CrowdStrike Accelerates Development of Agentic MDR with NVIDIA

As part of the partnership, CrowdStrike integrates several NVIDIA technologies into the Falcon platform to create a new Agentic SOC architecture, where AI agents perform a significant portion of operational cybersecurity tasks.

Key components of the solution

NVIDIA Nemotron (Nano and Super): open models used to orchestrate investigation workflows and automate high-volume Tier 1 analysis.

NVIDIA NeMo Data Designer: a tool for generating high-quality synthetic data based on expert knowledge and telemetry, enabling models to be fine-tuned and improving their accuracy in specific security scenarios.

Charlotte AI AgentWorks: the CrowdStrike platform is being expanded with support for NVIDIA Nemotron 3 Super, allowing organizations to create their own custom AI security agents.

NVIDIA OpenShell and Secure-by-Design AI Blueprint: CrowdStrike has also introduced the Secure-by-Design AI Blueprint architecture, developed jointly with NVIDIA. It integrates Falcon platform security directly into the NVIDIA OpenShell runtime environment, which is part of the NVIDIA Agent Toolkit.

This approach embeds security directly into the AI agent stack, enabling policy enforcement, control over agent actions, and continuous monitoring of agent behavior.

The architecture supports running autonomous agents both locally on NVIDIA DGX Spark or DGX Station systems and in cloud environments, providing unified visibility and control throughout the entire AI lifecycle.

Through the integration of Falcon with the OpenShell runtime, organizations can:

• monitor every AI agent prompt, response, and action in real time;
• apply security policies to agents, data, and APIs;
• prevent prompt manipulation and unsafe behavior of autonomous systems.

This approach allows organizations to safely scale the use of AI agents and implement Agentic SOC, where autonomous systems work alongside analysts, combining machine speed with human expert oversight.

The implementation of Agentic MDR aims to address the key challenges of modern cybersecurity teams — the shortage of specialists, budget constraints, and the growing volume of complex attacks that increasingly use artificial intelligence.

Comparison of Approaches

Traditional Approach (Human) – Incident investigation takes up to 48 minutes (maximum recorded time). Triage is performed at a basic level of accuracy, often requiring additional verification. Search queries are manually formed, slowing down the process and depending on the analyst’s experience.

Agentic MDR (AI Agents) – The average investigation time is reduced by 5 times to 8.5 minutes. Triage accuracy is 3 times faster, significantly improved due to better classification of legitimate events. Query generation is automated and achieves 96% accuracy in Falcon LogScale, significantly accelerating and standardizing SOC operations.

The transition to ‘Agentic SOC’ is driven by the change in tactics of cybercriminals who use AI to accelerate reconnaissance and bypass defense systems.

In these conditions, organizations are forced to change their approaches to cybersecurity.

Scalability: instead of extensively expanding the staff of analysts, CrowdStrike offers the implementation of AI agents directly in SOC operations to enhance the capabilities of existing teams.

Load reduction: automating routine Tier 1 tasks allows experts to focus on making critically important decisions while maintaining control over AI actions.

Natural language interface: using Nemotron Nano enables analysts to interact with the Falcon LogScale system in natural language, which significantly enhances the efficiency of work.

Daniel Bernard, Director of Business Development, CrowdStrike:
“The future of managed security is not about increasing the number of analysts but integrating AI agents directly into SOC operations. We apply advanced reasoning models to automate investigations while maintaining expert oversight.”

Justin Boitano, Vice President of Enterprise AI Products, NVIDIA:
“AI reasoning models and synthetic data are transforming enterprise approaches to operational intelligence. We implement secure autonomous agents, allowing organizations to analyze threats and act in real-time.”

David Burg, Head of Cybersecurity and Data Resilience, Kroll:
“The use of CrowdStrike’s advanced AI reasoning in Falcon Complete Next-Gen MDR is a significant step forward. It enables our teams to achieve quality results for clients worldwide more quickly.”

The partnership between CrowdStrike and NVIDIA sets a new standard in cybersecurity by transitioning MDR from a category of services managed exclusively by humans to hybrid agent systems where humans and AI work together.

This approach allows organizations to more effectively counter threats of the artificial intelligence era, ensuring the necessary response speed, analysis accuracy, and operational scalability of security operations.

To effectively counter modern cyber threats, it is important for companies to regularly review their cybersecurity strategy, implement new technologies, and adapt security infrastructure to new types of attacks. Using AI-oriented platforms, SOC automation, and leveraging partner expertise can enhance the operational efficiency and cyber resilience of the organization.