CrowdStrike has rolled out a major update to its Falcon platform, introducing new capabilities designed to secure AI agents at the endpoint and extend protection across SaaS, browser and cloud environments.
The release reflects a shift in how enterprises must approach security as AI agents become more autonomous, increasingly executing commands, accessing sensitive data, and triggering workflows directly on endpoint devices.
CrowdStrike argues that the endpoint is now the critical control point for AI security, as this is where AI-driven actions are executed in real time – often in ways that are indistinguishable from legitimate user behaviour.
Traditional network and perimeter-based controls, the company said, were not designed to govern this emerging class of activity.
“AI agents are fundamentally changing how technology operates and how it must be secured,” Michael Sentonas, president of CrowdStrike, said in a statement.
“Security built for static applications can’t keep up with autonomous systems. Organisations need real-time visibility and control over AI behaviour wherever it runs. CrowdStrike is that new standard.”
The update introduces expanded AI agent discovery and governance capabilities directly at the endpoint, where CrowdStrike sensors already detect thousands of AI applications and millions of instances running across enterprise environments. Runtime protection capabilities provide visibility into commands, scripts, file activity and network connections generated by AI-driven processes, enabling security teams to trace suspicious behaviour back to its source and respond immediately.
The platform also adds enhanced “shadow AI” discovery, allowing organisations to identify unauthorised or unmanaged AI tools, agents and large language model (LLM) runtimes operating across endpoints. This is paired with risk context, including privilege levels and potential blast radius, to help prioritise remediation efforts.
In addition, CrowdStrike has expanded its AI detection and response (AIDR) capabilities to cover desktop AI applications, providing real-time inspection of prompts and identifying risks such as injection attacks, data leakage and policy violations across widely used tools.
The expansion also includes visibility into AI agent activity across enterprise platforms, monitoring of prompt interactions and data flows, and runtime protection for cloud-based AI workloads.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.