The pace and prevalence of adversarial AI is only accelerating — and organizations must harness the power of AI to stop them. CrowdStrike is building the tools they need to do it.
Our latest innovations include Charlotte AI Agentic Workflows, Charlotte AI Agentic Response, and CrowdStrike Falcon® Complete Next-Gen MDR now using CrowdStrike® Charlotte AI™. We are also announcing platform-level AI advancements that prioritize risk and aid in response. For example, Charlotte AI Detection Triage now autonomously triages identity-based attacks.
As adversaries weaponize AI to drive speed and scale, security teams need more than copilots and static playbooks. They need AI that can quickly provide accurate information and take controlled action. Charlotte AI goes beyond copilots: It represents a new class of mission-ready, agentic AI that thinks, reasons, and acts within expert-defined boundaries to accelerate outcomes across the SOC.
Trained on millions of real-world SOC decisions from Falcon Complete Next-Gen MDR, Charlotte AI uses the power of AI and the precision of human expertise to augment analysts’ efforts while keeping security teams in control. Unlike traditional copilots that wait for prompts, Charlotte AI independently analyzes first-party and third-party data, draws conclusions, and takes authorized action, ensuring faster, more accurate outcomes without sacrificing analyst oversight. Charlotte AI acts with bounded autonomy, which ensures it only operates within predefined limits set by security teams, delivering trusted, predictable actions without risk of overreach.
While the CrowdStrike Falcon® platform has become the foundation of the AI-native SOC, Charlotte AI acts as a mission-ready operator that works alongside analysts, accelerating detection, investigation, and response through bounded, autonomous action.
With its newest capabilities, Charlotte AI asks and answers investigative questions and executes actions so analysts can be hands-off on repetitive tasks and hands-on when it’s most needed. These innovations bring intelligent automation across the SOC so analysts can move faster, make better decisions, and focus on the most critical threats.
Table of Contents
Charlotte AI Agentic Response
Charlotte AI Agentic Response, generally available in the coming weeks, autonomously generates, analyzes, and answers guiding questions that can help security teams conduct root cause analysis, map lateral movement, and learn information that can assist in incident response.
Security teams often lack the expertise they need to quickly and accurately investigate incoming incidents, and their SOC playbooks often fail to keep pace with evolving adversary techniques. This can lead to workflow bottlenecks, longer response times, excessive escalations, and incomplete analysis of critical alerts.
Charlotte AI Agentic Response delivers AI-powered investigation guidance based on insights from Falcon Complete Next-Gen MDR analysts. After Charlotte AI Detection Triage, Charlotte AI Agentic Response jump-starts investigations by recommending relevant, prioritized questions so analysts can ask the right questions and focus on the answers that matter. After answering the initial questions, analysts can prompt Charlotte AI to iteratively ask and answer new questions based on its findings.
Analysts can direct Charlotte AI to drill down further, generating successive follow-up questions and answers to compile the context needed to close out investigations. Analysts can use this process to investigate an event before closing or escalating the alert.
See Charlotte AI Agentic Response in action:
Charlotte AI Agentic Workflows
CrowdStrike is transforming security automation with Agentic Workflows — a new capability now available to Charlotte AI customers through CrowdStrike Falcon® Fusion SOAR, our no-code automation engine. With Agentic Workflows, customers can now insert and invoke state-of-the-art LLMs directly within Fusion workflows to analyze, reason, and respond in real time. In doing so, they can automate complex, time-consuming tasks, handle unstructured data, and deliver tailored outputs without human intervention.
Agentic Workflows break free of the limits plaguing traditional security, orchestration, automation, and response (SOAR) tools, which are often bogged down by rigid playbooks, brittle edge-case logic, and human-triggered processes. They adapt in real time, automatically handling messy data and generating audience-specific output.
With bounded autonomy, teams stay in control. They define what the model can access, how it behaves, and when it takes action. Agentic Workflows are fully customizable using a simple no-code interface, so analysts can configure, test, and deploy workflows that operate across the security stack. They can tap into structured and unstructured data from their Falcon modules, including third-party data hosted in Falcon Next-Gen SIEM, to gain immediate out-of-the-box value.
How it works:
-
Choose a model: Instantly access industry-leading LLMs hosted in CrowdStrike’s secure environment — no extra infrastructure or agreements needed.
-
Define instructions: Tell the model what to do, which data to use, and what variables to pull in (e.g., detection context, user identity).
-
Tailor the output: Generate insights in plain text, JSON, Markdown — whatever the workflow requires.
See Charlotte AI Agentic Workflows in action:
For example, a workflow can take the results of an alert triage and determine whether a device should be contained based on company policies. It can then generate the appropriate communication for different audiences — such as an executive summary, a technical SOC update, or a customer advisory — and automatically translate those messages for global teams. This enables security teams to respond faster, reduce manual work, and scale expert-driven decisions across the organization, improving speed, precision, and resilience in daily operations.
This isn’t just automation. It’s intelligence in action, empowering Charlotte AI to think, decide, and execute within customer-defined boundaries. With Charlotte AI Agentic Workflows, CrowdStrike is unlocking the future of SOAR, where automation is both faster and smarter.
Falcon Complete Next-Gen MDR Now Uses Charlotte AI
In today’s threat landscape, the speed and precision of detection and response is critical. Falcon Complete Next-Gen MDR analysts now harness Charlotte AI’s GenAI and Agentic AI workflows to triage alerts and accelerate analysis, combining expert oversight with intelligent automation to stop breaches.
Every day, Falcon Complete analyzes tens of thousands of detections worldwide. The learnings from each incident, combined with data from our threat hunting and threat intelligence teams, are entered back into the Falcon platform. This creates a powerful feedback loop: Human expertise improves Charlotte AI’s capabilities, and Charlotte AI enhances analyst decision-making — driving faster, smarter responses over time.
Falcon Complete’s vast SOC expertise and decision data inform Charlotte AI’s ability to streamline investigations. Charlotte AI provides real-time incident context and automates routine tasks so our elite security experts can focus on critical threat response and full-cycle remediation. This combination enables more effective breach prevention, and faster detection and response, across our customer base.
Stopping Breaches with Charlotte AI
As adversaries weaponize AI to accelerate and scale their attacks, security teams need more than copilots and static automation. They need AI that can quickly get to the right answer and take controlled action. Charlotte AI delivers agentic autonomy, asking and answering questions, surfacing real attacks faster, and executing dynamic actions to accelerate detection, investigation, and response. CrowdStrike gives every security team the speed, scale, and expertise needed to stop breaches in the AI era.
Additional Resources
The above includes forward-looking statements including, but not limited to, statements concerning the expected timing of product and feature availability, the benefits and capabilities of our current and future products and services, and our strategic plans and objectives. Such statements are subject to numerous risks and uncertainties and actual results could differ from those statements. Any future products, functionality and services may be abandoned or delayed, and customers should make decisions to purchase products and services based on features that are currently available.
Leave a Reply