CrowdStrike and NVIDIA Join Forces to Bring “Always-On AI Agents” to Cybersecurity in Cloud, Data Center, and Edge

CrowdStrike (NASDAQ: CRWD) announced a collaboration with NVIDIA to deploy autonomous and continuously learning cybersecurity agents at the edge, combining Charlotte AI AgentWorks with Open NVIDIA Nemotron models, NeMo Data Designer (synthetic data), NeMo Agent Toolkit, and NVIDIA NIM microservices. The goal: real-time detection and response in multi-cloud, data center, and edge environments, with local inference and policies under enterprise guardrails.

“Defense needs speed and intelligence at the edge to outpace the adversary,” said George Kurtz, CEO of CrowdStrike. “We are working with NVIDIA to deliver autonomous agents that continuously learn and protect critical infrastructure.”
“Cybersecurity in the AI era requires thinking at machine speed,” stated Jensen Huang, CEO of NVIDIA.

What has been announced (in plain language)

• Always-on and edge-ready agents: building agents with Charlotte AI AgentWorks and integrating NVIDIA Nemotron (open models), NeMo Data Designer (data generation), NeMo Agent Toolkit (agent building/optimization), and NIM (AI microservices).
• Continuous learning and data sovereignty: Local training/tuning with CrowdStrike experts’ data on Nemotron, and edge inference to enhance detection accuracy, speed up response, and maintain control over sensitive data (compliance and regional sovereignty).
• Unified telemetry channel: integration of CrowdStrike’s Agentic Security Platform —Falcon® LogScale, Onum, and Pangea— with NVIDIA accelerated computing and CUDA-X libraries to power local models and agents with enriched real-time telemetry.
• Guardrail-based architecture: agents that learn securely, reason accurately, and act within enterprise policies.
• Public sector and high assurance: support for NVIDIA AI Factory for Government reference, enabling deployment of AI agents in federal agencies and regulated environments with multiple on-premises and hybrid loads.

Why it matters for CISOs and SOC teams

• Detection and response times (MTTD/MTTR): resident and edge agents with local inference reduce latency compared to round-trips to the cloud, automating containment and eradication under policies.
• End-to-end coverage: cloud, data center, and edge with the same set of agents, powered by unified telemetry (logs, identities, workloads, data).
• Sovereignty and privacy: fine-tuning and local serving reduce data exposure; aligns with regional requirements.
• Research scalability and threat hunting: synthetic data with NeMo Data Designer to expand training coverage without exposing sensitive information.

How the architecture fits together (simplified)

1. Data/telemetry: Falcon LogScale + Onum + Pangea → unified pipeline (real-time events, IoA/IoC, context).
2. Models/Agents: Nemotron + NeMo Agent Toolkit (fine-tuned with experts’ data) → detection/ reasoning/ action agents.
3. Execution: NVIDIA NIM (microservices) to serve agents/models at edge / data center / cloud, with CUDA-X and NVIDIA accelerators.
4. Governance: guardrails and corporate policies for secure actions, auditing, and compliance.

Use cases accelerated by this approach

• Autonomous detection and response to ransomware and lateral intrusions in hybrid environments.
• OT/edge protection (plants, retail, logistics) with local inference and intermittent links.
• assisted investigation (alert resolution, telemetry correlation) with agents that learn from analysts.
• Regulated environments: deploying agents on own infrastructure with residential data (sovereignty).

What to watch (roadmap and risks)

• General availability: the note includes forward-looking statements; some capabilities may not be GA today.
• AI governance: guardrails, action control, and explainability of agents to prevent misguided decisions or unwanted escalations.
• Model security: protect artifacts, prompts, and data channels from prompt injection, model hijacking, and exfiltration.
• Value metrics: measure real impact on TTE, accuracy, false positives/negatives, and SOC workload.

In a nutshell

CrowdStrike and NVIDIA aim to bring defense to machine speed: AI agents that learn continuously, reason, and act in situ — from the cloud to the edge — with unified telemetry and enterprise guardrails. The promise: less latency, more accuracy, and automatic response to protect the infrastructure that sustains our economy and national security.

via: crowdstrike