Cloud is the new battleground, and more adversaries are joining the fight: New and unattributed cloud intrusions were up 26% in 2024, according to the CrowdStrike 2025 Global Threat Report. As adversaries accelerate cloud attacks, CrowdStrike delivers full-cycle agentic AI — from detection triage to threat response — giving defenders the edge to act at machine speed before adversaries can break through.
Cloud security tools often fall short in detecting and responding to these evolving attacks. While cloud workload protection (CWP) secures workloads, and security posture management tools identify misconfigurations, neither adequately investigates and responds to active cloud threats. Cloud detection and response (CDR) tools have begun to emerge — however, there is a response gap between adversaries leveraging AI and SOC teams moving at human speed.
Earlier this year, CrowdStrike released new Charlotte AI capabilities that use groundbreaking agentic AI: Charlotte AI Detection Triage, Charlotte AI Agentic Response, and Charlotte AI Agentic Workflows. Agentic AI refers to AI systems that operate autonomously with reasoning and decision-making capabilities, mimicking the decision logic of expert analysts. These innovations transform how SOC teams identify and respond to cloud threats, especially within the context of cross-domain attacks spanning cloud, identity, and endpoint.
LABYRINTH CHOLLIMA is one adversary that exemplifies the increase of cross-domain intrusions in which threat actors gain initial access via valid credentials then traverse endpoint and cloud environments. Here, we examine how CrowdStrike’s agentic AI capabilities work together to stop this adversary.
How Charlotte AI Stops LABYRINTH CHOLLIMA
LABYRINTH CHOLLIMA is a DPRK-nexus adversary that CrowdStrike has observed consistently targeting cloud environments.1 Below are the details of an attack in which supply chain compromise led to exfiltration of data from the cloud.
