CrowdStrike bets on autonomous cybersecurity at Fal.Con – News

Last year, CrowdStrike Holdings Inc. weathered a major stress test, one that pushed the company to respond quickly and visibly on a global scale.

A global outage in July 2024 impacted 96% of its customers, raising questions about resilience and operational scale and the need for autonomous cybersecurity. Instead of retreating, the company leaned into transparency with customers and partners, taking visible steps to stabilize its ecosystem and reaffirm long-term reliability.

At this year’s Fal.Con, the mood was dramatically different. CrowdStrike came to play offense, positioning itself not just as a crisis-tested survivor but as a standard-bearer for artificial intelligence-powered cybersecurity. Its integrated platform was front and center, noted as a clear differentiator from rivals still stitching together acquisitions.

“When we think about how AI is transforming the world, it’s also transforming what the adversaries are doing, and the speed at which they’re moving has changed dramatically,” George Kurtz (pictured), chief executive officer of CrowdStrike, told theCUBE during the event. “It used to be weeks, then days, then hours and minutes. Now it’s seconds. The traditional SOC can’t keep up.”

TheCUBE’s exclusive coverage of Fal.Con, hosted by theCUBE’s Dave Vellante and Rebecca Knight, captured a real-time shift in enterprise security strategy, tracking how artificial intelligence is changing everything from threat detection to business models. A consistent theme from theCUBE’s coverage was clear: The cybersecurity industry is in a state of transition. (* Disclosure below.)

Here’s the complete video interview with George Kurtz:

Here are three key insights you may have missed from theCUBE’s coverage of Fal.Con:

1. Autonomous cybersecurity and risk-awareness are reshaping enterprise defense.

AI now serves as the foundation of CrowdStrike’s platform strategy, not just a feature layered on top, according to Kurtz. The company’s new Agentic Security Platform and Agentic Security Workforce introduce autonomous systems and user-defined agents capable of orchestrating cybersecurity outcomes. These capabilities form the foundation for CrowdStrike’s push into autonomous cybersecurity, drawing from a vast data set: Fourteen years of annotated telemetry across trillions of events. That depth makes CrowdStrike’s data especially valuable for training large language models, which also influenced the company’s recent $260 million acquisition of Pangea Cyber Corp. to help secure AI tools against prompt-level attacks.

TheCUBE’s Dave Vellante and Rebecca Knight break down the keynote address from day two of Fal.Con.

“We get to something that’s beyond what a human can do and is self-operating, continuously learns and is fully autonomous,” Kurtz told theCUBE. “We’re going to do it first.”

AI also accelerates the asymmetry in the threat landscape, enabling adversaries to amplify malware, scale disinformation and pivot around hardened defenses. Attackers now leverage AI to shift their focus to unmanaged devices and identity-based exploits, according to Adam Meyers, head of Counter Adversary Operations at CrowdStrike. As threat actors continue to seek the path of least resistance, security teams must match their pace by adopting AI-driven adaptability and scale.

“If you look at how the threat landscape has changed over the last 18 months, we’ve made devices like your laptops a hard target with things like endpoint detection and response technology,” Meyers said during the event. “What did the attacker do? They didn’t try really hard to get around that. They moved to the identity space. They moved to unmanaged devices. Wherever we build a bigger wall or a taller fence, the adversary is looking for a way around it or under it.”

The escalation of AI-driven attacks has forced a strategic rethinking of cybersecurity architecture. During Fal.Con, CrowdStrike emphasized that adversaries now use AI to pinpoint high-value data, manipulate behavior and scale operations with alarming precision. CrowdStrike’s response is agentic security, a redesigned security operations center model powered by AI agents that automate detection, response and remediation. This transformation marks a decisive shift toward autonomous cybersecurity, moving defenders from reactive responders to proactive orchestrators, according to Vellante.

“The ROI and the exfiltration value were not nearly as high as they are today,” he said during the interview. “The industry has done a better job of closing that gap. At the same time, I think the arms race is still on, and the defenders are still at a disadvantage.”

Here’s the complete video interview with Adam Meyers:

2. New capabilities are changing how enterprises defend themselves.

As attack surfaces expand and tool sprawl threatens operational clarity, platform consolidation is becoming a strategic necessity. MGM Resorts International spans casinos, stadiums and cloud-connected assets — an environment where every policy drift or tool mismatch can leave critical systems exposed. The company’s solution is a centralized core that provides visibility across the enterprise and helps enforce security standards without slowing business growth, according to Stephen Harrison,  chief information security officer of MGM.

MGM Resorts International’s Stephen Harrison talks with theCUBE about why platform consolidation is emerging as the strategic backbone for navigating compliance at scale.

“Policy drift is a real thing,” he told theCUBE. “There’s obviously companies out there that are focused on it. When you think about the centralized security stack for CrowdStrike, that’s one of the big advantages of it, being able to address policy drift at its core inside the platform.”

That need for speed and cohesion is shaping how CrowdStrike evolves its own platform. As attackers move faster and target more fragmented environments, the company has doubled down on adaptive defenses — systems that adjust in real time based on threat posture and telemetry. A key innovation in that push is Enterprise Graph, a unified data model explicitly designed to support AI and agentic systems at scale. The goal is to support autonomous cybersecurity at scale — letting defenders pivot fast, integrate emerging technologies quickly and automate protection across the entire environment, according to Elia Zaitsev, chief technology officer of CrowdStrike.

“We’ve successfully delivered that,” he said during the event. “That allows us to integrate and bring in any black box intelligence system, any agentic capability that we don’t even know exists today. We could slot [them] in at any point in time so that when the latest and greatest intelligence system is available, we don’t have to wait 12 more months to integrate [them] into our platform.”

Enterprise Graph also provides the structural core for CrowdStrike’s AI defense strategy.  Traditional antivirus frameworks no longer meet the needs of today’s enterprise — especially when threat actors armed with generative AI can operate like advanced nation-states, according to Mike Sentonas, president of CrowdStrike. Instead, defenders need a single source of security truth — one that harmonizes identity, asset, user and threat data to support autonomous cybersecurity in real time.

“For us, the Enterprise Graph is having a single place to bring in all of your threat information,” Sentonas told theCUBE. “To bring in all of your asset data, to bring in all of your identity data, to bring in all of your user information and being able to search that and unify the data.”

Here’s the complete video interview with Mike Sentonas:

3. Cybersecurity innovation is increasingly driven by strategic partnerships that combine infrastructure, intelligence and integration.

As endpoint attack surfaces expand, Dell Technologies, Inc. and Intel Corp. are strengthening PC security at the device level through joint ecosystem integration. This expansion includes real-time telemetry made visible through tools customers already use, including integrations with CrowdStrike’s platform, according to Lori Zwilling, senior director of software product management at Dell, and Todd Cramer, senior director of security ecosystem business development, Intel Client Computing Division, at Intel.

Dell’s Lori Zwilling and Intel’s Todd Cramer talk with theCUBE about how AI PCs are reshaping performance and security at the endpoint.

“A healthy PC is a secure PC,” Zwilling said during the interview. “We have unique telemetry, telemetry that’s very visible, whether that’s security telemetry or manageability telemetry. We make it visible to our customers. We meet our customers where they’re at in their portals of choice, whether it’s Intune for manageability [or] CrowdStrike for security.”

Startup innovation is getting a serious boost from CrowdStrike’s accelerator program, developed in partnership with Amazon Web Services Inc. and Nvidia Corp. During Fal.Con, CrowdStrike’s startup accelerator — built in collaboration with AWS and Nvidia — is giving cybersecurity founders a serious runway to scale. At Fal.Con, the spotlight was on Terra Security, the 2025 program winner, which is pioneering agentic AI-powered penetration testing to reimagine offensive security. During the event, Daniel Bernard, chief business officer of CrowdStrike, joined Shahar Peled, co-founder and chief security officer at Terra Security, and CJ Moses, chief information security officer and vice president of security engineering at AWS. They discussed how the accelerator embeds early-stage startups directly into enterprise-grade ecosystems.

“Together, we have content that helps these founding teams learn what it takes to succeed in building a company,” Bernard told theCUBE at the event. “They hear from execs from all the companies. AWS really helps us operate the program. They have a great startup program. We give them benefits in terms of product from all of our companies, in addition to the education.”

Salt Security Inc.’s integration with the CrowdStrike Falcon platform enhances visibility and helps advance autonomous cybersecurity across API environments.. As part of the Falcon Fund portfolio, Salt is building toward unified workflows, according to Michael Nicosia, co-founder and chief operating officer of Salt, and Michael Callahan, chief marketing officer of Salt.

“We can spin up our dashboard directly from their agent to integrate to their next-generation [security information and event management],” Nicosia told theCUBE. “We’re also starting to talk about what’s next in terms of integration points from an AI perspective, and what would that ‘better together’ story look like.”

Here’s the complete video interview with Shahar Peled, CJ Mosts and Daniel Bernard:

Want more insights from theCUBE’s coverage of Fal.Con? Check out these insight-packed segments:

• Clarke Rodgers, office of the chief information security officer for AWS Security at AWS, talks about the role of a risk-based cybersecurity approach and AWS’s use of this strategy.
• Mac Grant, vice president of Americas sales and channels at ColorTokens Inc., and Sunil Muralidhar, vice president of marketing and partnerships at ColorTokens, explain how software-based microsegmentation reduces the attack surface, blocks lateral movement and supports zero-trust principles.
• Kanaiya Vasani, chief operating officer of ExtraHop Networks Inc., discusses how network detection and response solutions are changing enterprise security.
• Kevin Urbanowicz, principal at Deloitte Touche Tohmatsu Ltd., and Chris Richter, senior managing director at Deloitte, discuss the shifting expectations around MDR amid the growing role of AI in reshaping cybersecurity operations.

To watch more of theCUBE’s coverage of Fal.Con, here’s our complete event video playlist:

https://www.youtube.com/watch?v=videoseries

(* Disclosure: TheCUBE is a paid media partner for Fal.Con. None of the sponsors of theCUBE’s event coverage has editorial control over content on theCUBE or News.)

Photo: News