CrowdStrike’s Fall 2025 Release Defines the Agentic SOC and Secures the AI Era

We are living through the fourth industrial revolution: the age of AI. Just as with the steam, electricity, and the digital revolutions that preceded it, this leap forward requires a parallel leap in security. AI is transforming how businesses operate and how adversaries attack. They are moving at machine speed, compressing the defender’s response window from weeks to mere seconds.

That’s why we have evolved the CrowdStrike Falcon® platform with our Fall 2025 release: the Falcon agentic security platform. This is the foundation for the agentic SOC, where humans and AI agents work side by side. In this model, analysts are elevated from operators to orchestrators who command fleets of intelligent agents that reason, decide, act, and continuously learn. As part of the Fall 2025 release, we are also pioneering AI detection and response (AIDR) by extending the Falcon platform to protect how AI is built and used across the enterprise.

The Falcon Platform: Built for the Agentic Era

The Falcon agentic security platform, at the heart of the Fall 2025 release, has been architected for the agentic era. The platform unifies the security industry’s richest AI-ready data layer, most advanced intelligence, and a new generation of AI-powered agents, all under enterprise-grade governance.

These new innovations are the essential pillars that define the agentic security platform.

Enterprise Graph: The AI-Ready Data Layer

The new CrowdStrike Enterprise Graph® delivers the richest AI-ready data layer in the industry, unifying telemetry across endpoints, identities, cloud, SaaS, XIoT, and third-party tools into a living, connected model of the enterprise. With a single query language built for AI, every signal becomes instantly actionable by humans and agents alike.

What makes our approach different is CrowdStrike’s unique data moat, which includes trillions of telemetry events, over a decade of annotated threats from CrowdStrike Falcon® Complete Next-Gen MDR, and cutting-edge threat intelligence. This curated data will feed our AI agents and models to give defenders an advantage adversaries can’t replicate. 

Charlotte AI AgentWorks: Build, Test, and Orchestrate Agents

Charlotte AI AgentWorks empowers every security team to become an AI builder. Analysts can use plain language to create and customize agents that align with their workflows and policies,  no code required. Agents are designed, tested, and instantly deployed inside the Falcon platform with enterprise-grade security and governance built in. These mission-specific agents can automate investigations, reduce manual effort, and accelerate response.

See Charlotte AI AgentWorks in action:

A Dynamic User Experience Built for the Speed of AI 

We’ve redesigned the Falcon platform experience to provide a security console for the AI era. This new experience, powered by AI, delivers dynamic reporting and dashboards that adapt to each user, whether they’re an analyst, CISO, or executive. Instead of piecing together dashboards or writing custom queries, users can simply describe what they need — such as a “Compliance Drift” dashboard for cloud workloads — and the Falcon platform assembles it.

Check out the power of the new dynamic user experience:

Activating the Agentic SOC

CrowdStrike is powering the agentic SOC with a series of newly announced innovations. These will include seven new mission-ready AI agents for key security workflows, the industry’s first agentic threat intelligence system, and new capabilities across identity security, data protection, patch management, and managed detection and response (MDR). We are also excited to introduce Onum and Pangea to the Falcon platform.

Mission-Ready Agents: Your AI Teammates

The agentic SOC is defined by human-to-agent and multi-agent collaboration. Moreover, it’s about enabling agent orchestration across the out-of-the-box agents from CrowdStrike, to the agents that security teams will build with Charlotte AI AgentWorks. In the Fall 2025 release, CrowdStrike is introducing defenders to an agentic workforce that will reason, decide, and act, automating repetitive tasks with elite reasoning while always under analyst command. 

SOC teams are drowning in alerts, ticket queues, and repetitive investigations. The agentic security workforce changes that. As part of the Fall 2025 release, CrowdStrike announced that it will be powering the agentic SOC with seven new mission-ready agents for key security workflows and Charlotte AI innovations.

• Exposure Prioritization Agent: Shrinks vulnerability backlogs by automatically triaging based on real-world exploitation likelihood

• Malware Analysis Agent: Automatically analyzes suspicious files, connects them to known threats, and retroactively hunts past data to uncover new risks as intelligence evolves

• Hunt Agent: Continuously searches the environment for hidden threats identified by CrowdStrike’s threat intelligence, and delivers next steps to quickly act on the results 

• Correlation Rule Generation Agent: Recommends and tunes detection rules for advanced threats and insider risks.

• Search Analysis Agent: Summarizes and interprets query results in seconds, reducing hours of manual analysis

• Workflow Generation Agent: Converts natural language into automated workflows in CrowdStrike Falcon® Fusion SOAR with no coding required

• Data Transformation Agent: Normalizes and translates data across tools, eliminating errors that slow automation

See the Workflow Generation Agent in action:

Trained on millions of expert decisions from Falcon Complete Next-Gen MDR, these agents operate with the judgment of elite analysts, scaling expertise across every SOC. 

Additionally, we also announced Agentic Response Collaboration from Charlotte AI. This enables Charlotte AI to securely connect and collaborate with analysts and trusted third-party agents during investigations. 

Agentic AI is the new standard of cyber defense. That’s why, in addition to these advancements, we’ll soon be making Charlotte AI available to every eligible customer* with monthly credits, ensuring every defender has immediate access to turnkey agentic AI. From Day One, every team will be able to scale their impact, accelerate investigations, and reclaim the advantage over AI-powered adversaries.

With this first wave of agents and new Charlotte AI innovations, CrowdStrike is redefining the baseline for modern cybersecurity.

Threat AI: Intelligence That Reasons, Hunt, and Acts

Adversaries are using AI to their advantage. CrowdStrike is fighting back with Threat AI, the industry’s first agentic threat intelligence system of autonomous agents that reason across data, hunt for threats, and take action. The Malware Analysis Agent and the Hunt Agent, detailed above, are the first two agents that are part of Threat AI. 

See the Malware Analysis Agent in action:

See the Hunt Agent in action:

Threat AI automates complex workflows and surfaces actionable recommendations when analysts need them most. By compressing hours of research into seconds, Threat AI gives defenders intelligence they can act on instantly.

As part of this Threat AI release, CrowdStrike has also launched the Threat Intelligence Browser Extension. This Chrome extension integrates CrowdStrike’s adversary intelligence directly into the browser, giving analysts instant context as they conduct external research.

See the CrowdStrike Threat Intelligence Browser Extension in action:

Next-Gen Identity Security: Every Identity Secured

Identity is the front line of modern attacks, and now, of the agentic SOC. With CrowdStrike Falcon® Next-Gen Identity Security, CrowdStrike eliminates the blind spots left by identity and access management (IAM) and privileged access management (PAM) tools and extends protection across human, machine, and AI agent identities. Here are the identity-focused innovations announced in the Fall 2025 release:

• FalconID: Delivers phishing-resistant, passwordless multifactor authentication (MFA) built on FIDO2 standards to stop identity-based attacks like credential phishing and MFA fatigue

  • Demo video: Falcon Next-Gen Identity Security — Securing AI Agents and the Identities Behind Them

• Enhanced Privileged Access: Provides strengthened privilege access control with new automation, the ability to request privileges via Microsoft Teams, and expanded coverage to include granting and revoking privileges on local systems

  • Demo video: Falcon Privileged Access — Privilege Elevation via Microsoft Teams

• Identity-Driven Case Management: Automatically correlates detections across domains into unified cases in CrowdStrike Falcon® Next-Gen SIEM, accelerating investigations and removing manual activities

  • Demo video: Falcon Next-Gen Identity Security — Identity-Driven Case Management

CrowdStrike’s unified, proactive approach protects every identity and privilege, stopping adversaries cold. Learn more here.

Data Protection: Unified Real-time Data Protection across endpoint, cloud, and AI 

Legacy tools weren’t built for the modern data environment. Traditional data loss prevention (DLP) was designed for static endpoints and requires heavy agents, rigid rules, and constant tuning. Data security posture management (DSPM) tools provide static snapshots of where sensitive data resides but fail to see how it flows in real time. Neither set of tools can keep up with the use of GenAI or the constant motion of data across hybrid systems. 

CrowdStrike Falcon® Data Protection replaces these fragmented approaches with unified visibility, classification, and defense across endpoint, cloud, GenAI, and SaaS. New capabilities announced in our Fall 2025 release include:

• GenAI Data Protection: Extend coverage beyond browsers with real-time protection for sensitive data shared across browsers, local apps, shadow AI services, and cloud data flows. This prevents inadvertent exposure while blocking data leakage across both managed and unmanaged GenAI tools, wherever they’re used.

  • Demo video: Falcon Data Protection: Stop GenAI Data Leaks with Unified Data Protection

• Unified Detections: Boost detection coverage with new out-of-the-box detections for data loss, GenAI misuse, and insider threats across endpoint, cloud, GenAI, and SaaS environments. Investigations are streamlined, and alert fatigue reduced, with real-time alerts, cross-domain visibility, and automation through the Falcon platform.

• AI-Powered Classifications: Apply LLMs to accurately identify complex sensitive data types such as credentials, secrets, and passwords, reducing false positives and enhancing consistent data protection. 

• Insider Threat Dashboard: Correlate identity, human resources (HR), and data movement signals in a unified dashboard to detect and respond faster to malicious, negligent, or compromised insider activity.

  • Demo video: Falcon Data Protection — Insider Threat Dashboard

Learn more about our Falcon Data Protection announcements here.

Risk-Based Patching Prioritizes Key Issues

Traditional patching is broken: Siloed teams and fragmented workflows leave critical exposures unaddressed for far too long. It’s not enough for teams to simply respond faster — they need to get ahead of the risks adversaries exploit. 

Risk-based Patching with CrowdStrike Falcon® for IT unifies security and IT teams and redefines patch management as a core pillar of breach prevention. Powered by CrowdStrike’s ExPRT.AI and threat intelligence, it prioritizes the vulnerabilities adversaries are actively exploiting. Patch safety scores give teams the confidence to move fast without disrupting business-critical systems, while unified workflows replace tickets and tool sprawl with coordinated action at scale. With Risk-based Patching, organizations finally turn patching into prevention.

See Risk-based Patching in action:

Onum: High-Quality, Real-Time Data

Today’s SOCs are fighting 21st-century threats with 20th-century tools. Analysts are buried in noisy logs, pipelines choke on growing telemetry, and legacy approaches drive up costs while slowing response times. Simply put, the old security model can’t keep up. 

As part of our Fall 2025 release, we’re excited to introduce Onum to the Falcon platform. Onum delivers real-time speed and clarity to your data by streaming, filtering, and enriching massive volumes of security and IT telemetry in milliseconds. The result is faster detections, sharper insights, and lower storage overhead, with only high-value signals reaching your teams. By powering the Falcon platform with the right data at the right time, Onum enables teams to detect, investigate, and stop breaches at machine speed.

Watch how Onum turns noisy data into real-time security insights:

Humans at the Core: Falcon Complete Hub

Even as we accelerate with AI and agents, humans remain at the center of the SOC. Partnering with our experts is a key part of CrowdStrike’s model. To make it easier for customers to visualize and collaborate with our MDR team, the Fall 2025 release introduces the Falcon Complete Hub.

In an environment where minutes matter and attackers use advanced evasion tactics, security leaders need immediate access to actionable insights backed by real human expertise. Falcon Complete Next-Gen MDR has always delivered expert-led response, executive dashboards, and direct analyst communication. Now, Falcon Complete Hub unifies those proven capabilities into a single interface within the Falcon console, giving customers actionable visibility and prioritized actions to accelerate response. 

Securing the AI Attack Surface: AI Detection and Response 

AI is no longer just a tool — it’s a new attack surface. Every model, prompt, and AI agent represents a potential entry point for adversaries. AI agents look remarkably similar to humans: They have identities, workflows, and access to resources. They operate like superhumans, processing vast amounts of data at rapid speeds. That power makes them transformative for business but also an irresistible target for attackers.

This is why CrowdStrike is pioneering AI detection and response (AIDR). Just as we once defined endpoint detection and response to secure the endpoint era, we’re now extending the Falcon platform with the Pangea acquisition to secure the AI era. Together, the Falcon platform and Pangea deliver the industry’s first complete AI security solution to protect both how AI is built and how it is used across the enterprise. The Falcon platform will be able to:

• Block prompt injection attacks with unmatched speed and efficacy

• Stop risky AI use by governing conversations, detecting shadow AI, and enforcing enterprise compliance policies

• Secure AI in development and production with built-in guardrails, giving developers the tools they need to build secure AI agents and apps from Day One

See what Pangea can do in this demo video:

With AIDR, CrowdStrike provides unified visibility, governance, and protection across the full AI lifecycle, from model creation to agentic automation. Only CrowdStrike, with the Falcon platform securing the infrastructure and Pangea securing the interaction layer, can stop AI threats at every layer of the stack.

The Agentic Cybersecurity Era Is Here 

Machines don’t have accountability, don’t feel consequences, and won’t sit in front of boards of directors explaining their decisions. You are the human conscience of cyber defense — elevated, not replaced. The CrowdStrike Fall 2025 release delivers the foundation for that future with:

• Speed: Automating time-consuming tasks, shrinking investigation and response times

• Scale: AI teammates that multiply analyst capacity without multiplying headcount

• Confidence: Governed, explainable AI with enterprise-grade oversight

• Consolidation: One sensor, one console, and one platform to eliminate complexity and tool fatigue

Most importantly, it delivers a durable foundation for the future of cybersecurity. Whether it’s stopping adversaries who weaponize AI or securing the AI systems that drive innovation, CrowdStrike is leading the way.

Learn more about our marquee Fall 2025 releases and get the biggest moments from the cybersecurity event of the year at our Best of Falcon 2025 virtual event.

* Applies to customers that have licensed CrowdStrike Falcon® Insight XDR, CrowdStrike Falcon® Exposure Management, CrowdStrike Falcon® Cloud Security, CrowdStrike Falcon® Adversary Intelligence, CrowdStrike Falcon® for IT, or CrowdStrike Falcon® Next-Gen SIEM. AI credit amounts do not increase with the number of qualifying modules. Additional credits are available for purchase.

Forward-Looking Statements

This blog includes descriptions of products, features, or functionality that may not be currently generally available. Any such references are provided for information purposes only. The development, release, and timing of all features or functionality remain at our sole discretion and may change without notice. These statements are subject to risks, uncertainties, and assumptions that may cause actual results to differ materially from those expressed or implied.  Customers should make purchasing decisions based only on services and features that are currently generally available. For more information on our existing offerings, please talk to your CrowdStrike representative.