CrowdStrike announced a trio of innovations to its Falcon platform overnight at Fal.Con Europe in Barcelona.
The company introduced Charlotte Agentic SOAR, expanded its Agentic Security Workforce, and unveiled new Falcon for XIoT capabilities.
“Security operations can’t match the speed of AI-accelerated adversaries with static automation and rule-based playbooks,” Michael Sentonas, president of CrowdStrike, said in a 5 November statement.
“Charlotte Agentic SOAR brings reasoning and coordination to the agentic SOC, where analysts orchestrate AI-powered agents in real time to stop breaches with speed, precision, and control.”
The Charlotte Agentic SOAR module sits at the core of CrowdStrike’s new architecture, uniting native, custom-built, and third-party agents in a single system. The new module enables security teams to connect tools, context, and data across prevention, detection, investigation, and response.
Analysts can use natural language or drag-and-drop controls to design guardrails, set missions, and oversee AI-powered agents that continuously assess outcomes and decide the next best action. This changes an analyst’s role from reactive operator to proactive orchestrator within what CrowdStrike calls the agentic SOC – a security operations centre powered by intelligent, mission-ready agents working under human command.
CrowdStrike also expanded its Agentic Security Workforce, adding new AI agents trained on millions of real SOC decisions.
“If agents are expected to think, reason, and act like an expert analyst, they must be trained on expert experience, not legacy playbooks,” George Kurtz, CEO and founder of CrowdStrike, said.
“That’s the difference between static automation and true intelligence – playbooks train automation, people train intelligence.”
The new agents include a Foundry App Creation Agent for no-code security app development, a Data Onboarding Agent to streamline Falcon SIEM integrations, and an updated Exposure Prioritization Agent that automates risk-based remediation. These capabilities are coordinated through Charlotte Agentic SOAR and AgentWorks, which together enable organisations to build, train, and deploy agents across the Falcon ecosystem.
CrowdStrike also announced it is extending the Falcon platform’s reach into operational technology with Falcon for XIoT. The update delivers zero-touch discovery of industrial assets, real-time segmentation visibility, and unified OT/XIoT context for faster, safer decision making.
“Customers are demanding a single platform to understand risk, unify protection, and eliminate complexity across every attack surface,” Elia Zaitsev, CrowdStrike’s chief technology officer, said.
“With these innovations, customers can replace the fragmented tools they’ve been forced to rely on for too long, accelerating consolidation on Falcon.”
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.