CrowdStrike has introduced enhancements to its Falcon platform, extending AI security capabilities and reinforcing the endpoint as a central point for AI threat management.
The updates aim to address the increasing autonomy of AI agents, which can execute commands and access data directly on endpoints. Traditional security methods have limited ability to govern these operations. CrowdStrike’s new features provide real-time oversight and monitoring of AI activity.
As AI adoption grows, the need for endpoint security rises. CrowdStrike identifies numerous AI applications across enterprise devices, covering approximately 160 million unique instances. To manage this, the platform seeks to offer:
- EDR AI Runtime Protection: Provides visibility of AI actions in progress, enabling teams to track and respond to suspicious behaviours.
- Shadow AI Discovery: Detects AI applications and assesses their potential security impact.
- AIDR for Endpoint: Monitors desktop AI applications to identify threats and enforce compliance.
Beyond endpoints, AI agents operate across SaaS platforms, cloud environments, and web interfaces. CrowdStrike’s intended features include:
- Shadow SaaS and AI Agent Discovery: Monitors AI activity, permissions, and potential vulnerabilities across popular platforms.
- AIDR for Copilot Studio Agents: Provides real-time monitoring for Microsoft Copilot Studio, detecting data leaks and other threats.
- AIDR for Cloud: Secures AI workloads in cloud environments against prompt-based threats.
- AI Data Flow Discovery for Cloud: Tracks data movements in real time to support management of potential data exposure.
These enhancements aim to provide comprehensive oversight of AI activity across endpoints, cloud, and SaaS environments, helping organisations monitor and manage AI-related security risks.
