CrowdStrike Expands Agentic Security Workforce with New Agents

CrowdStrike is accelerating our vision for the SOC with the launch of new, specialized agents built to tackle some of the toughest modern challenges in security operations: faster data pipeline creation, simpler custom app creation, and continuous, authenticated exposure scanning.

Earlier this year, we charted a path toward the agentic SOC — where security teams command fleets of intelligent agents that reason, decide, and act at machine speed while under defender control. At a time when AI-enabled adversaries are accelerating and SOCs are hindered by legacy tools and manual response, the agentic SOC enables security teams to shift toward a proactive defense, accelerate response, and redirect analyst focus toward more strategic initiatives. 

While these agents can expedite individual tasks, their ultimate potential is realized when they operate in synchronized execution. Charlotte Agentic SOAR, the orchestration layer of the agentic SOC, makes this happen. Powered by CrowdStrike Falcon® Fusion SOAR, our workflow automation engine, Charlotte Agentic SOAR lets security teams coordinate agents, apps, and analyst actions into complex end-to-end workflows — unlocking speed, consistency, and scale across the SOC.

New and Updated Agents Automate Time-Intensive Work

We are announcing additions to CrowdStrike’s agentic security workforce that accelerate data pipeline creation, simplify the creation of custom apps tailored to each team’s needs, and enable continuous, authenticated exposure scanning for faster, smarter remediation. 

Powered by CrowdStrike® Charlotte AI™ and delivered natively across CrowdStrike Falcon® modules, each new agent strengthens the agentic SOC and moves security teams closer to operating at machine speed, accelerating outcomes and raising the floor of what every analyst can achieve. 

Data Onboarding Agent: Intelligent Data Ingestion and Pipeline Creation

Data onboarding can be one of the most complex and error-prone tasks in the SOC, often slowing time-to-value and leaving teams reliant on specialized expertise. 

The Data Onboarding Agent changes that. It enables security teams to use natural language to build end-to-end data pipelines, from configuring ingestion to real-time validation to resolving errors as they occur. The result is faster and more efficient data onboarding into Falcon Next-Gen SIEM, simpler integration across data sources, and consistent visibility across the environment.

This agent works alongside other CrowdStrike agents from Falcon Next-Gen SIEM, including the Data Transformation Agent and Search Analysis Agent, to streamline workflows, share context, and accelerate time-to-value across the SOC. 

Foundry App Creation Agent: Democratize App Development with AI 

Building custom security apps can be complex and dependent on scarce development resources, which stalls innovation for already stretched security teams. With CrowdStrike Falcon® Foundry, customers and partners can harness the data, automation, and cloud-scale infrastructure of the Falcon platform to easily create their own custom applications to solve security and IT challenges. 

The Foundry App Creation Agent further accelerates the process of building applications by enabling teams to build and deploy Falcon Foundry applications using natural language. Analysts simply describe what they need using natural language, and the agent generates the app structure and helps build the app components, reducing app development time. This enables faster Falcon Foundry app development to expand and customize businesses’ Falcon platform deployment. 

Exposure Prioritization Agent: Fix What Matters First

Legacy scanners treat every vulnerability as equal, overwhelming security teams while real threats linger unaddressed. The updated Exposure Prioritization Agent, powered by ExPRT.AI, now leverages authenticated scanning and continuous visibility from CrowdStrike Falcon® Exposure Management to deliver deeper, real-time insight into active exposures and their true risk. It explains findings in plain language, validates real-world exploitability, and highlights business impact, turning scan data into clear, prioritized action. Faster, smarter remediation replaces hours of manual triage with AI-driven clarity so teams can focus effort where it counts most. 

Charlotte Agentic SOAR: Enabling Multi-Agent Orchestration

These specialized agents are powerful on their own. They accelerate investigations, generate workflows, and scale expertise at machine speed. But their true potential is realized when they work together. Charlotte Agentic SOAR bridges the precision of deterministic automation with the adaptability of intelligent agents to deliver on-the-fly flexibility while maintaining reliability and control. 

Underpinning this evolution is Charlotte Agentic SOAR, which unites and orchestrates agents, integrations, and analyst oversight in dynamic and coordinated workflows. It gives analysts an intuitive interface for agent-to-agent orchestration, defining the flow of data, reasoning, and action across the SOC with transparency and precision. Whether operating on a schedule or triggered on demand, its resulting agentic workflows enable the SOC to think, decide, and act at machine speed while keeping humans in control.

With Charlotte Agentic SOAR, CrowdStrike’s growing agentic security workforce, and Charlotte AI AgentWorks, every team gains the tools to build a fleet of mission-ready agents and operationalize them at scale. 

From Firefighting to Foresight

The SOC of the future is powered by agentic orchestration that unites humans and specialized agents into a single, adaptive defense system. With agentic SOAR and a growing workforce of intelligent agents, CrowdStrike is transforming automation from isolated scripts into coordinated, autonomous action.

Defenders can now move from reaction to orchestration — from manual response to machine-speed collaboration — with trust, transparency, and control.

Additional Resources

• Learn more about additional innovations through the Falcon platform Innovations Hub.
• Learn how CrowdStrike is enabling organizations to deploy an agentic SOC. 
• Learn more about Charlotte AI, the brain of the agentic SOC. 

Forward-Looking Statements

This blog includes descriptions of products, features, or functionality that may not be currently generally available. Any such references are provided for information purposes only. The development, release, and timing of all features or functionality remain at our sole discretion and may change without notice. These statements are subject to risks, uncertainties, and assumptions that may cause actual results to differ materially from those expressed or implied.  Customers should make purchasing decisions based only on services and features that are currently generally available. For more information on our existing offerings, please talk to your CrowdStrike representative.