SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Daniel bernard headshot
#
Hyperscale
#
Cloud Security
#
DC

CrowdStrike & Nvidia unveil secure AI agent blueprint

Tue, 17th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

CrowdStrike has expanded its partnership with Nvidia, unveiling a security architecture for autonomous AI agents and internal test results that suggest faster investigations and higher triage accuracy in managed detection and response workflows.

The announcements focus on two areas. First is a "Secure-by-Design AI Blueprint" that brings protections from the CrowdStrike Falcon platform into Nvidia OpenShell, an open-source runtime that applies policy-based controls for AI agents. Second is deeper use of the Nvidia Agent Toolkit and Nvidia's Nemotron models in CrowdStrike's "Agentic MDR" effort, which internal benchmarks show improved investigation speed and benign triage performance.

Agent Security

The Secure-by-Design AI Blueprint embeds Falcon protections within the OpenShell runtime. OpenShell is positioned as a runtime layer for agents with policy enforcement and sandboxing. The design targets agent behaviour during development and at runtime, with monitoring and enforcement across environments.

Autonomous agents pose a distinct security challenge because they act with permissions and access to data, applications, and compute resources. The architecture is designed to enforce controls continuously rather than rely on static checks, reflecting how quickly agent-driven systems can operate.

In CrowdStrike's description, the integration delivers unified visibility and runtime monitoring, with controls to constrain unsafe behaviour, prevent prompt manipulation, and enforce policy across the AI lifecycle.

The blueprint connects multiple Falcon products to different parts of the agent stack. Falcon AI Detection and Response is expected to integrate with OpenShell for prompt and action monitoring. Falcon Endpoint Security is described as securing local agents running on Nvidia DGX Spark or DGX Station. Falcon Cloud Security is positioned to protect agents in cloud and data centre environments, including those built on Nvidia's AI-Q Blueprint for deep research. Falcon Next-Gen Identity Security is described as managing access controls for agent identities across data, APIs, and services.

CrowdStrike and Nvidia also said they are developing "intent-aware controls" to govern how agents plan and execute tasks, aiming to limit the impact of unintended actions and malicious behaviour.

Daniel Bernard, CrowdStrike's chief business officer, linked the work to a shift from assistant-style tools to more autonomous systems.

"As we enter the agentic era, agents no longer simply assist - they act," said Daniel Bernard, Chief Business Officer, CrowdStrike. "This shift fundamentally changes the security equation, and security must be embedded into the AI stack itself. Together with NVIDIA, we are delivering a Secure-by-Design architecture that enables organisations to operationalise agents with confidence and control."

Justin Boitano, Nvidia's vice president of enterprise platforms, said the integration connects CrowdStrike's platform with Nvidia's Agent Toolkit and supports agent deployments across organisations.

CoreWeave, which operates GPU-accelerated cloud infrastructure, pointed to the partnership's focus on observability and governance. "AI infrastructure is moving from experimentation to mission-critical production," said James Higgins, Chief Information Security Officer, CoreWeave. "As we scale GPU-accelerated environments, AI agents must be observable, governed, and resilient by design. The collaboration between CrowdStrike and NVIDIA secures AI systems at the foundation - enabling high-performance AI environments without compromising control."

SOC Automation

The second announcement focuses on CrowdStrike's managed security operations and its use of AI agents in MDR workflows. CrowdStrike said it has expanded its collaboration with Nvidia to advance "Agentic Managed Detection and Response" using the Nvidia Agent Toolkit, including open Nvidia Nemotron models and Nvidia NeMo Data Designer.

CrowdStrike also said it will expand Charlotte AI AgentWorks with support for Nvidia Nemotron 3 Super, allowing organisations to build custom AI agents using the model.

In internal testing involving Falcon Complete Next-Gen MDR, CrowdStrike reported "up to 5x faster investigations" and "more than 3x higher triage accuracy" for high-confidence benign classifications when the workflow used Nvidia Nemotron Nano and Nemotron Super models. Results may vary by environment and configuration.

The internal comparison cited an average agentic investigation time of 8.5 minutes versus the longest observed human investigation time of 48 minutes. CrowdStrike also reported improved benign classification versus its current production model, based on what it called "Nemotron volume of benign classification at high-confidence."

CrowdStrike said it evaluated Nemotron models for MDR use cases that orchestrate investigative workflows and automate high-volume Tier 1 analysis while keeping analysts in the loop. The models were customised using synthetic data generated with Nvidia NeMo Data Designer, which CrowdStrike said learns patterns from expert insights and first-party telemetry to produce structured training signals.

CrowdStrike also cited fine-tuning results for Nemotron Nano, reporting 96% accuracy in generating investigation queries within Falcon LogScale. It positioned this as a natural-language interface intended to improve investigative efficiency.

Bernard framed the MDR work as a response to adversaries using AI and to operational constraints within security teams.

"Adversaries are already using AI to move faster and scale their operations," said Daniel Bernard, Chief Business Officer at CrowdStrike. "The future of managed defence isn't adding more analysts - it's embedding AI agents directly into SOC operations to give analysts superpowers. With Falcon Complete Next-Gen MDR, we're applying advanced reasoning models to automate investigation and triage while maintaining expert oversight. Together with NVIDIA, we're accelerating the shift toward Agentic MDR."

Boitano said the companies are focusing on security operations use cases that apply reasoning models and synthetic data. "AI reasoning models and synthetic data are transforming how enterprises operationalise intelligence," said Justin Boitano, Vice President, Enterprise AI Products at Nvidia. "Together with CrowdStrike, we're bringing secure, autonomous AI agents into security operations - enabling organisations to reason through threats, act in real time, and continuously strengthen their cyber resilience."

Kroll also highlighted the implications for managed defence delivery. "CrowdStrike's use of advanced AI reasoning in Falcon Complete Next-Gen MDR marks a significant step forward in managed defence," said David Burg, Global Group Head of Cyber and Data Resilience at Kroll. "By accelerating investigations and sharpening triage accuracy, it enables our teams to deliver faster, high-quality outcomes for clients around the world."

Related stories
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
ISACA launches AI risk certification amid governance gap
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack