The AI agents are marching in on the RSA Conference as CrowdStrike launched a set of agents to its Charlotte AI platform. Rest assured that more agentic AI layers will be added to security platforms. Google Cloud, IBM, SentinelOne, Cisco and others all made plays to make their security operations workflows and analysis more autonomous.
RSAC kicks off in San Francisco this week and cybersecurity vendors are outlining a bevy of agentic AI and automation tools on their respective platforms.
CrowdStrike announced Charlotte AI Agentic Response and Charlotte AI Agentic Workflows, two security operations tools that are designed to go with Charlotte AI Agentic Detection Triage.
With a portfolio of AI agents for the Charlotte AI platform, CrowdStrike is looking to offer autonomous reasoning for first- and third-party data. Just as cybersecurity vendors are looking to consolidate platforms they are jockeying to be that automation layer.
CrowdStrike CEO George Kurtz said the goal is to "shift from reactive to proactive security." CrowdStrike announced the following:
- Charlotte AI Agentic Response, which automatically asks and answers questions a security analyst would. The tool also analyzes root causes and guides next steps on investigations.
- Charlotte AI Agentic Workflows, which use large language models in workflows to drop into automated playbooks based on policies.
- Falcon Complete with Charlotte AI, which uses agents to triage alerts.
- Charlotte AI Agentic Triage for Identity is added to Falcon Identity Protection.
What's unclear at this point is whether these AI agents are truly autonomous or speed up reasoning and response.
Other RSAC items of note:
- Google Cloud launched Google Unified Security that integrates threat intelligence, security operations, cloud security, secure enterprise browsing and Mandiant intelligence into one package. The company said the integrated stack will "simplify workflows, reduce toil, and empower analysts." In addition, Google Cloud outlined its vision for agentic AI powered security operations center. Mandiant's M-Trends report based on 450,000 hours of incident investigations in 2024 was also released.
- Cisco launched new threat detection and response tools for Cisco XDR and Splunk Security. Cisco XDR gets Instant Attack Verification, which integrates data from the Splunk platform and then uses AI agents to carry out plans and responses. The company also launched XDR Forensics for visibility into endpoint activity and XDR Storyboard to visualize attacks. The company also said Splunk Enterprise Security and Splunk SOAR 6.4 can be combined with Cisco XDR for enhanced network visibility and detection.
- SentinelOne launched its Athena release of its Purple AI platform. The new release features agentic AI to offer orchestration, reasoning and analysis that a security analyst would. In addition, Purple AI Athena will open up the platform to third party security platforms and data lakes. Purple AI Auto Triage is also generally available. SentinelOne is looking to automate workflows across platforms by connecting to multiple data sources and embedding AI agents throughout.
- Minimus, an application security startup, launched its platform that's designed to eliminate 95% of CVEs from software supply chains. The company raised $51 million in a deed round from YL Ventures and Mayfield.
- NetRise also is focused on software supply chain security launched NetRise ZeroLens, which uses AI to summarize and remediate compiled code for weaknesses.
- Bedrock Security announced its Model Context Protocol (MCP) Server, which will complement its Bedrock Metadata Lake Copilot. The idea is to secure AI agents and enterprise data as enterprises adopt the technology. Bedrock Security is providing a standardized gateway to data for AI agents with MCP Server.
- IBM launched Autonomous Threat Operations Machine (ATOM), an AI agent system for threat triage, investigation and remediation. IBM also launched the new X-Force Predictive Threat Intelligence (PTI) agent for ATOM, which uses industry focused AI models for threat insights.
This article will be continually updated as RSAC news lands.
