CrowdStrike has announced new features that help companies protect their employees from malicious AI models and other threats. CrowdStrike is adding the new capabilities to its Falcon platform.
The first new feature, AI Model Scanning, enables users to detect “Trojan models.” These are AI models that behave correctly under normal circumstances but generate malicious output when given certain prompts. According to CrowdStrike, hackers could, for example, modify a programming assistant so that it deliberately gives developers incorrect advice on how to remove vulnerabilities from their code.
Cybercriminals create such models by injecting malicious data into the training data. It is also possible to modify a neural network in such a way that it produces undesirable results.
In addition to Trojan models, AI Model Scanning also detects backdoors and other threats. The risks found are ranked by threat level using a technology called ExPRT.AI. CrowdStrike reports that ExPRT.AI uses information about hacking campaigns to estimate the likelihood of a vulnerability being exploited.
Detecting shadow AI
AI Model Scanning comes with another new feature, the AI Security Dashboard. This dashboard helps administrators detect shadow AI. This is important in situations where employees may be using unsafe AI applications without permission. The dashboard can also monitor how internal training data for AI is used within the company.
In addition, CrowdStrike’s Falcon platform includes a separate module for detecting data misuse. This module is called Falcon Data Protection. Among other things, it can identify attempts to download sensitive data to an unsecure device. With the current update, this module gains several new features.
CrowdStrike has indicated that Falcon Data Protection will now also record unauthorized data movements on Macs. According to the company, the new version is also much better at recognizing attempts by hackers to hide file copying.
When stealing data, hackers often break into an organization and copy files to an external server. Such attempts are usually detected fairly easily by cybersecurity tools. That is why attackers sometimes try to cover their tracks by packaging stolen data in encrypted ZIP files before moving them. Such files are more difficult to scan.
Encrypted ZIP files
According to CrowdStrike, the latest version of Falcon Data Protection scans encrypted ZIP files as they are created, rather than after the fact. This allows the contents to be checked immediately for stolen data. In addition, the company reported that the module can now detect attempts to upload sensitive information to generative AI tools, even if that data has been manipulated beforehand.
The update is further supplemented with a new version of Falcon Data Protection for Cloud. This tool is designed to identify unauthorized data movements in public cloud environments. The software can detect unwanted activity in applications, databases, and other external systems.
Finally, CrowdStrike is also introducing a new professional service called SaaS Threat Services. Companies that use this service can have their software-as-a-service applications checked by CrowdStrike specialists for unsafe configurations, risky links to external applications, and similar vulnerabilities.