Platform / Charlotte AI
CrowdStrike® Charlotte AI
Powering the next evolution of the SOC
Unite intelligent automation with human cyber expertise to accelerate detection, investigation and response.
No fiction. Just function.
In a world of AI hype, keep it real with Charlotte AI.
Charlotte AI accelerates detection and response with autonomous reasoning and action
Extend the power of AI to cybersecurity services
Falcon® Complete Next-Gen MDR with Charlotte AI utilizes the triage decisions of CrowdStrike’s elite analysts to accelerate investigations – creating a powerful, one-of-a-kind feedback loop that supercharges human and AI performance.
Charlotte AI is trained on the millions of breaches we’ve stopped and insights from our elite threat hunters and SOC analysts. As Charlotte gets smarter, so does our platform—and so do the experts who use it.
How it works
Cut through noise and reclaim hours
Triage with front-line precision. Slash alert fatigue and save time from manual analysis. Built on the playbooks of Falcon Complete™ MDR, Charlotte AI Detection Triage filters false positives — escalating only what matters. Stay focused, stay fast, and stay in control of what’s automated, and when.
×
![]()
×
![]()
Boost analyst performance with frontline insights
Charlotte AI accelerates investigations by thinking like a seasoned analyst, asking and answering critical questions . Get fast context with AI-generated summaries, dynamic incident graphs, and insights that map out the who, what, and how — so decisions happen faster, and with confidence.
Find real attacks fast and prioritize what matters
Surface real-time security insight with LLM-powered conversations. Query your Falcon® data in plain language — from decoded commands to adversary profiles. Charlotte AI turns complex analysis into simple answers, shareable across your team with reusable promptbooks.
×
![]()
×
![]()
Activate autonomous reasoning to speed up response
Automate what slows you down with Agentic Workflows in CrowdStrike Falcon® Fusion SOAR. Go beyond traditional SOAR with AI intelligence that adapts on the fly and eliminates lags from human-activated tasks.
Respond with bounded autonomy
Charlotte AI runs with customer-defined guardrails. Every action is traceable, auditable, and governed by role-based access — so you can move fast without ever losing oversight or exposing your team and data.
×
![]()
Real customer stories
Proven AI leadership
Charlotte AI FAQs
Product overview and pricing
Charlotte AI is a generative, agentic AI assistant for users of the CrowdStrike Falcon® platform. It uses industry-leading AI technologies to enable users to query Falcon platform data using plain-language questions, and to help accelerate detection triaging, investigations and workflow automation.
Charlotte AI powers detection triage and agentic investigations within the Falcon platform. It automatically analyzes new endpoint detections, helping to reduce response time. By generating detailed documentation and priority scoring, Charlotte AI empowers admins to act on critical detections. Humans remain in control of how Charlotte AI detection triage is used.
No. You can access Charlotte AI using your existing CrowdStrike Falcon® agent.
Charlotte AI is available for purchase to all Falcon platform users leveraging US-1, US-2 and EU platform regions.
Data and underlying models
Yes. Charlotte AI is able to obtain and surface data from supported CrowdStrike APIs and modules (such as Falcon Discover, which has connectors to 3rd party data sources).
Charlotte AI’s underlying models are trained and tuned on Falcon platform documentation, APIs of the Falcon platform, and CrowdStrike’s high-fidelity security telemetry.
Charlotte AI is continuously trained on detection triage data and the latest investigation guidance from CrowdStrike Falcon® Complete MDR’s world-class security experts. This ensures it keeps up with evolving adversary techniques and provides highly reliable assessments.
Charlotte AI’s underlying architecture leverages a diverse set of cutting-edge LLMs and other AI technologies — including third party models and first party AI technologies. Charlotte AI’s architecture gives CrowdStrike the flexibility and adaptability to adjust the models applied across workflows based on ongoing performance testing, to continuously optimize Charlotte AI’s performance.
Responsibility, privacy, and safety controls
As an extension of the Falcon platform, Charlotte AI operates within each user’s role-based access policies.
Yes. Every answer provided by Charlotte AI is inspectable and traceable. To see the underlying sources of data for each answer, click on the “see response details” toggle included in the upper right corner of each answer.
Furthermore, the “Charlotte AI Auditor” role allows administrators to designate users in their environment who can see all questions submitted to Charlotte AI, to ensure usage is consistent with their organization’s policy.
When configuring Agentic Workflows, users define what data is available to the individual LLMs and what actions the resulting workflows are authorized to take on their behalf.
1 Calculated by multiplying the average number of alerts triaged by Charlotte AI by a 5-minute triage time per alert as estimated by the Falcon Complete team. Individual results may vary based on factors such as total alert volume.
2 Accuracy rating is a measure of Charlotte AI triage decisions that match the expert decisions from the CrowdStrike Falcon Complete Next-Gen MDR team.
3 Results based on a survey of Charlotte AI early adopters. Individual results may vary.
2 Accuracy rating is a measure of Charlotte AI triage decisions that match the expert decisions from the CrowdStrike Falcon Complete Next-Gen MDR team.
3 Results based on a survey of Charlotte AI early adopters. Individual results may vary.