As adversaries are increasingly using AI to launch faster, more sophisticated attacks, CrowdStrike is repositioning itself from purely automation-based defence to what it calls an “agentic” model: autonomous, reasoning agents that operate under human command.
Its latest Falcon platform update introduces a suite of “mission-ready” AI agents trained on analyst decisions, and an orchestration layer called Charlotte Agentic SOAR to coordinate them.
The move is backed by major infrastructure partnerships, most notably with CoreWeave (built on NVIDIA compute) and Amazon Web Services, signalling a strategic stack-level play rather than a simple feature upgrade.
But the question remains: should enterprises view it as hype or a real inflection?
A Reasoning Agents Workforce
Traditionally, security operations have relied heavily on fixed playbooks and automation workflows: if threat A happens, respond with action B. But as CrowdStrike argues, the old model cannot keep pace with a threat environment where AI speeds up adversary tactics dramatically.
According to CEO George Kurtz, “If agents are expected to think, reason and act like an expert analyst, they must be trained on expert experience, not legacy playbooks.”
CrowdStrike’s new agents (introduced under its “Agentic Security Workforce” banner) are designed to tackle tasks such as app creation, data onboarding and exposure prioritisation. The company says these agents are trained on millions of decisions made by its Falcon Complete SOC operations.
The orchestration layer, Charlotte Agentic SOAR, allows analysts to build, deploy and monitor these agents via a no-code interface, set guardrails and chain workflows together.
The infrastructure backing it is noteworthy. CrowdStrike’s partnership with CoreWeave combines its Falcon platform with CoreWeave’s high-performance AI cloud built on NVIDIA systems, specifically to secure “where intelligence is built, trained and deployed.”
Analysts say this end-to-end stack: data graph + agents + orchestration + high-scale infrastructure, is what gives CrowdStrike its claimed advantage.
Yet, CrowdStrike emphasises human oversight remains central. The goal is not to eliminate analysts but to elevate them, turning them into orchestrators of an agent-driven security workforce rather than firefighters responding to alerts.
A Competitive Race and the Risks Ahead
While the architecture might be compelling, CrowdStrike’s proposition is far from unique. Rival vendors are moving in similar directions.
Palo Alto Networks has introduced “Cortex Agentix”, embarking on agent orchestration for security operations.
SentinelOne and Microsoft are also embedding AI agents within their security suites. That suggests agentic security has become an arms race rather than a distinct breakthrough.
Moreover, analysts caution against over-eagerness. According to a recent note, “over 40 % of agentic AI projects will be cancelled by 2027 due to unclear business value or inadequate risk controls.”
One security leader added: “We need to remove the hype and treat an AI agent like an intern: what level of privileges would you give an intern?”
Governance, auditability and oversight therefore remain critical.
CrowdStrike is clearly aware of the stakes. In its own blog post, Kurtz described how attackers are now using generative AI to “build unique PowerShell scripts tailored to each specific environment” and argued the SOC must move from reactive defence to autonomous response.
To that end, the Falcon “Enterprise Graph” underpins its data model, enabling agents to operate with richer context and telemetry.
On the market side, the agentic-AI security space is rapidly growing: projected by some to climb from around US $7 billion in 2025 to nearly US $90 billion by 2032. While CrowdStrike hasn’t publicly verified those numbers, the scale of industry investment underscores how high the stakes are.
Admission of such aggressive growth also frames why CoreWeave has committed multi-billion-dollar capacity to AI cloud infrastructure.
For enterprises evaluating this wave, the message is clear: it’s not just about buying a feature upgrade, but architecting for an agentic future, where agents, data, orchestration and governance must align.
CrowdStrike’s pivot to an agentic security model backed by CoreWeave, NVIDIA and other infrastructure partners reflects a serious evolution in approach. The move from scripted automation to reasoning agents, orchestrated and scaled, is meaningful. That said, it is not a solo act; competitors are lined up right behind, and the risk of “agent-washing” remains real.
