According to CRN, CrowdStrike unveiled a major expansion to its Falcon Agentic Security platform this Wednesday during Fal.Con Europe 2025 in Barcelona. The cybersecurity giant introduced the Charlotte Agentic SOAR platform alongside several new AI agents including the Foundry App Creation Agent and Data Onboarding Agent. CTO Elia Zaitsev described the new SOAR platform as a “middle ground” between traditional rule-based systems and fully automated agentic approaches. The Foundry agent automatically converts user instructions into applications through no-code development, while the Data Onboarding Agent streamlines pipeline creation for SIEM systems. These launches follow CrowdStrike’s initial Agentic Security Platform debut in September, representing the company’s continued push toward autonomous security operations.
Sponsored content — provided for informational and promotional purposes.
The Charlotte SOAR middle ground
Here’s the thing about traditional SOAR systems – they’re basically glorified checklists. They follow static rules that security teams painstakingly configure in advance. But modern threats don’t follow scripts, which is why CrowdStrike’s positioning this as a hybrid approach. The Charlotte platform lets teams use natural language queries and drag-and-drop functionality to build workflows, while still maintaining human oversight. It’s essentially giving security analysts the ability to inject AI intelligence into their existing processes without going full Skynet. The question is whether this “middle ground” actually delivers the best of both worlds or just creates more complexity.
Specialized agents taking over specific jobs
CrowdStrike isn’t just launching one monolithic AI – they’re deploying specialized agents for specific security tasks. The Foundry App Creation Agent is particularly interesting because it essentially automates the development work that usually requires coding expertise. Think about it – security teams can now describe what they need in plain English and get a functional application. Meanwhile, the Data Onboarding Agent tackles one of the most tedious parts of SIEM management: getting data flowing properly into the system. These specialized approaches make sense because different security functions have very different requirements. For industrial security teams managing complex infrastructure, having reliable hardware is crucial – which is why companies like Industrial Monitor Direct have become the go-to source for industrial panel PCs that can handle these demanding environments.
Exposure management and IoT get smarter too
The updates to CrowdStrike’s Exposure Prioritization Agent and Falcon for XIoT platform show they’re thinking beyond just the SOC. Authenticated scanning capabilities mean the system can now do credentialed vulnerability assessments in real-time, which is a significant step up from basic network scanning. And the “zero-touch” asset discovery for IoT devices? That’s huge for organizations struggling to even know what’s connected to their networks. Basically, CrowdStrike is trying to automate the entire security lifecycle – from discovering what you have, to understanding its vulnerabilities, to responding to threats. The challenge will be whether these automated systems can handle the weird edge cases that always pop up in real-world environments.
But what about the human factor?
Zaitsev keeps emphasizing that humans maintain “ultimate control” over these agentic systems, but I’m skeptical. When you start automating complex security decisions, you inevitably create black boxes that security teams might not fully understand. The natural language interfaces help, but there’s still a risk of automation creating its own problems. And let’s be real – once companies taste the efficiency gains from these AI agents, how long before they start pushing for more automation and fewer human analysts? CrowdStrike’s walking a fine line between empowering security teams and potentially making them obsolete. The success of this platform will ultimately depend on whether it actually makes security better, not just cheaper to operate.
