In the time it takes to read this sentence, an AI-driven adversary could have shifted tactics, rewritten its code, and bypassed a static security rule. Speed of attack has accelerated beyond the capability of manual response, and for many Security Operations Centres (SOCs), even standard automation is struggling to keep up.
At Mondas, we have long championed the philosophy that technology is a powerful tool, but it requires a steady human hand to wield it. This month, our partners at 🔗CrowdStrike validate this approach with their overview of Charlotte Agentic SOAR at Fal.Con.
This development marks a shift from “automated” security to “agentic” security, a shift that aligns with the Mondas vision of blending best-in-class AI tech with expert human oversight.
The Problem with Playbooks
For years, the industry standard for speed was the “playbook” – a pre-determined set of if/then rules designed to automate repetitive tasks. Playbooks are excellent for predictable scenarios. But we are increasingly seeing how the threat landscape is anything but predictable.
Adversaries are using AI to modify behaviours in real-time. A static playbook can’t reason; it can’t “think” outside its programming. When a playbook encounters a data variation it doesn’t recognise, it stalls, forcing the defender back into a manual, slower response loop.
SOC teams can find legacy automation offers a false sense of security. To stay ahead we need systems that understand context.
What is Agentic SOC?
CrowdStrike’s 🔗Charlotte Agentic SOAR represents an evolution of security automation by introducing Intelligent Agents, aiming to:
- Reason – analyse complex scenarios and weigh options based on incomplete data.
- Decide – make low-level decisions at machine speed.
- Act – execute responses across the network instantly.
Crucially, these agents operate within guardrails, where AI has autonomy to act, but only within the safety parameters defined by human experts, for Mondas this is our team of UK-based SOC analysts.
The Orchestration Layer of Agentic SOC
CrowdStrike is powering this Agentic SOC through a unified platform that includes:
| Agentic Security Workforce | A fleet of AI agents powered by Charlotte AI that handle exhaustive tasks like malware analysis and exposure prioritization. |
| Charlotte AI AgentWorks | A no-code platform that allows security architects to build custom agents using plain language, tailoring the AI to specific organisational needs. |
| Unified Case Management | A central command centre in Falcon Next-Gen SIEM that brings investigations and automation into a single view. |
Human Judgement in Cyber Security
At Mondas, we utilise CrowdStrike because their technological roadmap mirrors our own operational ethos. We use AI to handle the high-speed data processing and initial containment and the Mondas SOC team provides the critical layer of:
| Strategic Context | AI can spot a breach, but human experts understand the business impact and the subtlety of a targeted attack. |
| Guardrail Definition | Mondas define the “rules of engagement” for the AI, ensuring it acts aggressively against threats but safely regarding business continuity. |
| Complex Reasoning | When a scenario falls outside the AI’s confidence levels, it hands off to our SOC analysts, who bring years of intuition and experience to the fight. |
The AI vs Human Debate
The future of cybersecurity is about the seamless integration of AI tools with humans in the driving seat, at Mondas we see AI as just another tool in our kit. The Agentic SOC allows us to fight AI with AI, matching the adversary’s speed without sacrificing the nuance of human judgment.
As CrowdStrike continues to evolve the Falcon platform, Mondas remains committed to mastering these tools, ensuring our clients benefit from the bleeding edge of protection, grounded in the reliability of expert human oversight.
Mondas is offering a free audit and proof of concept for our suite of tools from all our vendors and partners, get in touch today to discover if we can support your journey to secure your network.
References:
| CrowdStrike | CrowdStrike Leads New Evolution of Security Automation with Charlotte Agentic SOAR | https://www.crowdstrike.com/en-us/blog/crowdstrike-leads-new-evolution-of-security-automation-with-charlotte-agentic-soar/ |
| Mondas Consulting | UK-Based Managed SOC (Security Operations Centre) | https://mondasconsulting.com/managed-services/managed-soc/ |
This article is brought to you by Chris Wilkes-Green, our Operations Director, who works with our Managed SOC team and is at the forefront of technological trends in cyber, learn more about Chris on 🔗LinkedIn here.
Last Updated: 20/11/2025
