Every SOC leader understands the struggle: inundated with alerts, unable to pinpoint the real threat, constantly on the defensive in a battle accelerated by AI.
Enter CrowdStrike and NVIDIA, changing the game. Equipped with autonomous agents fueled by Charlotte AI and NVIDIA Nemotron models, security teams are not just reacting anymore; they are proactively countering attackers before their next move. Welcome to the new era of cybersecurity’s arms race. By merging the strengths of open source with agentic AI, the balance of power against adversarial AI is being shifted.
The collaborative ecosystem of CrowdStrike and NVIDIA integrates Charlotte AI AgentWorks, NVIDIA Nemotron open models, NVIDIA NeMo Data Designer synthetic data, NVIDIA Nemo Agent Toolkit, and NVIDIA NIM microservices.
“This collaboration revolutionizes security operations by enabling analysts to develop and deploy specialized AI agents at scale, leveraging enterprise-grade security with Nemotron models,” stated Bryan Catanzaro, Vice President, Applied Deep Learning Research at NVIDIA.
The goal is to empower autonomous agents to learn rapidly, mitigating risks, threats, and false positives. This significantly reduces the burden on SOC leaders and their teams, combating data overload caused by inaccurate information on a daily basis.
The announcement at GTC Washington, D.C., heralds the advent of machine-speed defense that can finally keep pace with machine-speed attacks.
Translating Expert Analyst Knowledge into Machine-Scale Datasets
What sets this partnership apart is how the AI agents continuously aggregate telemetry data, incorporating insights from CrowdStrike Falcon Complete Managed Detection and Response analysts.
“We are able to leverage the intelligence, data, and experience of our Falcon Complete analysts to transform these experts into datasets, then into AI models, and ultimately create agents based on the wealth of knowledge and experience within our company so that our customers can benefit from these agents at scale,” explained Daniel Bernard, CrowdStrike’s Chief Business Officer, in a recent briefing.
By harnessing the capabilities of the NVIDIA Nemotron open models, organizations can empower their autonomous agents to continually learn by training on datasets from Falcon Complete, the largest MDR service globally handling millions of triage decisions monthly.
CrowdStrike’s prior experience in AI detection triage led to the development of a service that extends this capability across its client base. Charlotte AI Detection Triage, seamlessly integrates into existing security workflows, adapting to evolving threats and automating alert assessment with over 98% accuracy, reducing manual triage by more than 40 hours per week.
Elia Zaitsev, CrowdStrike’s Chief Technology Officer, elaborated on how Charlotte AI Detection Triage achieves such high performance, telling VentureBeat: “Our success in reaching over 98% accuracy is attributed to the support of our Falcon Complete team. They handle triage as part of their workflow, manually addressing millions of detections. The high-quality, human-annotated dataset they provide enabled us to achieve exceptional accuracy.”"
The lessons learned from Charlotte AI Detection Triage directly translate to the NVIDIA partnership, enhancing the value it can deliver to SOCs grappling with a flood of alerts.
Open Source: A Foundation for Success in the Partnership
NVIDIA’s Nemotron open models address a significant hurdle to AI adoption in regulated environments, providing transparency on how the model functions, its weights, and its security.
Justin Boitano, Vice President, Enterprise and Edge Computing at NVIDIA, highlighted the importance of open models in enabling organizations to develop specialized domain knowledge: “Open models serve as a starting point for creating customized models and training them for specific security use cases. Owning the intellectual property is a crucial aspect. Many entities, including sovereign nations and regulated industries, prioritize data privacy and security.”
John Morello, CTO and Co-Founder of Gutsy (now Minimus), emphasized the benefits of open-source models, citing the ability to customize and train models for specific security needs while upholding privacy and efficiency. Morello noted that practitioners value transparency, data privacy assurances, access to expertise, and integration options across architectures as key factors influencing their adoption of open source.
Checkmating Adversarial AI: Maintaining the Balance of Power
Cisco’s DJ Sampath, Senior Vice President of Cisco’s AI Software and Platform Group, underscored the industry-wide necessity for open-source security models, emphasizing the importance of empowering defenders with robust models to bolster security.
When Cisco unveiled Foundation-Sec-8B, an open-source security model, at RSAC 2025, it stemmed from a sense of duty. Sampath expressed the need for sustainable funding for open-source projects, highlighting the corporate obligation to provide models while enabling communities to engage with AI defensively.
The commitment to transparency extends to the most sensitive aspects of AI development. When concerns arose regarding DeepSeek R1’s training data and potential compromise, NVIDIA took decisive action.
Boitano explained to VentureBeat, “Government agencies expressed apprehension. They desired DeepSeek’s reasoning capabilities but were wary of the content trained into the model, prompting us to fully open source everything in Nemotron models, including reasoning datasets.”"
For practitioners managing open-source security at scale, transparency is fundamental. Itamar Sher, CEO of Seal Security, emphasized the transparency offered by open-source models, while acknowledging the challenges of managing cycles and compliance. Seal Security employs generative AI to automate vulnerability remediation in open-source software, leveraging its status as a CVE Naming Authority (CNA) to enhance security across the ecosystem.
A Core Partnership Objective: Extending Intelligence to the Edge
“Bringing intelligence closer to where data resides and decisions are made represents a significant advancement for security operations teams across industries,” emphasized Boitano. This capability for edge deployment is particularly vital for government agencies grappling with fragmented, often legacy IT environments.
Boitano discussed initial talks with government agencies briefed on the partnership and its objectives before commencing work. “The agencies we engaged with consistently felt they were lagging in technology adoption,” Boitano noted. “Their response was clear: any assistance in securing endpoints is invaluable. Deploying open models in high-security networks was previously a laborious process."
NVIDIA and CrowdStrike have laid the groundwork, incorporating STIG hardening, FIPS encryption, air-gap compatibility, and eliminating obstacles that hindered open-model adoption in high-security networks. The NVIDIA AI Factory for Government reference design offers comprehensive guidance for deploying AI agents in federal and high-assurance organizations while meeting stringent security requirements.
As Boitano stressed, the urgency is paramount: “Having AI defense mechanisms operating within your infrastructure to detect anomalies and respond swiftly is imperative. It is the only way to counter the speed of AI at present.”"
