Become a Client
 
Fernando Montenegro

CrowdStrike Fal.Con 2025: A Vision and a Path to the Human-Led Agentic SOC

CrowdStrike fal.con 2025: A Vision and a Path to the Human-Led Agentic SOC

Analyst(s): Fernando Montenegro
Publication Date: October 3, 2025

What is Covered in this Article:

  • A summary of the main announcements from CrowdStrike’s Fal.Con 2025 user conference, including its recent acquisition of Onum and brand-new acquisition of Pangea.
  • An analysis of the company’s announcements across a three-pronged AI framework: using AI for security, providing security for AI, and defending against AI-enabled threats.
  • The introduction of the “agentic SOC” vision and its foundational components, such as the new agentic security workforce.
  • Futurum Group’s perspective on the company’s strategic positioning, its “data moat,” and the market reception to its ambitious roadmap.
  • Key questions for the coming year regarding customer adoption, the competitive landscape, and the evolution of the partner ecosystem.

The Event – Major Themes & Vendor Moves: CrowdStrike recently held its flagship Fal.Con Americas conference in Las Vegas, a user-centric event that attracted approximately 8,000 customers and partners. A European edition is scheduled for Barcelona in November. The three-day event, featuring over 300 sessions and a bustling expo hall with 130 sponsors, was dominated by a single, overarching theme: the company is going all-in on AI. It is doing so in a way that touches all three key areas that we track as part of the “AI and Security” conversation:

  • AI for Security – where does AI play a part in improving security processes, technologies, etc?
  • Security for AI: How does the organization deploy security controls, methods, knowledge, etc., to protect its AI deployments?
  • Security “from/against” AI – how organizations should consider reacting to AI-enabled adversaries.

The core of CrowdStrike’s “AI for security” narrative is a vision for the “agentic SOC,” a framework designed to automate security tasks, with a strong message of having the (human) analyst as an orchestrator of agentic workloads. Keynotes highlighted the shrinking breakout times for attackers and the increasing use of identity-based attacks and hands-on keyboard techniques. In response, CrowdStrike is building on its Charlotte AI capabilities to power what it calls an “agentic security workforce.” This currently consists of seven specialized AI agents designed for tasks such as threat hunting and malware analysis. A significant development in this area is Charlotte AI Agent Works, an offering that allows customers to build their own custom AI agents on the Falcon platform.

Foundational platform components support this AI-driven vision. The company reiterated the importance of its single, lightweight endpoint agent, the primary sensor that feeds the entire platform. To handle the massive influx of data required for its AI ambitions, CrowdStrike recently announced the acquisition of Onum, a startup focused on real-time data ingestion and filtering at the edge. Onum featured prominently on the messaging from CrowdStrike, including as a key component for its new “Enterprise Graph”—a unified data layer—has the necessary context for human analysts and AI agents.

The second central pillar, “Security for AI,” addresses the emerging need to protect customers’ own AI models and large language models (LLMs). Here, CrowdStrike made an on-stage announcement of that it is acquiring Pangea, an AI security startup whose offering, among other things, helps inspect AI prompts and govern agent activity. This move signals CrowdStrike’s intent to provide guardrails for the enterprise adoption of generative AI, positioning the Falcon platform as a central tool for both security operations and AI governance.

For the third aspect – security “against” AI – the company highlighted how its combined elements such as threat research, MDR services, incident response services, and the telemetry from the overall platform have been surfacing changes in attacker behaviour, such as a massive rise in the number of voice-based phishing attempts, use of generative AI for “living off the land” techniques, and more.

Beyond the flurry of AI-related content, CrowdStrike also announced numerous improvements to the many underlying components of its platform, broadly focused on simplifying operations and expanding core capabilities. A unified user experience is being advanced through new wizards, consolidated dashboards like the one for identity security, and AI-powered parsers to ease data ingestion. Key security controls were extended across platforms, with custom IOA support for macOS/Linux and new Just-in-Time rules for identity. The platform’s data strategy has also evolved with the announcement of Federated Search. Finally, identity security was hardened with FalconPass for phishing-resistant MFA and expanded DeviceTrust for EntraID, ensuring device posture can be a condition for access.

CrowdStrike Fal.Con 2025: A Vision and a Path to the Human-Led Agentic SOC

Analyst Take: One shouldn’t be surprised by the focus on AI when “AI” was literally the first word that kicked off the initial keynote. What followed was a well-structured, clear, if highly ambitious, roadmap for the future of security operations. Picking up on how CEO George Kurtz used the example of driving autonomy, we posit that the “agentic SOC” is a desirable destination, but the road towards that is likely bumpy. It will most likely require some course corrections along the way.

CrowdStrike demonstrated that it is tackling the usage of AI for security in a thoughtful, orchestrated manner, with Charlotte AI as the framework around which it adds more capabilities with its new agents. Similar to how other vendors are approaching it, this pattern of having vendor-created agentic workflows is a good direction for initial usage of agents in security operations. This allows vendors to control the non-deterministic aspect of generative AI engines (LLMs) while infusing it with domain knowledge.

CrowdStrike rightfully focuses on this aspect of domain knowledge. The company has a strong position in endpoint security, incident response, and increasingly in other areas, and it has articulated how it has a strong “moat” via a combination of telemetry, managed services, threat intelligence, and professional services.

The underlying data/technology platform is quite literally the foundation of a modern security platform, and here CrowdStrike was eager to demonstrate how the Onum acquisition will work alongside its existing data lakes, knowledge graphs, and more to lead towards a more efficient data ingestion and processing environment.

The announcement of the Pangea acquisition on stage was interesting, as the deal fits into the recent broader trend of established security vendors gearing up for the AI security rush. CrowdStrike joins the ranks of Cisco, Palo Alto Networks, SentinelOne, Check Point, F5, Snyk, and others with an AI-focused acquisition. We expect that Pangea’s capabilities around securing AI usage for both “workforce” use cases – how people use AI – and “workload” use cases – the protection of AI usage in systems – will be added to different modules in the Falcon platform.

A few additional observations worth noting:

  • The 2024 incident was a key moment for the company. When we discussed it with conversations with security executives from customers, they were uniform in their appreciation of how the company handled the aftermath.
  • CrowdStrike clearly communicated how it remains focused “on its mission” of stopping breaches and how the technology it is building is centered around giving the analyst an important role as “orchestrator” of multiple agentic capabilities. This is likely to resonate well with multiple stakeholders at a time when organizations are tackling the role of AI vis-à-vis human resources.
  • Lastly, the partner ecosystem that CrowdStrike has built was on full display at its expo hall, which was notably “energetic” throughout the conference. If one excuses the obvious and expected absence of more direct competitors, the hall was at times indistinguishable from other key industry events, highlighting the breadth of the ecosystem.

What to Watch:

Taking into account what has been presented and broader trends in the market, a few key questions for the coming year include:

  • The agentic SOC is a great concept, but how will it actually be rolled out within organizations and work day-to-day? We’ll be watching to see how the cooperation between AI agents and human analysts really develops and whether it builds the trust needed for adoption.
  • How does CrowdStrike’s focused approach to its platform hold up against not only direct competitors like Palo Alto Networks, SentinelOne, Trend Micro, and others but also tech vendors like Microsoft, Cisco, and Google, who bring their own massive AI advantages to the table alongside their robust security portfolios?
  • How will the company navigate this “co-opetition” to maintain trust and keep the Falcon platform at the center of a consolidating security landscape?

The main event page for Fal.Con Americas is here.

Declaration of Generative AI and AI-assisted Technologies in the Writing Process: While preparing this work, the author used AI capabilities from both Google Gemini and Futurum’s Intelligence Platform to summarize source material and assist with general editing. After using these capabilities, the author reviewed and edited the content as needed. The author takes full responsibility for the publication’s content.

Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.

Other insights from Futurum:

How Should We Consider Agentic AI Workflows in Cybersecurity? – Report Summary

Security Summer Camp: Black Hat 2025, Def Con, And Others

Splunk .conf25: Forging a Data Foundation for Cisco’s AgenticOps Vision

Author Information

Fernando Montenegro

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.

Related Insights
The Hard(er) Challenge in Agent Governance Is Authorization
June 25, 2026

The Hard(er) Challenge in Agent Governance Is Authorization

Fernando Montenegro, VP at Futurum Group, argues that the launch of the Agent Control Standard does not close the agent governance gap, and that "shrinkage," not universal coverage, is the...
Fernando Montenegro
Can Cisco Widen Splunk’s Agentic SOC Capabilities With WideField
June 25, 2026
 

Can Cisco Widen Splunk’s Agentic SOC Capabilities With WideField?

Fernando Montenegro, VP at Futurum, examines Cisco's planned acquisition of WideField Security and how deeper identity and session intelligence could strengthen Agentic SOC capabilities as enterprises deploy more AI agents...
Fernando Montenegro
HPE Discover 2026: A Coherent AI Story That Now Has to Convert
June 24, 2026
 

HPE Discover 2026: A Coherent AI Story That Now Has to Convert

Fernando Montenegro and Tom Hollingsworth analyze HPE Discover 2026, where HPE built a networking-centered, full-stack AI story and now must convert that breadth into spending momentum and a security story...
Fernando Montenegro
Tom Hollingsworth
 & 
Can Databricks’ Security Upgrades Finally Unify AI Innovation and Compliance at Scale?
June 19, 2026
 

Can Databricks’ Security Upgrades Finally Unify AI Innovation and Compliance at Scale?

Databricks announces Automatic Identity Management for Entra ID and Okta, removing compliance bottlenecks for regulated industries. New security enhancements enable zero-trust access across all major clouds....
FuturumAI
Zscaler Bets on Agentic AI Security at Zenith Live 2026
June 12, 2026
 

Zscaler Bets on Agentic AI Security at Zenith Live 2026

Fernando Montenegro, VP at Futurum, analyzes Zscaler's Zenith Live 2026 platform announcements spanning agentic AI security and Zero Trust SASE, in a market where every major vendor is converging on...
Fernando Montenegro
CrowdStrike Falcon Aims to See Inside the AI Factory
June 9, 2026
 

CrowdStrike Falcon Aims to See Inside the AI Factory

Fernando Montenegro, VP at Futurum, analyzes CrowdStrike's integration of NVIDIA DOCA Argus telemetry into Falcon Next-Gen SIEM and what it means for AI factory security....
Fernando Montenegro

Welcome to The Futurum Group

Login to The Futurum Group
Login to Futurum Intelligence Platform
Login to Futurum Labs Research Library

Book a Demo

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.