AI SecurityBlogCrowdStrikeSecurity OperationsSecurity
Blog5 minute read

Onum, Pangea and the Path to the Agentic SOC: Highlights from Fal.Con 2025

AI is revolutionizing cybersecurity, transforming both attackers and defenders. At Fal.Con 2025, CrowdStrike unveiled its vision of an agentic SOC powered by intelligent agents and streaming pipelines. This shift towards AI-native security platforms aims to enhance collaboration, autonomy and governance, heralding a new era of intelligent, proactive security operations.

In this blog

  1. Highlight #1: Agentic SOC
  2. Highlight #2: Security data pipelines are here to stay
  3. Highlight #3: The need to secure AI
  4. Highlight #4: The road to autonomy 
  5. Highlight #5: CrowdStrike is aiming to be a pioneer of AI security
  6. Cybersecurity takes a crowd

AI is no longer just a buzzword, it's reshaping how both attackers and defenders operate. At Fal.Con 2025, George Kurtz, CEO and founder of Crowdstrike, laid out a vision that pushes security operations toward an agentic security operations center (SOC), one powered by intelligent agents, streaming pipelines and stronger guardrails for AI itself. What stood out to us is how closely this aligns with the work our team has been driving all year. The SOC of the Future is no longer a concept; it's taking form in front of our eyes.

 Highlight #1: Agentic SOC

Kurtz made it clear: AI is transforming both adversary and defender. The next generation of security operations will be built on an agentic SOC powered by intelligent agents that can reason, triage, hunt and continuously improve. At the center is Charlotte AI, the platform acting as the "brain," unifying data, reasoning and memory into a feedback loop for hyperautomation. Enhanced visibility for Charlotte AI to make high-confidence, risk-based prioritizations is not the endgame. Crowdstrike's goal is to foster better collaboration between SOCs and proactive security teams — such as cloud security — resulting in preventative, business-aware security decisions that save time and money.

Customers will also be able to create their own custom agents through AgentWorks, extending the ecosystem beyond CrowdStrike's core offerings. CrowdStrike has already released a few of their own AI agents to include hunting, search, correlation search and data transformation to empower security operations teams to detect better and respond faster.

 Highlight #2: Security data pipelines are here to stay

Crowdstrike's acquisition of Onum highlights a shift we've been preparing for all year within WWT's Global Cyber Team: Data pipelines are becoming the backbone of the SOC. Onum provides real-time streaming detection, the "railroad tracks" for faster time to detect and respond. With major SIEM players now moving to acquire pipeline technologies, it validates our approach and underscores that the SOC of the Future will be built on streaming-first infrastructure.

CrowdStrike is not the first security company to acquire a data pipeline solution, and we do not expect it to be the last. Market leader, Cribl, has a behemoth of the market share today; WWT's Global Cyber team will be watching this market closely.

 Highlight #3: The need to secure AI

CrowdStrike also announced the acquisition of Pangea, positioning it as a guardrail system for AI itself. Introduced under the banner of AI detection and response (AIDR), this marks the beginning of treating AI like any other identity in the enterprise, something that needs to be governed, protected and secured across workflows and data. It's a recognition that AI will play an operational role alongside humans, and it must be managed accordingly.

CrowdStrike's approach here makes perfect sense. Just as we secure human identities, we will need to secure AI identities. Treat these agents as separate CMDB entries completely. Who is responsible for the AI agent? What is its purpose? What does the agent have access to?  All of these must be addressed as organizations start heavier adoption of AI and AI agents.

 Highlight #4: The road to autonomy 

In his keynote, Kurtz leaned heavily on the autonomous driving model to articulate the company vision and frame the journey ahead. Just as cars moved from driver assist features to conditional autonomy, the SOC will move from a single analyst per alert to one analyst orchestrating many agents. CrowdStrike believes in freedom of choice, choosing which specific LLMs are to be used and the amount of autonomy given to each agent. This provides a customizable, digestible solution for customers adopting AI into their security ecosystem. 

Full autonomy isn't immediate, but the trajectory is clear: higher levels of automation, speed and flexibility. Importantly, Kurtz emphasized that only humans can set the guardrails, values and accountability. He made it clear that autonomy doesn't mean lack of oversight. The "human-in-the-loop" model remains central, especially as AI systems start taking on high-impact tasks. Agents execute at scale, but responsibility remains with us. 

Image Source: https://blog.guardknox.com/how-far-are-we-from-level-5-autonomy

 Highlight #5: CrowdStrike is aiming to be a pioneer of AI security

CrowdStrike is positioning itself not just as a cybersecurity vendor, but as a pioneer of AI native security platforms. This strategic shift reflects a broader ambition to lead security, AI and data convergence, enabling enterprises to reduce operational costs, address the cybersecurity talent gap and stay ahead of increasingly sophisticated threats. Their direction is clear:

  • Agentic platforms that learn and adapt
  • Streaming first data pipelines
  • AI agents as core operators in the SOC
  • Governance first approach to enterprise AI

The long-term vision? A future where security artificial general intelligence (AGI) works alongside humans, governed by ethics, risk frameworks and business logic. This positioning puts CrowdStrike in direct competition not just with other cybersecurity vendors, but also with AI-native platform companies. The convergence of AI, security and data intelligence is a bold step beyond traditional cybersecurity, ushering in a new era of intelligent and autonomous operations.

 Cybersecurity takes a crowd

This week at Fal.Con was an excellent opportunity for WWT to highlight our partnership with our mutual customers. We delved into two large CrowdStrike acquisitions and attended breakout sessions, which will enable us to help our customers across the globe. AI is a double-edged sword, and threats are accelerating faster while the defenders' tools are leveraging it for better detection and faster response. We must lean into CrowdStrike Fal.Con's mottos: "Better Together" and "Cybersecurity Takes a Crowd," along with WWT's, "Secure, All Together" approach. This teamwork is the only way our organizations can stay in front of today's threats.

Reminder: The best way to hone your skills is through practice and repetition.  WWT's Cyber Range is hosting two CrowdStrike capture the flag (CTF) events in October:

We hope to see you there!

Technologies