CrowdStrike Falcon Update Makes the Endpoint the Hub for AI Security

CrowdStrike announces new features for the Falcon platform that make the endpoint the central hub for AI security. New capabilities include AI agent detection, shadow AI governance, and runtime protection for endpoints, SaaS, browsers, and the cloud. The company already detects more than 1,800 AI applications on enterprise devices.

CrowdStrike is thus responding to the increasing autonomy of AI agents that independently execute commands, modify files, and access sensitive data. That behavior is virtually indistinguishable from legitimate user activity. Legacy controls and network security are not designed to handle this, the company states.

The Falcon sensor currently detects more than 1,800 unique AI applications on enterprise devices, accounting for nearly 160 million customer installations. Based on this, CrowdStrike is introducing three new capabilities: EDR AI Runtime Protection, Shadow AI Discovery, and AIDR for Endpoint.

EDR AI Runtime Protection provides real-time insight into the behavior of AI applications on the endpoint. In the event of suspicious activity, security teams can trace the activity back to the source process and intervene immediately, including isolating the endpoint. Shadow AI Discovery automatically detects AI applications, LLM runtimes, MCP servers, and development tools, and links them to privilege exposure and risk priorities.

AIDR for Endpoint extends prompt inspection to desktop applications such as ChatGPT, Gemini, Claude, DeepSeek, Microsoft Copilot, GitHub Copilot, and Cursor. It detects injection attacks, data leaks, and policy violations in real time.

Expansion to SaaS, browser, and cloud

The endpoint is not the only focus. AI agents also operate in SaaS platforms, cloud workloads, and browsers, often with privileges not designed for machine-speed governance. To address this, CrowdStrike is adding Shadow SaaS Discovery for Microsoft Copilot, Salesforce Agentforce, and ChatGPT Enterprise, in addition to AIDR for Copilot Studio agents and cloud-based AI data flow detection.

For browser security, the acquisition of Seraphic Security in January 2026 is central. Through this acquisition, CrowdStrike brings runtime protection directly into the browser.

The new features build on previously announced AIDR capabilities that CrowdStrike introduced in December 2025 to secure AI interactions.

CrowdStrike Falcon Update Makes the Endpoint the Hub for AI Security

Expansion to SaaS, browser, and cloud

Stay tuned, subscribe!

AI chatbots can still tell you how to make a bomb

Vibe coding can’t dance, a new spec routine emerges

NetApp in the age of AI: balancing sovereignty and cloud

The European data center market is a puzzle with an increasing number of pieces

Workday Rising EMEA: platform transformation: Pipedream, AI agents and sovereignty

Why this CIO ditched Microsoft for Google and Slack

Cisco reimagines network ops with agentic AI

EU digital sovereignty and policy: Cisco's perspective

Better connected business technology is essential for prosperity in the Netherlands

The zero-drift frontier: modern edge demands on Kubernetes

When is an SBOM not an SBOM? CISA’s Minimum Elements

Sovereign: the new normal for AI and cloud native (and how to make it work)

De IT Afdeling van de toekomst

GITEX ASIA 2026

GITEX ASIA 2026

Southeast Asia AI Application Summit 2026

SAS Innovate 2026

Team '26

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices