CrowdStrike is ushering in what executives call the “agentic era of cybersecurity” to create a new security model capable of responding in real time to what are becoming waves of cyberattacks that are now being launched by machines rather than individual cybercriminals.

Based on a raft of updates to the company’s cybersecurity portfolio that were revealed this week at the Fal.Con 2025 conference, the overall goal is to enable cybersecurity teams to effectively combat cyberattacks that are already starting to overwhelm their ability to effectively respond.

 and Elia Zaitsev, Chief Technology Officer, outlined how adversaries are weaponizing AI to collapse defenders’ response times, and how CrowdStrike’s Falcon platform is evolving to counter that shift. 

“Adversaries increasingly use AI to enhance and accelerate attacks and scale operations,” says Adam Meyers, head of counter adversary operations for CrowdStrike. “They’re applying generative AI to social engineering, reconnaissance, vulnerability research and malware development. They’re even targeting the AI tools and autonomous agents enterprises are beginning to adopt.” 

Threat Landscape: A Growing Adversary Ecosystem 

CrowdStrike research shows the number of tracked adversaries now exceeds 265, with more than 150 distinct malicious activity clusters identified. Meyers points to a 442% increase in voice phishing attempts, a surge in cloud intrusions up 136% year over year, and a record-fast breakout time of 51 seconds for lateral movement. 

“Eighty-one percent of interactive intrusions are now malware-free,” Meyers highlighted. “Attackers are leveraging legitimate credentials and living off the land. That means identity and data have become the new battlegrounds.” 

The Agentic Security Platform 

The centerpiece of the announcements is the Falcon Agentic Security Platform, designed to unify data, intelligence, agents and governance into what CrowdStrike describes as a “living, connected enterprise model.” 

At the heart of the platform is the Enterprise Graph, which unifies telemetry across the enterprise into a single, AI-ready data layer. It introduces a common query language built for AI, making every signal instantly actionable by both autonomous agents and human analysts. 

The platform also debuts Charlotte AI AgentWorks, a no-code environment that allows teams to build, test and orchestrate trusted security agents without writing code. Through the Operating Center, those agents collaborate securely using Model Context Protocol, ensuring Falcon-grade governance and safe interaction with third-party systems. 

The user interface adapts dynamically with role-specific workspaces and natural language querying, a feature CrowdStrike calls Dynamic UX. “This is about operationalizing AI at scale,” Zaitsev says. “By unifying data and intelligence with agentic capabilities, we can deliver the core elements of security in the AI era: quality of data, speed of response and precision of enforcement.” 

The Agentic Workforce 

To address the mounting pressure on security analysts, CrowdStrike introduces what it calls the Agentic Security Workforce, mission-ready agents embedded into Falcon modules that automate repetitive tasks and accelerate investigations. 

The first wave includes an Exposure Prioritization Agent, Malware Analysis Agent, Hunt Agent, and Search Analysis Agent, along with agents dedicated to correlation rule generation, data transformation and workflow automation in Falcon’s Next-Gen SIEM. 

Unlike traditional copilots, these agents are trained on millions of expert SOC decisions and equipped with reasoning guardrails. They can also collaborate securely with third-party agents through Charlotte AI’s governance layer. “This eliminates the drudgery,” said CrowdStrike CTO Elia Zaitsev. “Analysts can focus on strategy and high-impact cases, while agents take on the workflows better suited to machines.” 

Falcon for IT: Bridging Security and Operations 

CrowdStrike also turns its attention to the long-standing divide between security and IT patching. The new Falcon for IT Risk-based Patching integrates directly with Falcon Exposure Management to identify and remediate critical vulnerabilities without relying on separate tools or duplicate agents. 

The solution prioritizes vulnerabilities based on real-world exploitation likelihood using ExPRT.AI scoring and CrowdStrike adversary intelligence. Patch Safety Scores and sensor intelligence help teams apply updates confidently, minimizing downtime. “What we’ve done is eliminate the gap between knowing where you’re exposed and actually fixing it,” Zaitsev says. “Security and IT now operate on a single workflow.” 

Threat AI: Intelligence for the Agentic Era 

CrowdStrike also debuts Threat AI, an agentic threat intelligence system that automates some of the most time-consuming intelligence workflows. Built into the Falcon Threat Intelligence and Hunting module, Threat AI includes mission-ready agents for malware analysis and continuous hunting. 

The Malware Analysis Agent performs reverse engineering, classification and attribution in seconds, even generating YARA rules on the fly. The Hunt Agent automates proactive searches across environments, surfacing adversary activity before it can escalate. 

CrowdStrike is also releasing a Threat Intelligence Browser Extension, embedding adversary intelligence directly into external research workflows. “This frees defenders to focus where human judgment matters most,” Meyers says. “It puts analysts firmly in control while agents take on the heavy lifting.” 

Identity Security: Beyond IAM and PAM 

Recognizing the growing importance of identity, CrowdStrike is updating Falcon Next-Gen Identity Security, designed to secure every identity,  human, machine and AI agent, across on-premises, cloud and SaaS environments. 

Among the new features: 

• FalconID,  phishing-resistant, passwordless MFA built on FIDO2 standards and powered by Falcon’s real-time telemetry. 

• Enhanced Falcon Privileged Access, which simplifies Active Directory and Entra ID configurations, automates access grants and revocations, and improves visibility into privilege patterns. 

• Identity-Driven Case Management, which correlates detections into Falcon Next-Gen SIEM cases with full context for faster investigation. 

“IAM and PAM manage access, but they don’t stop adversaries,” Zaitsev says. “We’re closing the critical gaps where attackers escalate privileges and move laterally.” 

Data Protection for the AI Era 

Finally, CrowdStrike bolsters its data protection with new innovations designed for how information moves in modern enterprises. 

Falcon Data Protection addresses blind spots left by legacy data loss prevention (DLP) and cloud posture management tools. Features include: 

• GenAI Data Protection, extending controls beyond browsers into local applications and runtime environments. 

• AI Discovery, a Falcon Exposure Management innovation complementing existing cloud AI discovery and Falcon Data Protection controls, detecting shadow AI tools and packages across the enterprise. 

• AI-powered Data Classification accurately identifies sensitive data types. 

• An Insider Threat Dashboard with unified detections to speed response. 

According to CrowdStrike, new innovations boost detection coverage tenfold and secure the data flows that fuel generative AI applications. 

A Platform for the Future 

With adversaries scaling attacks through AI, CrowdStrike positions its innovations as the foundation for a new security operating model. The Falcon platform integrates intelligence, identity, IT and data protection into a single AI-native environment designed for the agentic era. 

“We are delivering the future of analyst-agent collaboration,” Zaitsev says. “This is not about replacing people, it’s about empowering them with trusted agents that defend at machine speed, with governance and control built in.” 

At Fal.Con 2025, CrowdStrike executives emphasize a single message: In an era defined by AI-driven adversaries, defenders must meet speed with speed, and intelligence with intelligence.