Overview
- CrowdStrike used RSA 2026 to roll out Falcon updates that govern autonomous AI agents at runtime across endpoints, browsers, SaaS apps, and cloud workloads.
- New endpoint tools include EDR AI Runtime Protection to record commands, scripts, files, and network calls, Shadow AI Discovery to find unmanaged AI apps and LLM runtimes, and AIDR for Endpoint to inspect prompts in tools like ChatGPT, Gemini, Claude, and Copilot to catch injection and data leaks, backed by telemetry of 1,800+ AI apps and about 160 million instances.
- Falcon Cloud Security introduced what the company calls adversary‑informed risk prioritization on Tuesday, linking live application behavior to tactics used by attackers through features such as Application Explorer, Timeline Explorer, a Cloud Risk Engine, and real‑time cloud detection and response to isolate compromised workloads.
- CrowdStrike also unveiled Falcon Data Security on Tuesday to classify sensitive information and watch data in motion across endpoints, browsers, SaaS, GenAI workflows, and cloud services, using context like source, user, and destination plus eBPF telemetry to spot and stop risky transfers as they happen.
- On Wednesday, Intel said it expanded its collaboration with CrowdStrike to optimize Falcon on Intel AI PCs, using on‑device AI acceleration and silicon telemetry to enable real‑time threat detection and to prevent generative AI data leaks without slowing machines, with some features noted by CrowdStrike as in development or rolling out.