and proactively guides next steps.
- Saves analysts hours each week by automatically asking and answering investigative questions.
- Charlotte AI Agentic Workflows:
- Delivered through Falcon Fusion SOAR.
- Drag-and-drop, LLM-powered workflows embed AI reasoning directly into automated playbooks.
- Example: Auto-containment decisions with tailored communications for executives, tech teams, and customers.
- Falcon Complete with Charlotte AI:
- Next-Gen MDR combines expert human oversight with Charlotte AI-driven triage to enhance alert analysis and response speed.
- Charlotte AI Agentic Detection Triage for Identity:
- Now extends agentic detection to Falcon® Identity Protection, helping prioritize high-risk identity threats with endpoint and cloud alerts.
3. Revolutionizing SOC Efficiency
- One Native Architecture:
- For the first time, enterprises can combine real-time detection, expert investigation, and autonomous response within a single platform.
- Proactive vs. Reactive:
- A fundamental shift enabling organizations to move from reactive breach response to proactive threat prevention.
4. Expanded Falcon Platform Innovations
- Falcon® for XIoT with ExPRT.AI:
- Validated by 12+ ICS vendors.
- Delivers real-time, adversary-driven risk insights for operational technology (OT) and IoT systems.
- CrowdStrike Pulse Services:
- New services help teams operationalize agentic AI.
- Modular engagements offer readiness assessments, workflow alignments, and policy fine-tuning to speed up security maturity.
5. Executive Insights
- George Kurtz, Founder and CEO of CrowdStrike:
- “There’s a profound difference between adding AI features and fundamentally transforming how cybersecurity works. Charlotte AI represents a fundamental shift to proactive, autonomous security.”
With the launch of Charlotte AI Agentic Response and Charlotte AI Agentic Workflows, CrowdStrike is fundamentally transforming the SOC. By merging autonomous AI reasoning with expert human oversight, CrowdStrike’s Falcon platform redefines cybersecurity operations, ushering in a new era where AI not only assists but actively protects modern enterprises.
