CrowdStrike Charlotte AI AgentWorks: Orchestrating Agentic Security

The transition from automated security to agentic security marks a significant shift in how a modern SOC manages telemetry and incident response. Unlike traditional Security Orchestration, Automation, and Response (SOAR) platforms that rely on rigid, pre-defined playbooks, agentic systems use large language models (LLMs) to reason through problems, plan actions, and execute tasks dynamically. According to CrowdStrike, the introduction of Charlotte AI AgentWorks provides a framework for these autonomous agents to operate within the Falcon ecosystem.

Multi-agent orchestration in modern SOC environments

The core of Charlotte AI AgentWorks lies in its ability to facilitate multi-agent orchestration. In this model, individual AI agents are assigned specific roles or “skills” that allow them to interact with both internal data and external APIs. This goes beyond simple query-response interactions. When an analyst identifies a potential APT activity—such as APT28 using a new TTP—the system can deploy an agent to perform forensic analysis across EDR logs, correlate findings with SIEM data, and even query threat intelligence databases simultaneously.

This orchestration layer acts as a reasoning engine. It breaks down a complex security objective—such as “find all instances of lateral movement involving compromised service accounts”—into smaller, executable sub-tasks. By implementing Charlotte AI AgentWorks for security automation, organizations can move away from manual script execution and toward a system where the AI determines the most efficient path to resolution based on the current environmental context.

The Architecture of Agentic Security

Charlotte AI AgentWorks is built upon three primary pillars: The Brain, The Knowledge, and The Tools.

1. The Brain (Reasoning): This is the LLM component that interprets natural language instructions. It evaluates the current state of an incident and decides which action to take next. If it identifies a C2 beacon, it may decide to isolate the host before continuing the investigation.
2. The Knowledge (Context): This involves grounding the AI in the specific environment of the organization. It uses the CrowdStrike Threat Graph to understand the relationships between files, processes, and network connections, ensuring that the agents have the necessary context to avoid false positives.
3. The Tools (Execution): Agents interact with the environment through “Toolkits.” These are essentially API wrappers that allow the agent to perform actions such as blocking an IP address, fetching a memory dump, or updating a ticket in a workflow management system.

Optimizing Agentic Security Workflows for Incident Response

For security professionals, the primary benefit of this ecosystem is the reduction of mean time to respond (MTTR). By creating specific agentic security workflows for incident response, defenders can automate the initial stages of the investigative lifecycle. For instance, an agent can be programmed to automatically initiate a scan whenever a high-severity alert is triggered, gathering all relevant IoC data before an analyst even opens the ticket.

Furthermore, the AgentWorks ecosystem allows for the integration of third-party security tools. This prevents vendor lock-in and ensures that the AI can act as a central coordinator across a heterogeneous security stack. Analysts can build custom “Agentic Skills” that connect to proprietary data lakes or niche security products, extending the reach of Charlotte AI beyond the native Falcon platform.

Recommendations for Implementation

Defenders looking to adopt agentic security should prioritize the following actions:

• Audit Existing Playbooks: Identify linear playbooks that frequently fail due to environmental variables. These are the primary candidates for replacement with dynamic AI agents.
• Establish API Governance: Since AgentWorks relies on API interactions, ensure that service accounts used by AI agents follow the principle of least privilege to prevent potential Privilege Escalation if an agent’s logic is subverted.
• Focus on Data Quality: The effectiveness of an AI agent is restricted by the quality of the telemetry it consumes. Ensure that EDR coverage is comprehensive across all critical assets to provide the “Knowledge” layer with accurate data.