Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More
As security operations center (SOC) teams struggle with mounting alert volumes, CrowdStrike is introducing Charlotte AI Detection Triage, which automates alert assessment with over 98% accuracy and cuts manual triage by more than 40 hours per week, all without losing control or precision.
“We couldn’t have done this without our Falcon Complete team,” Elia Zaitsev, CTO at CrowdStrike, told VentureBeat. “They do triage as part of their workflow, manually handling millions of detections. That high-quality, human-annotated dataset is what made over 98% accuracy possible.”
He continued: “We recognized that adversaries are increasingly leveraging AI to accelerate attacks. With Charlotte AI, we’re giving defenders an equal footing — amplifying their efficiency and ensuring they can keep pace with attackers in real-time.”
How Charlotte AI Detection Triage brings greater scale and speed to SOCs
SOC teams are in a race against time every day, especially when it comes to containing breakout times. CrowdStrike’s recent global threat report found that adversaries now break out within 2 minutes and 7 seconds after gaining initial access.
Core to Charlotte AI Detection Triage’s architectural goals is automating SOC triage and reducing manual workloads while maintaining over 98% accuracy in threat assessment. CrowdStrike reports this accuracy figure based on continuous real-world data from the Falcon Complete environment, which processes millions of triage decisions monthly.
Designed to integrate into existing security workflows and continuously adapt to evolving threats, the platform enables SOC teams to operate more efficiently and respond to critical incidents faster.
Key features include:
Autonomous triage and low-risk alert closure: Filters out false positives and closes low-risk alerts, allowing analysts to focus on genuine threats. This process reduces noise and enables SOC teams to prioritize high-impact incidents while minimizing alert fatigue.
Falcon Fusion integration for automated response. Incorporates CrowdStrike’s security orchestration, automation and response (SOAR) platform to streamline detection triage and automate response workflows. These are based on confidence thresholds and reduce mean time to respond (MTTR) and ensures analysts receive only the most relevant, high-fidelity detections.
“In earlier AI iterations, an analyst had to invoke Charlotte manually,” Elia Zaitsev, CTO at CrowdStrike, told VentureBeat. “Now, through Fusion, it can run autonomously — triaging thousands of alerts automatically and even triggering responses when confidence is high. That scale is what excites me most.”
Continuous learning from the industry’s largest SOC dataset: By continuously learning from millions of expert-labeled triage decisions within Falcon Complete, Charlotte AI Detection Triage adapts to emerging attack techniques in real time. Unlike generic AI models, which rely on static datasets, it refines its precision based on rea …