Analyst(s): Fernando Montenegro
Publication Date: June 8, 2026

CrowdStrike is expanding Falcon’s visibility into AI infrastructure through a new integration with NVIDIA DOCA Argus. The move reflects a broader shift toward securing agentic AI environments at the data, storage, and infrastructure layers as autonomous AI systems create new operational and security risks.

What is Covered in This Article:

• CrowdStrike is integrating NVIDIA DOCA Argus telemetry into Falcon Next-Gen SIEM to improve visibility across AI factory environments.
• NVIDIA Vera BlueField-4 STX introduces in-silicon security capabilities designed to monitor and govern agentic AI workloads.
• The integration allows CrowdStrike to correlate infrastructure telemetry with endpoint, identity, cloud, and third-party security data already available within Falcon.
• CrowdStrike is among several cybersecurity vendors building on NVIDIA’s DOCA telemetry layer, highlighting the emergence of AI factory security as a broad platform competition.
• The announcement highlights growing competition among cybersecurity vendors to establish visibility and control within AI factory environments.

The News: CrowdStrike announced plans to integrate NVIDIA DOCA Argus telemetry into Falcon Next-Gen SIEM as part of an expanded collaboration with NVIDIA around AI factory security. The integration extends Falcon’s visibility into infrastructure-level activity generated by NVIDIA Vera BlueField-4 STX, allowing security teams to correlate agent behavior, data access patterns, network activity, and infrastructure telemetry with endpoint, identity, cloud, and third-party signals already unified within the Falcon platform.

The announcement follows NVIDIA’s introduction of Vera BlueField-4 STX, a storage processing platform designed for agentic AI environments. DOCA Vault, DOCA Argus, and DOCA Flow provide file access governance, agent activity visibility, and network isolation directly within BlueField-4 silicon, enabling organizations to enforce security controls and monitor activity within the AI data path.

CrowdStrike Falcon Aims to See Inside the AI Factory

Analyst Take: The perimeter has been expanding for years, from endpoints to cloud to identity. AI factories are pushing it further still, into infrastructure layers that most security architectures were never designed to see. CrowdStrike’s integration of NVIDIA DOCA Argus into Falcon Next-Gen SIEM is an early move into that territory, and it won’t be the last.

Infrastructure Telemetry Expands Falcon’s Visibility

DOCA Argus gives CrowdStrike visibility into agent behavior, data access patterns, and network interactions at the infrastructure layer, a layer that has historically generated little usable security signal. Combined with the endpoint, cloud, identity, and third-party telemetry already in Falcon, that creates a materially more complete picture of activity across AI environments.

Futurum’s 1H 2026 Cybersecurity Global Enterprise Decision Maker Survey found integration with existing tools ranked as the second-highest vendor selection factor at 29.3%. CrowdStrike’s ability to absorb and correlate these new signals is becoming a differentiating factor.

CrowdStrike Is Far Beyond Traditional Endpoint Security

CrowdStrike has spent the past several years aggressively expanding beyond its endpoint roots, building a platform that spans identity, cloud, data, and security operations. Its agentic SOC vision, central to Fal.Con 2025, positions Charlotte AI and the broader Falcon platform as the operational backbone for AI-driven security workflows.

The DOCA Argus integration fits that trajectory. AI factories represent a new environment that needs to be instrumented, and Falcon Next-Gen SIEM is the natural destination for that telemetry within CrowdStrike’s architecture. The question is less whether CrowdStrike should be doing this and more whether the infrastructure signals DOCA Argus generates will prove rich enough to materially improve detection and response outcomes in practice.

The Competitive Field Is Taking Shape

CrowdStrike is not alone in recognizing the opportunity. Palo Alto Networks, Cisco, Fortinet, Zscaler, and others are all building on the same DOCA telemetry layer, each emphasizing different outcomes. Palo Alto Networks is the most direct comparison, pairing its Cortex XSIAM integration with Prisma AIRS and hardware-level enforcement mechanisms on BlueField infrastructure, a broader governance posture than CrowdStrike’s visibility-and-correlation approach.

The more interesting question is how differentiation plays out when the underlying telemetry source is common to all of them. Collecting DOCA signals is quickly becoming table stakes. What separates vendors is how they operationalize those signals within their platforms, whether through detection fidelity, response automation, identity context, or integration depth with the broader security stack.

AI Factory Security Is Becoming A Platform Competition

NVIDIA is effectively creating a common telemetry layer through DOCA Argus while allowing ecosystem partners to build differentiated capabilities on top of it. That shifts competition away from simply collecting infrastructure signals and toward how vendors operationalize them within their existing platforms.

The more realistic near-term outcome is less about head-to-head platform battles and more about which vendors can translate raw DOCA signals into workflows that security teams actually use. Working directly with infrastructure telemetry requires expertise and tooling integration that most enterprises will look to their security vendors to provide. That makes operational depth, not telemetry access, the real differentiator.

What to Watch:

• Will infrastructure telemetry become a required layer of AI security? Most enterprises today rely on endpoint, cloud, and network monitoring. Whether AI factory infrastructure generates signals rich enough to justify a new monitoring layer remains unproven.
• Can CrowdStrike turn DOCA signals into better detections? Ingesting telemetry is the easy part. The harder question is whether Falcon can convert infrastructure-level signals into higher-confidence detections that meaningfully reduce response times.
• Will NVIDIA’s 1,000x detection speed claim hold in production? The benchmark compares against existing agentless runtime approaches. STX-based platforms aren’t expected until the second half of 2026, so real-world validation is still ahead.
• How will enterprises compare vendors building on the same telemetry layer? With DOCA Argus available across the ecosystem, differentiation will come down to detection fidelity, response automation, and governance depth rather than data access.
• Will security vendors become the primary interface for AI factory telemetry? Vendors that surface actionable insights within familiar operational workflows are better positioned than those expecting enterprises to work directly with raw infrastructure signals.

See the complete announcement on CrowdStrike’s integration of NVIDIA DOCA Argus telemetry into Falcon Next-Gen SIEM on the CrowdStrike website.

Declaration of generative AI and AI-assisted technologies in the writing process: This content has been generated with the support of artificial intelligence technologies. Due to the fast pace of content creation and the continuous evolution of data and information, The Futurum Group and its analysts strive to ensure the accuracy and factual integrity of the information presented. However, the opinions and interpretations expressed in this content reflect those of the individual author/analyst. The Futurum Group makes no guarantees regarding the completeness, accuracy, or reliability of any information contained herein. Readers are encouraged to verify facts independently and consult relevant sources for further clarification.

Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.

Other Insights From Futurum:

Do AI Factories Signal a New Mandate for Certified Security? — Report Summary

CrowdStrike Deepens Agentic SOC Strategy Across AI Workflows

CrowdStrike Fal.Con 2025: A Vision and a Path to the Human-Led Agentic SOC

Author Information

Fernando Montenegro

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.