SAN FRANCISCO – As autonomous artificial intelligence (AI) agents begin to operate with system-level privileges across global enterprises, CrowdStrike Inc. has massively expanded its Falcon platform, positioning the endpoint as the critical frontline for AI governance.
The announcement at RSAC here signals a strategic shift in how organizations defend against agentic workflows that can independently execute commands, access sensitive data, and modify files. Unlike static applications, autonomous agents often perform actions that are indistinguishable from legitimate human activity, rendering traditional network controls obsolete.
CrowdStrike’s new capabilities address the Shadow AI crisis. The company revealed its sensors have detected over 1,800 distinct AI applications — totaling nearly 160 million instances — running across its customer base.
To manage this sprawl, the updated Falcon platform introduces AI Runtime Protection, real-time visibility into the scripts and commands executed by AI agents, allowing security teams to isolate compromised endpoints instantly; AI Data Detection and Response (AIDR), protection extended to the prompt layer of popular tools like ChatGPT, Claude, and Microsoft Copilot to prevent data leaks and injection attacks; and Cross-Surface Governance, which tracks AI behavior across browsers, SaaS platforms like Salesforce Inc.’s Agentforce, and cloud-native container environments.
“Security built for static applications can’t keep up with autonomous systems,” CrowdStrike President Michael Sentonas said. “Organizations need real-time visibility and control over AI behavior wherever it runs.”
In a move to accelerate the phase-out of legacy Security Information and Event Management (SIEM) systems, CrowdStrike also announced that its Falcon Next-Gen SIEM can now ingest and correlate telemetry from Microsoft Defender for Endpoint.
Integration allows organizations using Microsoft’s security tools to modernize their operations within the CrowdStrike ecosystem without the operational burden of deploying new sensors. The collaboration highlights a maturing industry focusing on interoperability.
“It is great to see Microsoft Defender telemetry being leveraged within Falcon Next-Gen SIEM,” said Rob Lefferts, corporate vice president for threat protection at Microsoft. “Integrations like this reinforce the importance of an open ecosystem.”
By unifying AI discovery, data flow monitoring, and third-party telemetry, CrowdStrike is attempting to close the widening gap between rapid AI adoption and security enforcement. As AI moves from a chat box to an autonomous worker, the endpoint is no longer just a device but the epicenter of the new digital perimeter.
Recent Articles By Author
