CrowdStrike introduces Charlotte AI

CRWD reports tomorrow and will no doubt talk more about this, but it seems like a really positive thing.

Things I really like in this release (bolding mine):

The most critical set of data — and one unique to CrowdStrikeis CrowdStrike’s human-validated content. Charlotte AI will uniquely benefit from a continuous, human feedback loop from across CrowdStrike® Falcon OverWatch™ managed threat hunting, CrowdStrike Falcon® Complete managed detection and response, CrowdStrike Services, and CrowdStrike Intelligence. This massive data set of human intelligence used to stop breaches in the real world is wholly unique to CrowdStrike, and as it has with AI from the start, only CrowdStrike brings this powerful combination of security telemetry, threat intelligence and human-validated content together into cybersecurity’s most powerful data fabric.

For AI to avoid becoming our new Frankenstein monster, combinations of human and artificial intelligence are critical. Phrases like “human-validated content” are music to my ears.

With Charlotte AI, everyone from the IT helpdesk to executives like CISOs and CIOs can quickly ask straightforward questions such as “What is our risk level against the latest Microsoft vulnerability?” to directly gain real-time, actionable insights, drive better risk-based decision making and accelerate time to response.

In many of our evaluations of tech companies on this board, I get lost in the weeds of how things operate under the hood. If I were managing a company, I would want my own, less-technical understanding to be able to make queries like this–for several reasons.

First, presumably those in the C-Suite have a differentiating set of gifts. Those generally include (in good management) the ability to see very quickly the potential for external events/trends/innovations to affect my business. It might be potential for a huge risk or for a huge reward; but it’s that vision/imagination that earns the big bucks. If a CEO can ask a plain language question about a cyberthreat, a company can move much more quickly to address it–and speed is mission-critical with cybersecurity. And that ability can move all the way down the chain.

The release put it this way:

Charlotte AI will empower less experienced IT and security professionals to make better decisions faster, closing the skills gap and reducing response time to critical incidents.

Second, it allows management to better assess the work of their engineers. Let’s say, as a manager, I asked my new friend Charlotte about our vulnerability and discovered hackers could drive a truck through our holes. Because I’m a great manager, I put every available engineer, and then some, on closing that hole on day one. It’s been a week and I’ve been getting daily updates from the team, but maybe I don’t have as much in-depth knowledge as my engineers. I know a lot, but there are places where I have to just trust what they tell me. After one week, Charlotte has trillions more bits of data, and I can ask the question again. That will tell me a lot–not just about the state of our system as a whole, but about the effectiveness of my team in addressing the vulnerability.

Third, a sales team can ask a simple question during a conversation with a potential client that could secure a deal. “Charlotte, how many threats [of x kind that my potential customer is interested in] did we intercept today?” Real-time data that can be accessed and understood by those without the in-depth knowledge required of the engineers can give a huge boost to sales teams.

I’m sure there are more. HR can broaden their applicant pool to include people who might know a bit less about the inner-workings of the product but who have significant gifts in knowing what questions are relevant and helpful to ask in an on-going threat environment.

But those like many who post here who understand how the tech sausage is made, get a huge benefit, too:

Charlotte AI will enable the most experienced security experts to automate repetitive tasks like data collection, extraction and basic threat search and detection while making it easier to perform more advanced security actions.

What is not quite clear to me from the release is when Charlotte will be fully rolled out. It says,

Currently available in private customer preview

I don’t know if that means you can preview it and then purchase it now or whether it means you can view some kind of alpha or beta version and maybe put in a pre-order? I can’t tell.

But this strikes me as a very good thing, and I’m looking forward to the call tomorrow afternoon.

(15.2% CRWD)


I agree that this is a pretty interesting announcement. There was a similar announcement from Sentinel a few weeks back that I commented on: Sentinel Unveils Revolutionary AI Platform for Cybersecurity - #3 by DSNerd.

I mentioned in that post that using generative AI for human language prompting of systems could become somewhat commoditized unless it’s tailored and really well integrated into the software system. The use of the human-verified responses to tune the system seems like something that is potentially unique and value-add for Crowdstrike specifically.

Sam Altman has talked a lot about how Reinforcement Learning with Human Feedback (RLHF) is one of the most important steps for the tuning of their systems. I wonder if the human-procured dataset in this case could be used similarly.

In any event, it seems like these AI integrated systems will become the norm, but as a holder of Crowdstrike, it is good to see them at least keeping up with the product development and hopefully there is some unique differentiation built in with their dataset.


I agree this is a good thing (Hey DataDog CEO Pomel, are you paying attention?), but I wouldn’t put any stock on CEO or even sales people usage except to cite reference cases. Crowdstrike itself doesn’t mention those use cases. It does mention CISO’s and CIO’s (a bit of a stretch itself unless the company is pretty small), and IT, security analysts, security experts, etc - all of which seem plausible to me. From automating repetitive tasks, to reducing the size of IT security staff, to reducing the overall expertise needed of that staff, this should save time and money for Crowdstrike customers.

One potential issue with these Generative AI use cases is that the GPT/LLM tools, at least today, can’t “show their work.” So, as suggestions for what to do, or things to look out for, they’re potentially great. Maybe catching things missed by the staff, or perhaps as an early warning system.

“Private customer preview” sounds like a beta release to previously engaged customers. My guess is the results of that beta determine when Crowdstrike thinks it’ll be ready for prime time.