SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Digital shield circuit patterns abstract icons cloud security data threat detection
#
Data Protection
#
Endpoint Protection
#
Cloud Security

CrowdStrike expands Falcon with mission-ready agents for AI security

Thu, 6th Nov 2025
Author image
By Sean Mitchell, Publisher

CrowdStrike has introduced new mission-ready agents to extend its Falcon platform and expand its Agentic Security Workforce.

The expansion brings additional agentic automation to standard Falcon tasks such as application creation and data onboarding, aiming to accelerate outcomes and enable analysts to concentrate on more strategic decisions in security operations.

New mission-ready agents

The latest additions to the Agentic Security Workforce are delivered through Falcon platform modules and unite current agents, which are trained on millions of decisions from Falcon Complete security operations, with new agents designed to handle routine tasks based on actual platform use and expertise.

The mission-ready agents include the Foundry App Creation Agent, Data Onboarding Agent, and an updated Exposure Prioritization Agent. These agents work alongside custom-built and third-party agents to automate high-impact workflows spanning prevention, detection, investigation, and response.

The Foundry App Creation Agent, which is available through Falcon Foundry, gives teams the ability to build and deploy custom security applications without requiring programming skills. By using natural language, analysts can describe their requirements and the agent assists in planning, designing, and progressing from the initial idea to a working application.

The Data Onboarding Agent, operating within the Falcon Next-Gen SIEM, streamlines the creation of data pipelines, including data ingestion and configuration, along with real-time validation and troubleshooting processes to accelerate data integration.

The Exposure Prioritization Agent, updated with new capabilities, includes authenticated scanning and continuous visibility from Falcon Exposure Management. It is powered by ExPRT.AI and is designed to show security teams exactly what issues to address first, performing automatic remediation through risk-based patching with Falcon for IT.

"If agents are expected to think, reason, and act like an expert analyst, they must be trained on expert experience, not legacy playbooks," said George Kurtz, Chief Executive Officer and founder of CrowdStrike. "That's the difference between static automation and true intelligence - playbooks train automation, people train intelligence. CrowdStrike's agents learn from the world's best SOC operators, giving them the judgment to act autonomously and the discipline to stay under defender command."

Human expertise at the core

CrowdStrike highlights that, in contrast to automation platforms based purely on machine-generated playbooks, its agents are informed by real-world expertise and judgments of experienced security analysts. This foundation is intended to give the agents the ability to perform critical reasoning over extensive datasets and undertake actions independently, with oversight from security teams.

The company notes that the agents benefit from training on the collective operational knowledge of global security operations centre (SOC) operators. This aims to enhance their capability to assist in security tasks, from prevention to response, based on human experience rather than only pre-determined automated scripts.

Extending orchestration capabilities

In addition to the new agents, CrowdStrike has also extended its orchestration services through Charlotte AI AgentWorks and Charlotte Agentic SOAR. These solutions further connect the Agentic Security Workforce across the security lifecycle.

AgentWorks allows organisations to build custom agents without coding, broadening the ability for firms to tailor their security automation. Charlotte Agentic SOAR acts as an orchestration layer, enabling analysts to unify and direct CrowdStrike, custom-built, and third-party agents. According to CrowdStrike, this approach allows the systems to work together, sharing context and executing workflows as a coordinated defence.

CrowdStrike states that such enhancements are intended to equip defenders with an artificial intelligence advantage to address the pace and sophistication of threats which utilise AI techniques themselves.

Platform context

CrowdStrike's expanded agentic approach is supported by the Falcon platform, which aims to provide protection for endpoints, cloud workloads, identity and data. The platform leverages real-time indicators, threat intelligence, telemetry, and AI as part of its service offering with a single-agent model designed for cloud deployment.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Oxylabs experts forecast AI bubble risks & browser wars
AI reshapes cyber threats as experts warn on automation
Tenable hack of Copilot AI agent exposes fraud risks
Agentic AI surge in 2026 sparks fresh cyber security risks
AI-driven cyber threats spur surge in intel spending

Top stories

Enterprises pivot to risk-aware, human-centric AI in 2026
Cyber leaders warn resilience gap as boards eye 2026
AI bubble cools as HR shifts to outcomes & new roles
Keeper links identity security alerts into ServiceNow
Safe AI coaches staff to cut cyber attack errors