Menu
Become a Client
 
Fernando Montenegro

CrowdStrike Fal.Con 2025: A Vision and a Path to the Human-Led Agentic SOC

CrowdStrike fal.con 2025: A Vision and a Path to the Human-Led Agentic SOC

Analyst(s): Fernando Montenegro
Publication Date: October 3, 2025

What is Covered in this Article:

  • A summary of the main announcements from CrowdStrike’s Fal.Con 2025 user conference, including its recent acquisition of Onum and brand-new acquisition of Pangea.
  • An analysis of the company’s announcements across a three-pronged AI framework: using AI for security, providing security for AI, and defending against AI-enabled threats.
  • The introduction of the “agentic SOC” vision and its foundational components, such as the new agentic security workforce.
  • Futurum Group’s perspective on the company’s strategic positioning, its “data moat,” and the market reception to its ambitious roadmap.
  • Key questions for the coming year regarding customer adoption, the competitive landscape, and the evolution of the partner ecosystem.

The Event – Major Themes & Vendor Moves: CrowdStrike recently held its flagship Fal.Con Americas conference in Las Vegas, a user-centric event that attracted approximately 8,000 customers and partners. A European edition is scheduled for Barcelona in November. The three-day event, featuring over 300 sessions and a bustling expo hall with 130 sponsors, was dominated by a single, overarching theme: the company is going all-in on AI. It is doing so in a way that touches all three key areas that we track as part of the “AI and Security” conversation:

  • AI for Security – where does AI play a part in improving security processes, technologies, etc?
  • Security for AI: How does the organization deploy security controls, methods, knowledge, etc., to protect its AI deployments?
  • Security “from/against” AI – how organizations should consider reacting to AI-enabled adversaries.

The core of CrowdStrike’s “AI for security” narrative is a vision for the “agentic SOC,” a framework designed to automate security tasks, with a strong message of having the (human) analyst as an orchestrator of agentic workloads. Keynotes highlighted the shrinking breakout times for attackers and the increasing use of identity-based attacks and hands-on keyboard techniques. In response, CrowdStrike is building on its Charlotte AI capabilities to power what it calls an “agentic security workforce.” This currently consists of seven specialized AI agents designed for tasks such as threat hunting and malware analysis. A significant development in this area is Charlotte AI Agent Works, an offering that allows customers to build their own custom AI agents on the Falcon platform.

Foundational platform components support this AI-driven vision. The company reiterated the importance of its single, lightweight endpoint agent, the primary sensor that feeds the entire platform. To handle the massive influx of data required for its AI ambitions, CrowdStrike recently announced the acquisition of Onum, a startup focused on real-time data ingestion and filtering at the edge. Onum featured prominently on the messaging from CrowdStrike, including as a key component for its new “Enterprise Graph”—a unified data layer—has the necessary context for human analysts and AI agents.

The second central pillar, “Security for AI,” addresses the emerging need to protect customers’ own AI models and large language models (LLMs). Here, CrowdStrike made an on-stage announcement of that it is acquiring Pangea, an AI security startup whose offering, among other things, helps inspect AI prompts and govern agent activity. This move signals CrowdStrike’s intent to provide guardrails for the enterprise adoption of generative AI, positioning the Falcon platform as a central tool for both security operations and AI governance.

For the third aspect – security “against” AI – the company highlighted how its combined elements such as threat research, MDR services, incident response services, and the telemetry from the overall platform have been surfacing changes in attacker behaviour, such as a massive rise in the number of voice-based phishing attempts, use of generative AI for “living off the land” techniques, and more.

Beyond the flurry of AI-related content, CrowdStrike also announced numerous improvements to the many underlying components of its platform, broadly focused on simplifying operations and expanding core capabilities. A unified user experience is being advanced through new wizards, consolidated dashboards like the one for identity security, and AI-powered parsers to ease data ingestion. Key security controls were extended across platforms, with custom IOA support for macOS/Linux and new Just-in-Time rules for identity. The platform’s data strategy has also evolved with the announcement of Federated Search. Finally, identity security was hardened with FalconPass for phishing-resistant MFA and expanded DeviceTrust for EntraID, ensuring device posture can be a condition for access.

CrowdStrike Fal.Con 2025: A Vision and a Path to the Human-Led Agentic SOC

Analyst Take: One shouldn’t be surprised by the focus on AI when “AI” was literally the first word that kicked off the initial keynote. What followed was a well-structured, clear, if highly ambitious, roadmap for the future of security operations. Picking up on how CEO George Kurtz used the example of driving autonomy, we posit that the “agentic SOC” is a desirable destination, but the road towards that is likely bumpy. It will most likely require some course corrections along the way.

CrowdStrike demonstrated that it is tackling the usage of AI for security in a thoughtful, orchestrated manner, with Charlotte AI as the framework around which it adds more capabilities with its new agents. Similar to how other vendors are approaching it, this pattern of having vendor-created agentic workflows is a good direction for initial usage of agents in security operations. This allows vendors to control the non-deterministic aspect of generative AI engines (LLMs) while infusing it with domain knowledge.

CrowdStrike rightfully focuses on this aspect of domain knowledge. The company has a strong position in endpoint security, incident response, and increasingly in other areas, and it has articulated how it has a strong “moat” via a combination of telemetry, managed services, threat intelligence, and professional services.

The underlying data/technology platform is quite literally the foundation of a modern security platform, and here CrowdStrike was eager to demonstrate how the Onum acquisition will work alongside its existing data lakes, knowledge graphs, and more to lead towards a more efficient data ingestion and processing environment.

The announcement of the Pangea acquisition on stage was interesting, as the deal fits into the recent broader trend of established security vendors gearing up for the AI security rush. CrowdStrike joins the ranks of Cisco, Palo Alto Networks, SentinelOne, Check Point, F5, Snyk, and others with an AI-focused acquisition. We expect that Pangea’s capabilities around securing AI usage for both “workforce” use cases – how people use AI – and “workload” use cases – the protection of AI usage in systems – will be added to different modules in the Falcon platform.

A few additional observations worth noting:

  • The 2024 incident was a key moment for the company. When we discussed it with conversations with security executives from customers, they were uniform in their appreciation of how the company handled the aftermath.
  • CrowdStrike clearly communicated how it remains focused “on its mission” of stopping breaches and how the technology it is building is centered around giving the analyst an important role as “orchestrator” of multiple agentic capabilities. This is likely to resonate well with multiple stakeholders at a time when organizations are tackling the role of AI vis-à-vis human resources.
  • Lastly, the partner ecosystem that CrowdStrike has built was on full display at its expo hall, which was notably “energetic” throughout the conference. If one excuses the obvious and expected absence of more direct competitors, the hall was at times indistinguishable from other key industry events, highlighting the breadth of the ecosystem.

What to Watch:

Taking into account what has been presented and broader trends in the market, a few key questions for the coming year include:

  • The agentic SOC is a great concept, but how will it actually be rolled out within organizations and work day-to-day? We’ll be watching to see how the cooperation between AI agents and human analysts really develops and whether it builds the trust needed for adoption.
  • How does CrowdStrike’s focused approach to its platform hold up against not only direct competitors like Palo Alto Networks, SentinelOne, Trend Micro, and others but also tech vendors like Microsoft, Cisco, and Google, who bring their own massive AI advantages to the table alongside their robust security portfolios?
  • How will the company navigate this “co-opetition” to maintain trust and keep the Falcon platform at the center of a consolidating security landscape?

The main event page for Fal.Con Americas is here.

Declaration of Generative AI and AI-assisted Technologies in the Writing Process: While preparing this work, the author used AI capabilities from both Google Gemini and Futurum’s Intelligence Platform to summarize source material and assist with general editing. After using these capabilities, the author reviewed and edited the content as needed. The author takes full responsibility for the publication’s content.

Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.

Other insights from Futurum:

How Should We Consider Agentic AI Workflows in Cybersecurity? – Report Summary

Security Summer Camp: Black Hat 2025, Def Con, And Others

Splunk .conf25: Forging a Data Foundation for Cisco’s AgenticOps Vision

Author Information

Fernando Montenegro

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.

Related Insights
AWS re:Invent 2025: Wrestling Back AI Leadership
December 5, 2025
 

AWS re:Invent 2025: Wrestling Back AI Leadership

Futurum analysts share their insights on how AWS re:Invent 2025 redefines the cloud giant as an AI manufacturer. We analyze Nova models, Trainium silicon, and AI Factories as AWS moves...
Mitch Ashley
Fernando Montenegro
Brad Shimmin
Alex Smith
 & 
Pure Storage Q3 FY 2026 Results Revenue Up 16% YoY, Guidance Raised
December 4, 2025
 

Pure Storage Q3 FY 2026 Results: Revenue Up 16% YoY, Guidance Raised

Futurum Research analyzes Pure Storage’s Q3 FY 2026 results, highlighting enterprise platform adoption, hyperscaler momentum, and Portworx-led modernization....
Futurum Research
NetApp Q2 FY 2026 Earnings Mix Shift Lifts Margins, AI Momentum Builds
November 26, 2025
 

NetApp Q2 FY 2026 Earnings: Mix Shift Lifts Margins, AI Momentum Builds

Futurum Research analyzes NetApp’s Q2 FY 2026 results, highlighting AI data platform traction, first-party cloud storage growth, and all-flash mix that lifted margins, alongside raised FY EPS and margin guidance....
Futurum Research
Commvault’s Strategic Shift Redefining Resilience as a Strategic Imperative
November 25, 2025
 

Commvault’s Strategic Shift: Redefining Resilience as a Strategic Imperative

Fernando Montenegro, VP and Practice Lead at Futurum, shares insights on Commvault Shift 2025, highlighting the new Cloud Unity platform and the strategic shift to ResOps to unify IT, security,...
Fernando Montenegro
Microsoft Ignite 2025 AI, Agent 365, Anthropic on Azure & Security Advances
November 21, 2025
 

Microsoft Ignite 2025: AI, Agent 365, Anthropic on Azure & Security Advances

Analysts Nick Patience, Mitch Ashley, Fernando Montenegro, and Keith Kirkpatrick share insights on Microsoft's shift to agent-centric architecture, cementing the role of Agent 365 as the operational control plane and...
Mitch Ashley
Fernando Montenegro
 & 
Cisco Q1 FY 2026 AI Demand Lifts Outlook and Orders
November 14, 2025
 

Cisco Q1 FY 2026: AI Demand Lifts Outlook and Orders

Futurum Research analyzes Cisco’s Q1 FY 2026 results, highlighting AI infrastructure demand, campus refresh momentum, and a cloud-first security transition that lifts recurring revenue visibility into the second half of...
Futurum Research

Welcome to The Futurum Group

Login to The Futurum Group
Login to Futurum Intelligence Platform
Login to Futurum Labs Research Library

Book a Demo

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.