As cyber threats become faster and increasingly driven by artificial intelligence, organisations in India are under pressure to rethink how they defend their digital environments. In this interaction, Rajeev Ranjan, Editor, Digital Terminal, speaks with Kartik Shahani, Vice President of India and SAARC at CrowdStrike, on how AI is reshaping threat intelligence and security operations. Kartik discusses the rise of agentic security, adversary-centric defence, and the need for unified, AI-powered platforms to counter modern, identity-based and malware-free attacks at machine speed.
Rajeev: How can AI reshape threat intelligence for Indian organisations today and help them to defend against AI-driven cyber threats?
Kartik: As revealed in the CrowdStrike 2025 Threat Hunting Report, adversaries are weaponising AI to accelerate their attacks and scale their operations. This demonstrates a significant shift in how modern attacks unfold, with what once took days now unfolding in hours or minutes, collapsing the window for defenders to respond. What organisations require to defend against this evolution in attack speed are agentic security capabilities that deliver an autonomous edge, elevating analysts from alert handlers to orchestrators of intelligent agents that automate repetitive tasks and enable humans to focus on the strategic decisions that strengthen security.
This is why CrowdStrike developed Threat AI, cybersecurity’s first agentic threat intelligence system, which automates complex, time-consuming intelligence workflows and accelerates security outcomes. Informed by years of real-world decisions from CrowdStrike’s Counter Adversary Operations teams, Threat AI delivers mission-ready agents for security analysts that actively reason across threat data, proactively hunt adversaries, and take decisive action across the kill chain. It rapidly accelerates investigation and threat response by eliminating high-friction tasks better suited to machines, while ensuring humans remain firmly in command.
Rajeev: What challenges do legacy security tools create for SOC teams and what role do agentic security capabilities play in addressing these challenges?
Kartik: Cyberattacks now unfold in minutes or even seconds, with attackers increasingly logging in with trusted identities opposed to breaking in. Once inside they pivot across identity, endpoint, and cloud domains to evade detection by blending in with normal operational traffic. The prevalence of these identity-based attacks is demonstrated by 81% of intrusions now being malware-free.
Legacy and point security tools are too slow, siloed, and manual to keep pace with the increased speed and sophistication of modern attacks. What organisations need is an AI-powered defense that is supercharged by AI agents that operate under human command to reason, prioritise, and act across identity, endpoint, and cloud data in real-time. These agents should be delivered through a single-agent, unified platform that provides organisations with cross-domain visibility and real-time controls to understand system-wide activity and take action before it’s too late.
Rajeev: What is CrowdStrike’s Agentic Security Workforce and how does it accelerate security operations?
Kartik: CrowdStrike’s Agentic Security Workforce is powered by the Falcon Agentic Security Platform, which provides the foundation for autonomous security operations with the industry’s richest AI-ready data layer and revolutionary capabilities to operationalise AI securely, intelligently, and at scale.
Delivered through Falcon platform modules, the Agentic Security Workforce provides analysts with a set of mission-ready agents they can command to eliminate time-consuming tasks better suited to machines, like exposure prioritisation, malware analysis, threat hunting, search analysis, correlation rule generation, and more.
Rajeev: How does CrowdStrike’s recently announced Charlotte Agentic SOAR enable security teams to operate at machine speed?
Kartik: Charlotte Agentic SOAR enables defenders to orchestrate and unify agents across the security lifecycle – delivering a true step change in agent-to-agent and analyst-to-agent collaboration – connecting context and data, so agents can reason and act dynamically together in real time, always under human control. Traditional SOAR tools that rely on static automation, rule-based playbooks, and fixed workflows can’t keep pace with the speed and sophistication of modern attacks. By delivering intelligent, agentic orchestration, Charlotte Agentic SOAR transforms automation into collaboration to stop breaches with machine speed and precision.
Rajeev: Please can you share more about AI Detection and Response (AIDR) and why organisations need to be adopting these types of capabilities?
Kartik: The AI interaction layer – where AI systems reason, decide, and take action – is the new attack surface and prompts are the new malware. Adversaries are injecting hidden instructions into GenAI tools to hijack agents, manipulate outcomes, and access sensitive data. Falcon AIDR delivers unified, real-time protection across development workflows and workforce AI usage, securing prompts, responses, and agent actions at enterprise scale.
Rajeev: Why does an adversary-centric security approach enable organisations to better protect themselves from sophisticated adversaries?
Kartik: An adversary-centric approach empowers security teams to move to a proactive defense by providing a clear understanding which adversary is targeting them, how they operate, and what their objectives are. Threat intelligence, adversary profiling, and tradecraft analysis helps security teams prioritise threats, adapt their defenses, and stop malicious activity faster. Organisations that integrate intelligence into their security workflows turn insights into action, enabling them to accelerate their response times and disrupt adversaries.
With adversaries increasingly exploiting publicly disclosed vulnerabilities and using exploit chaining to gain access, escalate privileges, and bypass defenses, organisations should also adopt an adversary-centric approach to their vulnerability management. Falcon for IT Risk-based patching and Falcon Exposure Management enable organisations to identify, prioritise, and fix vulnerabilities based on adversary activity and real-world attack paths. Delivered together on CrowdStrike Falcon platform, organisations are able to manage vulnerabilities through a single console and workflow, accelerating large-scale patching, breaking down the silos between IT and Security, and reducing risks before they are exploited.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram
