SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Sleek cybersecurity control room ai brain certified governance
#
Malware
#
Cloud Security
#
Phishing

CrowdStrike secures ISO 42001 AI governance standard

Fri, 23rd Jan 2026
Author image
By Sofiah Nichole Salivio, News Editor

CrowdStrike has announced that it has achieved ISO/IEC 42001:2023 certification, the international standard for artificial intelligence management systems. The move covers governance for AI utilised across its Falcon cybersecurity platform.

The company stated that the certification spans core Falcon platform products, including CrowdStrike Endpoint Security, Falcon Insight XDR, and Charlotte AI. An independent, accredited certification body completed an external audit to assess the company's AI management system.

ISO/IEC 42001:2023 sets out requirements for organisations that establish, implement, maintain and continually improve an AI management system. Companies have started to use the standard as part of wider work on AI governance as regulation develops across major markets.

CrowdStrike framed the certification as evidence of what it described as responsible AI governance. It said it operates AI "safely, transparently, and under human control" across Falcon.

"CrowdStrike is among the first cybersecurity companies to achieve ISO 42001 certification, the world's first AI management system standard," said Michael Sentonas, President, CrowdStrike. "For a cybersecurity vendor, responsible AI governance is foundational. This certification validates the maturity, discipline, and leadership behind how we develop and operate AI across the Falcon platform."

Audit scope

The company said the audit reviewed governance, policies, risk management, and development practices for the design, deployment and operation of AI. It said the process assessed how it designs, develops and runs AI systems used for cybersecurity work.

CrowdStrike did not name the certification body in its announcement. It said the audit was "extensive" and conducted by an "independent, accredited certification body".

The company positioned the certification within a broader shift in cybersecurity as attackers adopt generative AI and automation for phishing, malware development and social engineering. It said adversaries "are weaponizing AI to scale attacks faster than defenders can respond".

Falcon products

CrowdStrike's Falcon platform includes endpoint security, threat detection and response, and managed services. The company said the ISO 42001 certification spans products that include Falcon Insight XDR and Charlotte AI, which it describes as an AI layer for security operations.

The company described Falcon as an "AI-native" platform. It said the platform analyses behaviours and delivers real-time protection across an organisation's attack surface.

Charlotte AI forms part of CrowdStrike's messaging around "agentic" security operations. The company said intelligent agents can automate tasks across the security lifecycle. It said those agents operate "always under defender control".

Agentic tools

CrowdStrike also referenced a set of products and features it groups under Charlotte AI, including the Agentic Security Workforce, Charlotte AI AgentWorks and Charlotte Agentic SOAR.

It said the Agentic Security Workforce uses agents trained on human expertise and response actions drawn from Falcon Complete and incident response engagements. Falcon Complete is CrowdStrike's managed detection and response offering.

The company said Charlotte AI AgentWorks lets organisations build and customise their own agents without writing code. It said Charlotte Agentic SOAR acts as an orchestration layer for CrowdStrike agents, custom-built agents and third-party agents.

Governance model

CrowdStrike has stated that Charlotte AI operates within a "model of bounded autonomy", ensuring that security teams maintain oversight of AI-driven decisions and define precisely when automated actions occur.

The company also noted that it applies rigorous governance and controls to AI data, models, and agents. These controls are specifically designed for "highly regulated environments".

ISO/IEC 42001:2023 has emerged as one of several frameworks that companies cite as they formalise internal AI governance. It sits alongside risk management standards and sector-specific compliance regimes that increasingly include expectations regarding transparency, accountability, and oversight.

Cybersecurity vendors have faced growing scrutiny over how they deploy AI features in detection, response and analytics products. Buyers have also started to ask suppliers for evidence of third-party assurance over AI governance practices, particularly for tools that influence automated decision-making during incident response.

CrowdStrike said the certification reflects an "externally audited approach" to responsible AI. It said the work covers design, development and operation of AI-powered cybersecurity across the Falcon platform.

"This certification validates the maturity, discipline, and leadership behind how we develop and operate AI across the Falcon platform," said Sentonas.

CrowdStrike said ISO 42001 provides organisations with a globally recognised framework as they navigate emerging AI standards and regulatory expectations.

Related stories
OPSWAT names Jan Miller CTO to lead new Technology Centre
eBPF report shows efficiency, security gains at scale
Securing the digital classroom: A layered cybersecurity approach for K-12 schools
LummaStealer returns post-takedown with ClickFix ruse
Okta unveils tools to detect & govern shadow AI risks

Top stories

Xiid & Cytex link AI governance with zero trust access
UK CIOs struggle to govern surge in business AI agents
AI romance scams surge on UK dating apps, says study
Cyber premiums fall as Lockton flags 2027 volatility risk
AI-driven ransomware attacks surge, most go unreported