Overview
- CrowdStrike announced a Falcon platform update at RSA 2026 that centers AI security on the endpoint and extends protection across SaaS, browsers, and cloud.
- New endpoint tools include EDR AI Runtime Protection to trace and contain AI-driven commands and network activity, Shadow AI Discovery to find unmanaged AI apps and LLM runtimes with privilege context, and AIDR for Endpoint to inspect prompts for injection and data loss.
- Browser and SaaS safeguards add Seraphic-powered runtime checks in the browser with visibility into agent behavior on platforms such as Microsoft Copilot Studio, Salesforce Agentforce, ChatGPT Enterprise, OpenAI Enterprise GPT, and Nexos.ai.
- Cloud additions introduce AIDR for Cloud to inspect containerized AI services that use the OpenAI API, AI Data Flow Discovery to track sensitive data movement, and an adversary-informed risk model with Application Explorer, Timeline Explorer, and a new Cloud Risk Engine.
- CrowdStrike reports visibility into more than 1,800 AI applications and nearly 160 million instances across its customers, while noting some features remain in development without independent validation in the coverage.