Roland Daccache, Senior Manager of Sales Engineering for MEA at CrowdStrike, highlighted that at GISEC 2025, CrowdStrike spotlighted AI-powered cybersecurity by showcasing Charlotte AI and its next-gen SIEM, both designed to combat AI-driven threats, insider risks, and data leaks across modern enterprise environments.
What were you showcasing at GISEC this year?
At GISEC this year, AI was the dominant conversation, with organizations actively seeking secure ways to integrate it. This aligned perfectly with our focus. At CrowdStrike, we recognized both the immense potential and the inherent challenges that came with adopting generative AI across the enterprise, as recent events had clearly demonstrated. Our latest global threat report, which we had launched just a few weeks earlier, revealed that generative AI was already being weaponized to accelerate cyberattacks. It was quite striking – human-authored phishing emails had around a 12% success rate, while AI-generated ones boasted a staggering 54%. This necessitated a fundamental shift in how organizations approached security, and incorporating AI-powered technologies into our security framework was crucial. At GISEC, our primary emphasis was on showcasing our next-gen SIEM and Charlotte AI, our agentic AI capability, both specifically designed to protect against this new breed of attacks.
How can you predict or detect these AI-powered attacks?
We’ve observed firsthand how sophisticated threat actors, like the infamous Famous Chollima from North Korea, have become masters of generative AI cyberattacks. They’re creating incredibly convincing fake news profiles and even fake university certificates. What’s particularly concerning is their increased ability to recruit insiders or insider operatives within Western companies. Our advice to companies is to thoroughly re-evaluate their entire hiring process and employee verification procedures, and crucially, to deploy technologies that are inherently AI-aware. At CrowdStrike, we’ve been leveraging AI to detect various threats, including both malware and malware-free attacks, for over a decade now, so we believe we have a significant head start. However, we fully anticipate that attackers will only become more adept with these techniques over time.
Do you have a technology to counter this problem for the organization?
Yes, historically, CrowdStrike’s main area of focus has been what we term endpoint security or endpoint detection and response. However, we’ve recently expanded our platform to ingest signals and telemetry from a much wider range of sources, including email gateways, firewalls, CASBs, and proxies. This expansion allows us to continuously retrain our AI models using this third-party telemetry, which is something we didn’t do in the past. So, when you deploy CrowdStrike today, you gain detection capabilities across signals originating not just from endpoints, but from your entire enterprise logging infrastructure, and this includes your AI models. We have specific capabilities in place to detect vulnerabilities, misconfigurations, and even data leaks at the AI level.
How do you control the data leakage from generative AI used by organizations?
It’s a real concern that employees in virtually every organization now have access to tools like ChatGPT, Google Gemini, and other AI platforms. For CISOs, ensuring that no proprietary data is being inadvertently leaked through the use of these tools is a major headache. We believe this isn’t just a technology challenge; it’s also a matter of governance and user education. At CrowdStrike, we provide guardrails within our data protection module that can prevent users from uploading sensitive data to these AI tools. However, we also recognize the challenge of unmonitored devices like personal mobile phones or laptops that could serve as potential gateways for data leaks. Our recommendation for CISOs and security leaders is not to rely solely on technology. Implementing proper training, clear policies and procedures, and robust governance models is equally crucial to ensure users are aware of the risks and avoid uploading sensitive data to publicly available AI tools.
How prevalent are the insider threats in this part of the world, and how dangerous are they for an organization?
Our 2024 global threat report highlighted that insider threats have become significantly more potent. Threat actors have evolved their tactics from simply trying to manipulate existing employees into becoming insider threats to actively attempting to recruit fake individuals, particularly in the development field, into major companies. They’re creating sophisticated fake online personas, LinkedIn profiles, credentials, and even using deepfakes as part of the interview process. We strongly advise organizations to thoroughly revise their methods for verifying credentials and candidates, implement regular employee assessments to limit the potential damage of insider threats, and adopt zero-trust and least-privilege models internally to prevent significant data breaches or theft caused by these malicious insiders.
How do you see the role of Agentic AI in the SOC operations, and how is it going to change the landscape?
We understand that CISOs are often facing the challenge of needing to achieve more with the same or even fewer resources. One of the key areas where CrowdStrike is assisting our clients is through the application of Agentic AI within our software. For instance, our Charlotte AI is currently capable of autonomously triaging detections and alerts with an impressive 98% accuracy. This is freeing up approximately 40 hours of analyst time within the SOC. Our aim is to automate these initial triage tasks and provide SOC analysts with much faster answers to their queries, ultimately enabling CISOs to operate their SOCs more efficiently and effectively with potentially fewer resources. We firmly believe that Agentic AI’s role won’t be limited to just detection; it will rapidly expand into the response domain as well, providing greater automation in areas that have traditionally been handled manually by human analysts.
How are CIOs and CISOs perceiving the adoption of AI technologies, and what are the challenges they face?
From our interactions, it’s clear that CISOs and CIOs have come to the realization that generative AI is not just a security concern but will become an integral part of the broader business processes within their organizations. Therefore, there’s a strong understanding that adopting AI technologies now, along with the appropriate security measures and guardrails, is far preferable to addressing it later when the risk exposure could be significantly greater. We’re seeing a significant level of interest in the market for adopting next-generation, AI-powered technologies like the CrowdStrike platform. Importantly, CISOs generally prefer having generative AI capabilities natively integrated within their existing security tools, rather than having to onboard and manage third-party AI tools that might have a less comprehensive understanding of the intricacies of their current environment. At CrowdStrike, we’ve made it a priority to open up the training of Charlotte’s AI models to include third-party telemetry. This allows us to analyze not only our first-party data from endpoints and cloud identity but also to train our AI on data from firewalls, Active Directory, proxies, CASBs, secure web gateways, and email gateways, providing a much richer and more contextual understanding of potential threats.
What advice would you give to CIOs who are looking to adopt emerging technologies to secure their organizations?
My advice to CISOs would be to adopt a much more comprehensive view of risk and to prioritize solutions that can understand and address cross-domain attacks, including those powered by AI. The security stack they deploy needs to be inherently interconnected. The days of having isolated email security, endpoint security, and cloud security solutions are over. We need to natively integrate these different tools through platforms that have a holistic understanding of the threat landscape and can orchestrate effective responses. The next-gen SIEM that CrowdStrike is highlighting at GISEC is a prime example of this approach. We’re demonstrating how we can integrate various parts of an enterprise’s security infrastructure – across identity, email, endpoint, cloud, and other third-party security tools – into a unified platform that can effectively connect the dots and identify subtle indicators of intrusions or errors.