CrowdStrike Launches Agentic MDR to Automate Security Operations
"As AI-powered adversaries move faster than defenders can respond, security operations must accelerate beyond manual workflows to machine-speed defense."
Cybersecurity company CrowdStrike has launched Agentic MDR, a new managed detection and response service that uses intelligent agents to automate security workflows inside its Falcon Complete offering. The service was announced at RSA 2026 in San Francisco on March 24.
Agentic MDR deploys agents built and orchestrated by Falcon Complete analysts to automate investigation and response tasks that would otherwise require manual intervention.
CrowdStrike said the system uses a closed-loop model that improves through repeated engagements, keeping human analysts in the loop while automating high-friction parts of the security operations workflow.
The launch comes as attackers increase the use of AI in their operations. CrowdStrike reported an 89% year-over-year rise in AI-enabled adversary activity and said the average eCrime breakout time has fallen to 29 minutes, compressing the window available for security teams to detect and respond to threats.
"As AI-powered adversaries move faster than defenders can respond, security operations must accelerate beyond manual workflows to machine-speed defense," said Austin Murphy, VP and GM of Falcon Complete. "Agentic MDR combines elite human expertise with agents so our defenders can investigate and respond at the speed modern attacks demand."
CrowdStrike is evaluating NVIDIA reasoning models within Agentic MDR. In internal testing, investigations ran up to 5 times faster and achieved more than 3 times higher triage accuracy in high-confidence benign classification when using NVIDIA Nemotron Nano and Nemotron Super models.
The company based the comparison on an average agentic investigation time of 8.5 minutes against the longest human investigation time of 48 minutes.
Alongside Agentic MDR, CrowdStrike launched SOC Transformation Services to help organizations modernize security operations. The services cover SIEM migration, data pipelines, agentic workflows, and governance, including migration to Falcon Next-Gen SIEM.
CrowdStrike also announced updates to Falcon Cloud Security at the same event, adding functions that rank cloud risks by linking application behavior with active attacker tactics.
A third launch, Falcon Data Security, is designed to discover, classify, and stop data theft across endpoints, cloud systems, browsers, and AI-driven workflows.
Organizations can choose to have CrowdStrike operate security operations through Falcon Complete or build internal capabilities using its services.