CrowdStrike and NVIDIA employ Nemotron models to train agents on Falcon data
Last week a ransomware crew slipped past a Fortune 500 security operations center in under a minute, and it felt like a wake-up call. Enterprises are now dealing with attacks that move faster than human analysts can keep up, and the tools they rely on are only just catching up. NVIDIA’s Nemotron models have gotten a lot of praise for being open, but they’ve hardly ever been tested in a real-world threat-intelligence pipeline at scale.
Meanwhile, CrowdStrike’s Falcon Complete - billed as the world’s largest managed detection and response service - handles millions of triage decisions each month, yet until recently it hasn’t served as a training ground for autonomous agents. By stitching together NVIDIA’s publicly available models with Falcon’s massive dataset, the two firms hope to build agents that not only react but keep learning. The partnership hints at a shift from static defenses to systems that adapt on the fly, using open-source AI to try and stay ahead of ever-faster adversaries.
If it works, security teams might finally get a practical edge, especially when a missed alert can cost thousands of dollars.
---
Capitalizing on the strengths of the NVIDIA Nemotron open models, organizations will be able to have their autonomous agents continually learn by training on the datasets from Falcon Complete, the world’s largest MDR service handling millions of triage decisions monthly. CrowdStrike has previous experience in this area, which could help smooth the integration.
Capitalizing on the strengths of the NVIDIA Nemotron open models, organizations will be able to have their autonomous agents continually learn by training on the datasets from Falcon Complete, the world's largest MDR service handling millions of triage decisions monthly. CrowdStrike has previous experience in AI detection triage to the point of launching a service that scales this capability across its customer base. Charlotte AI Detection Triage, designed to integrate into existing security workflows and continuously adapt to evolving threats, automates alert assessment with over 98% accuracy and cuts manual triage by more than 40 hours per week.
Elia Zaitsev, CrowdStrike's chief technology officer, in explaining how Charlotte AI Detection Triage is able to deliver that level of performance, told VentureBeat: "We wouldn't have achieved this without the support of our Falcon Complete team. They perform triage within their workflow, manually addressing millions of detections. The high-quality, human-annotated dataset they provide is what enabled us to reach an accuracy of over 98%." Lessons learned with Charlotte AI Detection Triage directly apply to the NVIDIA partnership, further increasing the value it has the potential to deliver to SOCs who need help dealing with the deluge of alerts.
Open source is table stakes for this partnership to work NVIDIA's Nemotron open models address what many security leaders identify as the most critical barrier to AI adoption in regulated environments, which is the lack of clarity regarding how the model works, what its weights are, and how secure it is.
It’s tempting to think the new agents will finally quiet the nonstop flood of alerts. CrowdStrike and NVIDIA say their open-source stack - built on Charlotte AI and Nemotron models - lets autonomous agents learn from Falcon Complete’s huge triage data. In theory that could shift security teams from putting out fires to striking attackers before they get far.
Millions of decisions run through the system each month, creating a feedback loop that should sharpen detection. The article, however, doesn’t give any hard numbers on false-positive cuts or faster response times. I’m also uneasy about continuous learning; model drift and the need for human oversight are real worries.
The partnership taps the world’s biggest MDR service, but whether that actually translates into a measurable edge is still fuzzy. For now it feels like a bold experiment in mixing open-source AI with enterprise security workloads. Some analysts point out that scaling these models across varied environments could bring integration headaches.
The real test will be how the agents hold up under sustained, real-world attack volumes. We’ll be watching how quickly firms can adopt them without weakening existing safeguards.
More in Open Source
Anthropic CEO Dario Amodei calls AGI a marketing term, echoing Altman's view
The AI community has grown weary of a word that shows up on every press release and investor deck.
Xiaomi launches MiMo‑V2‑Flash AI model: 150 t/s, USD 0.1‑USD 0.3 per million tokens
Xiaomi’s latest foray into generative AI arrives as an open‑source model named MiMo‑V2‑Flash, a...
OpenAI signs USD 10 bn deal to use Amazon Trainium3 chips, 4.4× faster compute
OpenAI has just inked a ten‑billion‑dollar agreement to run its models on Amazon’s newest Trainium3...
Zepto Cafe uses MCP to parse text orders, Playwright runs the clicks
Zepto Cafe has taken a modest step toward turning plain‑text requests into a full‑fledged ordering...
Larian CEO denies AI cuts, says generative AI hasn't boosted efficiency
Why does the Larian story matter now? The studio’s founder‑CEO, Swen Vincke, has been under fire...
Common Questions Answered
How are NVIDIA's Nemotron models being used with CrowdStrike's Falcon Complete?
NVIDIA's open‑source Nemotron models are paired with CrowdStrike's Falcon Complete to train autonomous security agents on the massive triage data generated each month. This integration allows the agents to continuously learn from millions of detection decisions, improving their threat‑intelligence capabilities.
What makes Falcon Complete a unique data source for training AI agents?
Falcon Complete is described as the world’s largest managed detection and response (MDR) service, processing millions of triage decisions monthly. Its scale provides a rich, real‑world threat‑intelligence pipeline that few AI models have previously accessed at this volume.
What role does Charlotte AI play in the new open‑source stack?
Charlotte AI serves as the detection‑triage component that integrates directly with the Nemotron models, forming the core of the autonomous agent pipeline. By leveraging Charlotte AI, the stack can ingest Falcon Complete’s data and feed it back into the learning loop for continuous improvement.
What benefits do CrowdStrike and NVIDIA claim their combined solution will deliver to security teams?
The combined solution promises to shift security operations from reactive alert‑firefighting to proactive threat‑hunting by using autonomous agents trained on real‑time triage data. Although the article does not provide hard metrics, the feedback loop of millions of decisions each month is expected to sharpen detection accuracy over time.