CrowdStrike Expands Falcon Platform to Secure AI Systems at RSAC 2026

CrowdStrike Holdings Inc. announced a major expansion of its Falcon cybersecurity platform at the RSAC 2026 Conference, targeting the growing risks of enterprise AI deployments.

The company introduced EDR AI Runtime Protection, giving security teams real-time visibility into AI behavior on devices by monitoring commands, scripts, file activity, and network connections. This allows immediate isolation of compromised endpoints.

New Shadow AI Discovery for Endpoint automatically detects AI applications, agents, large language models, and development tools across devices, helping assess exposure and potential blast radius.

AIDR for Desktop extends prompt-layer protections to desktop AI tools including ChatGPT, Gemini, Claude, DeepSeek, Microsoft Copilot, O365 Copilot, GitHub Copilot, and Cursor.

The initiative extends beyond endpoints. Shadow SaaS and AI Agent Discovery provide insight into AI agent activity and permissions across SaaS platforms like Microsoft Copilot, Salesforce Agentforce, ChatGPT Enterprise, OpenAI Enterprise GPT, and Nexos.ai.

Falcon now includes AIDR for Copilot Studio Agents, monitoring prompts and data interactions to detect prompt injection attacks and data leaks in real time.

For cloud environments, Shadow AI Discovery for Cloud identifies unmanaged AI services and sensitive data exposure. AIDR for Cloud and Kubernetes adds runtime inspection for containerized AI workloads.

AI Data Flow Discovery for Cloud tracks how sensitive data moves through AI systems, enabling automated responses via security orchestration.

On the SIEM front, Falcon Next-Gen SIEM now ingests Microsoft Defender for Endpoint telemetry without additional sensors. Native Falcon Onum integration improves data streaming, cuts storage costs, and reduces ingestion overhead.

Third-party indicator management allows operationalization of external threat intelligence. A new query translation agent converts legacy Splunk searches into CrowdStrike Query Language, easing migration.

CrowdStrike positions Falcon as the central control plane for AI security across the enterprise.