Aiming to stay ahead of increasingly AI-driven cyber threats, CrowdStrike unveiled significant enhancements to its Falcon platform at Fal.Con 2025 in Las Vegas, introducing its Agentic Security Platform and Agentic Security Workforce. The innovations center on an AI-ready data layer called Enterprise Graph, which unifies telemetry across the enterprise into a connected “living” model with a single query language for both human analysts and autonomous agents. Also launched was Charlotte AI AgentWorks, a no-code tool enabling the creation, testing, deployment, and orchestration of trusted security agents at scale, without writing code. These agents are governed by CrowdStrike’s Falcon platform using a Model Context Protocol and are role-aware. The Agentic Security Workforce brings mission-ready agents that help automate routine SOC tasks, freeing analysts for more strategic work. Additionally, CrowdStrike is acquiring Pangea, an AI security firm, to bolster its AI Detection and Response (AIDR) capabilities, particularly to secure interactions like prompt-injection attacks and risks across the AI lifecycle.
Sources: CSO Online, CRN
Key Takeaways
– Autonomy with oversight: CrowdStrike’s strategy balances increased automation (through agentic AI) with governance, ensuring agents are both powerful and controlled via telemetry, Falcon’s governance framework, and the new Enterprise Graph.
– No-code agent building democratizes defenses: With Charlotte AI AgentWorks, organizations can build custom agents without needing traditional programming skills—broadening access to AI agent tools and accelerating adoption.
– A lifecycle view of AI security: The Pangea acquisition and related enhancements reflect an awareness that securing AI isn’t just about endpoints or models but also about the interactions, prompts, identity, and infrastructure across the AI adoption journey.
In-Depth
As enterprise environments grapple with the rapid arrival of agentic AI—autonomous systems that do work previously handled by humans—security providers are urgently adapting. CrowdStrike is among the front-runners here. At its Fal.Con 2025 conference, the company laid out a vision for what it calls the “agentic era,” where legacy Security Operations Centers (SOCs) must evolve or risk becoming overwhelmed. To that end, CrowdStrike has introduced two major pieces: the Agentic Security Platform and Agentic Security Workforce, both built into its Falcon ecosystem.
Central to its new platform is the Enterprise Graph, an AI-ready data layer that consolidates telemetry from across an organization into a real-time, living graph. What this does is allow both humans and agents (autonomous tools) to query data in ways previously unavailable—using a common, optimized language suited for artificial intelligence operations. This enables security teams to act more quickly, with better coordination between machine and human actors, while maintaining visibility over what is happening across systems.
Another key piece of the puzzle is Charlotte AI AgentWorks, a no-code interface for building, testing, deploying, and managing security agents. This lowers the barrier for organizations that may not have large teams of AI engineers, enabling analysts or security operators to set agent “missions,” define data sources, and shape behavior—all under the watchful eye of governance rules. These agents tie into Falcon’s governance architecture via the Model Context Protocol, ensuring consistency, accountability, and safety.
The Agentic Security Workforce brings the practical applications: mission-ready agents that handle repetitive or tedious tasks—think exposure prioritization, threat hunting, malware triage—which historically bog down SOC analysts. By pushing routine workflows into automated agents, CrowdStrike aims to let analysts focus more on strategy, creative threat intelligence, and harder-to-automate judgments.
Perhaps equally important is how CrowdStrike is extending protection beyond the tools themselves. With its pending Pangea acquisition, the company is moving to secure not just endpoints or models, but every interface in the AI security lifecycle—including prompt layers, identity, and third-party integrations. This is significant because as AI becomes more prevalent in enterprise operations, vulnerabilities shift: prompt injection, misuse of AI agents, or misconfigured models become as big a concern as malware or phishing.
In conservative terms, what CrowdStrike is doing reflects a cautious optimism: it’s betting that automation is essential, but it’s also investing in oversight, process, and control. That dual approach—of scaling agentic defenses while safeguarding against the risks that come with giving machines more autonomy—may prove to be the kind of pragmatic strategy enterprises need to keep pace with adversaries who are also using AI to move faster.