CrowdStrike lays out agent roadmap

CrowdStrike is recasting its core pitch around artificial intelligence agents, arguing that the laptop and server endpoint is where those systems now have to be watched and controlled. (crowdstrike.com) The company used the RSA Conference in San Francisco on March 23, 2026 to launch new Falcon features for AI agent discovery, governance, and runtime protection across endpoints, software-as-a-service apps, browsers, and cloud environments. CrowdStrike said its sensor data now sees more than 1,800 distinct AI applications and nearly 160 million unique application instances running on customer devices. (crowdstrike.com) In plain terms, CrowdStrike is trying to monitor what an AI agent actually does on a machine: the commands it runs, the files it touches, and the network connections it opens. The company said those actions can look like normal user behavior, which makes older network-only controls less useful. (crowdstrike.com) That product push is arriving as CrowdStrike gets bigger and tries to sell more of its platform in one contract. The company said on March 3, 2026 that annual recurring revenue reached $5.25 billion at the end of fiscal 2026, while annual recurring revenue tied to Falcon Flex accounts rose more than 120 percent year over year to $1.69 billion. (finance.yahoo.com) Falcon Flex is CrowdStrike’s prepaid commitment model, where customers agree to spend across multiple modules instead of buying one product at a time. Chief Executive George Kurtz said the model helped CrowdStrike add more than 350 Flex customers in the fourth quarter and pass 1,600 total Flex customers. (crn.com) CrowdStrike has also been buying pieces it says it needs for that broader platform. It agreed to acquire Onum in August 2025 to add real-time telemetry pipeline management, signed a deal for Pangea in September 2025 to add AI application security, and announced a roughly $740 million acquisition of identity startup SGNL on January 8, 2026. (crowdstrike.com, crowdstrike.com, cnbc.com) Using reported deal values for Pangea at about $260 million and Onum at about $290 million, plus the SGNL price, the recent acquisition total comes to roughly $1.29 billion, not $2 billion. Reports on Pangea and Onum cited those values, while CrowdStrike’s own deal announcements did not disclose prices. (securityweek.com, csoonline.com, cnbc.com) The company is extending the same Flex model into services as well as software. On March 24, 2026, CrowdStrike launched Flex for Services and said qualifying new customers could get 200 hours of services, including 160 hours of incident response and 40 hours of proactive work, with no up-front initiation cost. (crowdstrike.com) Outside coverage of CrowdStrike’s RSA rollout described the technical bet more narrowly: secure the endpoint first, then connect that visibility to cloud and software-as-a-service controls. SDxCentral reported that the new Falcon tooling inspects large language model runtimes and model context protocol servers, while also extending prompt protections to desktop tools such as ChatGPT, Gemini, Claude, DeepSeek, and Microsoft Copilot. (sdxcentral.com) CrowdStrike’s message is that AI agents are becoming another class of privileged software worker, and that security vendors want to be the control layer before those agents spread further across corporate systems. The next test is whether customers buy that argument as larger Flex contracts and new acquisitions move from roadmap to revenue. (crowdstrike.com, finance.yahoo.com)