The endpoint is the control plane for AI, where prompts begin and agents operate, but shadow AI expands risk across endpoint, SaaS, and cloud. See how adversaries use prompt injection to hijack AI agents and learn how to secure them across environments.

What you’ll do:

• Understand how shadow AI expands your attack surface
• See how prompt injection is used to compromise AI agents
• Learn how to detect and secure AI agents across environments
• Gain practical techniques you can apply immediately

Workshops are open to all Fal.Con attendees.

AI is accelerating attacks at the endpoint, from ransomware to malware-free intrusions. See how agentic endpoint security uses AI to detect subtle threats, automate investigation, and take real-time action. Learn how to stop AI-driven attacks while safely enabling AI across your environment.

What you’ll do:

• Understand how adversaries use AI to accelerate modern attacks
• See how AI detects behaviors and automates investigation in real time
• Learn how to contain threats faster with agentic workflows
• Gain practical experience securing and enabling AI across endpoints

Workshops are open to all Fal.Con attendees.

Today’s SOCs are slowed by fragmented data and manual workflows. Explore an Agentic SOC model to unify telemetry, automate detection and investigation, and orchestrate response. Follow a real attack lifecycle and learn how to move from reactive analysis to faster, outcome-driven security operations.

What you’ll do:

• Understand the Agentic SOC model (Onboard, Operationalize, Orchestrate)
• Learn how to unify data and reduce alert fatigue
• See how AI accelerates detection, investigation, and response
• Gain practical insight into orchestrating response across the attack lifecycle

Workshops are open to all Fal.Con attendees.

27 seconds is all it takes for an adversary to break in. Learn how to build, deploy, and orchestrate AI agents using Charlotte AI. Create agents with natural language, apply guardrails, and design workflows that automate investigation and response—combining machine speed with human oversight.

What you’ll do:

• Learn how to build AI agents using natural language in AgentWorks
• Understand how to apply guardrails and ground agents in real data
• See how agents coordinate tools, models, and workflows
• Design orchestrated response with human-in-the-loop approvals

Workshops are open to all Fal.Con attendees.

With valid credentials attackers don’t break in, they log in. Learn how to detect and stop identity-based threats across human, non-human, and AI identities. Explore how attackers exploit credentials and gain practical techniques to secure access and limit movement across cloud, SaaS, and on-prem environments.

What you’ll do:

• Understand how attackers exploit credentials and identity-based access
• Learn to detect threats across human, non-human, and AI identities
• See how adaptive access and AI-driven response reduce risk
• Gain practical techniques to limit lateral movement across environments

Workshops are open to all Fal.Con attendees.

Sensitive data is constantly in motion across endpoints, cloud, and GenAI tools, creating new risks. In this hands-on workshop, detect and stop real-world data exfiltration across hybrid environments. Learn how to gain visibility, enforce policy, and prevent leaks before sensitive data leaves your organization.

What you’ll do:

• Understand how data moves across endpoints, cloud, and GenAI tools
• Learn to detect and stop real-world exfiltration scenarios
• See how policy enforcement enables consistent protection
• Gain visibility and control to prevent data loss across environments

Workshops are open to all Fal.Con attendees.

Cloud risk evolves in real time. Learn how to connect misconfigurations to active threats across cloud environments. Use asset context and guided scenarios to identify, prioritize, and remediate risk before it escalates into an attack.

What you’ll do:

• Understand how misconfigurations lead to active cloud threats
• Learn to identify and prioritize risk across cloud environments
• Explore how asset context improves investigation and response
• Gain practical techniques to remediate risk before escalation

Workshops are open to all Fal.Con attendees.

See how autonomous exposure management helps you find vulnerabilities across managed, unmanaged, and unsupported assets. Then prioritize exposures with threat intelligence and move faster with targeted remediation and patching.

What you’ll do:

• Learn to identify exposures across managed, unmanaged, and network assets
• Understand how threat intelligence prioritizes real risk
• See how AI agents accelerate exposure analysis and decision-making
• Gain practical techniques to remediate vulnerabilities and close gaps

Workshops are open to all Fal.Con attendees.

Securing XIoT is critical as IT and OT environments converge. Learn how to identify assets, detect threats, and respond to attacks across industrial systems, IoT, and critical infrastructure. Gain practical skills to protect mission-critical operations without disrupting business continuity.

What you’ll do:

• Learn to identify and assess risk across XIoT and OT environments
• Understand how to detect threats targeting industrial and IoT systems
• See how to respond and contain threats without disrupting operations
• Gain practical skills to secure converged IT/OT environments

Workshops are open to all Fal.Con attendees.

Adversaries move fast, blending into legitimate activity. Investigate a live intrusion using threat intelligence, endpoint telemetry, and AI-driven insights. Learn how to connect signals, accelerate response, and disrupt attacks before they impact your organization.

What you’ll do:

• Learn how to operationalize threat intelligence in real time
• Investigate adversary behavior across endpoint and environment signals
• See how AI and automation accelerate detection and response
• Gain practical techniques to disrupt attacks before impact

Workshops are open to all Fal.Con attendees.

See how Falcon Secure Access delivers runtime browser security on any browser, any device, without added friction. Learn how to stop credential theft, data exfiltration, and web-based attacks as they happen across a distributed workforce.

What you’ll do:

• Understand browser-based threats and modern attack techniques
• Learn how to stop credential theft and data exfiltration in real time
• See how to extend Zero Trust to the browser
• Gain practical strategies to secure access across users and devices

Workshops are open to all Fal.Con attendees.

Put your incident response skills to the test. Step into a live red team vs. blue team simulation and respond to a multi-stage attack in real time. Investigate activity, pivot across telemetry, and execute precise actions to detect and stop adversaries across endpoint, identity, and cloud.

What you’ll do:

• Experience a live red team vs. blue team attack simulation
• Learn to investigate and pivot across endpoint, identity, and cloud telemetry
• Practice executing precise response actions in real time
• Improve incident response speed, accuracy, and overall effectiveness

Workshops are open to all Fal.Con attendees.

Adversaries like COZY BEAR evade detection by blending into legitimate activity. Work alongside MDR experts to uncover and stop identity-based attacks. Investigate real scenarios, correlate signals across domains, and learn how to detect, prioritize, and respond to stealthy threats in cloud environments.

What you’ll do:

• Learn how sophisticated adversaries evade traditional identity defenses
• Work alongside MDR experts to investigate real attack scenarios
• Correlate signals across domains to uncover stealthy activity
• Gain practical techniques to detect, prioritize, and stop identity threats

Workshops are open to all Fal.Con attendees.

AI-powered adversaries are evolving fast. Step into an agent-driven battlefield where attackers use autonomous agents across the full attack lifecycle. See how Charlotte AI detects, investigates, and stops threats in real time, shifting teams from reactive response to AI-driven, autonomous defense.

What you’ll do:

• Understand how adversaries use autonomous agents to execute attacks
• See how Charlotte AI detects and responds in real time
• Learn how cross-domain telemetry improves threat detection
• Gain insight into using AI to hunt, contain, and stop threats

Adversary Tradecraft workshops are open to all Fal.Con attendees.

Step into a high-stakes scavenger hunt to uncover insider threats tied to DPRK adversary FAMOUS CHOLLIMA. Analyze real tradecraft, follow timed clues, and investigate suspicious activity in the Falcon console by racing against peers to detect and stop insider threats before they escalate.

What you’ll do:

• Understand insider threat tactics used by FAMOUS CHOLLIMA
• Investigate suspicious activity using real-world tradecraft scenarios
• Practice detecting insider threats in an interactive environment
• Compete through timed challenges and a live leaderboard

Adversary Tradecraft workshops are open to all Fal.Con attendees.

Step into an interactive investigation to respond to a simulated cloud breach. Analyze real adversary tradecraft from groups like SCATTERED SPIDER, uncover tactics across compromised environments, and put your detection and response skills to the test in fast-moving, cloud-native scenarios.

What you’ll do:

• Understand cloud-focused adversary tactics and techniques
• Investigate a simulated breach across cloud environments
• Practice detecting and responding to real-world attack scenarios
• Strengthen cloud detection and response skills under pressure

Adversary Tradecraft workshops are open to all Fal.Con attendees.