CrowdStrike Puts Endpoint at Center of AI Security With Falcon Overhaul

Overview

• CrowdStrike announced a major Falcon update at the RSA Conference that shifts AI security controls to the device and extends coverage across SaaS, browsers, and cloud.
• New EDR AI Runtime Protection captures commands, scripts, file changes, and network calls from AI-driven processes so teams can trace actions and isolate affected machines.
• Shadow AI Discovery finds unmanaged AI apps, agents, large language model runtimes, and developer tools on endpoints and links each to asset owners and privilege levels to rank risk.
• AIDR now covers desktop AI tools such as ChatGPT, Gemini, Claude, Microsoft Copilot, GitHub Copilot, DeepSeek, and Cursor to inspect prompts in real time and flag injection, data leaks, and policy breaches.
• Browser and cloud controls expand through the Seraphic acquisition and new features that monitor SaaS agent permissions, watch Microsoft Copilot Studio agents, map sensitive data flows, and inspect containerized AI services, while CrowdStrike reports visibility into over 1,800 AI apps and nearly 160 million instances and notes some features are still in development.