CrowdStrike is signaling a major shift in how security operations centers work, unveiling what it calls the agentic SOC. The approach leans into the use AI agents to handle routine security tasks while humans stay in charge.
At its Fal.Con Europe event in Barcelona Wednesday, the company introduced three key pieces of that strategy. One is an orchestration layer called Charlotte Agentic SOAR that coordinates AI agents and analysts, a broader lineup of mission-ready agents trained on years of expert decisions, and new Falcon for XIoT capabilities for “zero-touch” discovery of connected devices in industrial environments.
CrowdStrike’s trifecta of news announcements is more than a product update. It’s a statement about where it believes cybersecurity operations are headed. By turning routine defensive work over to intelligent software agents and keeping humans in the driver’s seat, the company is betting that the future of defense will be a partnership and not a handoff between people and machines.
Shifting from Rules to Reason-based Results
The company says this model moves beyond static, rule-based playbooks toward software that can “reason”, make synthetic judgment calls from data, learn from expert behavior, and act under human guardrails.
“If agents are expected to think, reason, and act like an expert analyst, they must be trained on expert experience, not legacy playbooks,” CEO George Kurtz said in an earlier overview of the approach. His argument, CrowdStrike is trying to offload repetitive work to AI while letting human analysts steer overall strategy.
Charlotte Agentic SOAR acts as a kind of “traffic controller” for these new agents. Analysts can assign tasks and set limits, while the AI automates repetitive processes such as onboarding data, building apps, or prioritizing security patches. For industrial systems where network scans can interrupt operations, the new “zero-touch” technology identifies assets without installing hardware or running invasive probes.
An Industry in Flux
The move comes as competitors also accelerate their own AI-driven platforms. Palo Alto Networks offers Cortex XSIAM, which unifies detection, automation, and analytics, while Microsoft is embedding Security Copilot agents throughout its security products. Analysts estimate the global AI in cybersecurity market will grow from about $25 billion in 2024 to nearly $94 billion by 2030, according to Grand View Research. The expansion reflects a broader trend: organizations are using automation to close staffing gaps and accelerate response times.
Michael Sentonas, CrowdStrike’s president, said the strategy is designed to help human defenders match the pace of AI-accelerated attacks. “Security operations can’t match the speed of AI-accelerated adversaries with fixed workflows,” he said in Wednesday’s announcement.
“Charlotte Agentic SOAR brings reasoning and coordination to the SOC, where analysts orchestrate AI-powered agents in real time to stop breaches with speed, precision, and control,” he said.
Customers Bullish on Move
In the hours after the announcements, early reactions were measured but curious. Most public comments came from attendees and partners rather than analysts. On LinkedIn, event posts described Fal.Con Europe as “packed” and “forward-looking,” with interest in how the new agentic tools will work in practice. CrowdStrike’s own statements set the tone, highlighting “reasoning” automation and the continued role of human oversight.
Independent analyst reactions were still pending as of publication, but several earlier commentaries from fall 2025 offer useful perspective on the company’s direction.
In an October 2025 analysis, the Futurum Group described CrowdStrike’s vision of an AI-augmented SOC as “a desirable destination” but cautioned that “the road toward that is likely bumpy,” emphasizing that human analysts must remain “orchestrators of agentic workloads” rather than be replaced.
Forrester Research, in a September 2025 blog, made a similar point, calling analysts “the human conscience of cyber defense” even as AI takes over mechanical tasks.
And MSSP Alert, also writing in September, argued that CrowdStrike’s strategy is “about more than adding automation. It’s about redefining what analysts actually do”.
Among practitioners, reaction has been cautiously skeptical. A Reddit thread in r/CrowdStrike captured that mood:
“We’ll see how these agents stack up with workflows users have created already … if the query-writing agent can beat my query project, I’ll be impressed,” wrote a Reddit contributor last month.
That mix of optimism and restraint is to be expected. The industry often greets major AI shifts with excitement about the promise tempered with skepticism that demands to see real-world proof. Analysts expect more detailed assessments once SOC teams begin testing the new features in production environments.
