CrowdStrike Expands Falcon Platform to Secure AI Agents at RSAC 2026
CrowdStrike announced a major expansion of its Falcon cybersecurity platform at RSAC 2026 on March 23, adding comprehensive security capabilities for AI agents across endpoints, SaaS applications, and cloud environments.
The new features treat the endpoint as the control plane for AI security. Key additions include EDR AI Runtime Protection for tracking how AI applications behave (commands, scripts, file activity, network connections), Shadow AI Discovery for automatically identifying AI agents and LLM runtimes across devices, and AIDR for Desktop protecting interactions with ChatGPT, Gemini, Claude, and GitHub Copilot.
On the SaaS and cloud side, CrowdStrike introduced Shadow SaaS and AI Agent Discovery for monitoring agent activity and permissions across platforms like Salesforce Agentforce and ChatGPT Enterprise, AIDR for Copilot Studio Agents to detect prompt injection attacks, and Shadow AI Discovery for Cloud to surface ungoverned AI services. AIDR for Cloud and Kubernetes brings runtime inspection to containerized AI workloads.
The expansion reflects a growing enterprise concern: autonomous AI agents that can take actions, access data, and operate with elevated privileges require the same security governance as human users. CrowdStrike is positioning Falcon as the unified platform for this emerging category.
More info: https://www.crowdstrike.com/en-us/events/rsac/
← Back to all articles
The new features treat the endpoint as the control plane for AI security. Key additions include EDR AI Runtime Protection for tracking how AI applications behave (commands, scripts, file activity, network connections), Shadow AI Discovery for automatically identifying AI agents and LLM runtimes across devices, and AIDR for Desktop protecting interactions with ChatGPT, Gemini, Claude, and GitHub Copilot.
On the SaaS and cloud side, CrowdStrike introduced Shadow SaaS and AI Agent Discovery for monitoring agent activity and permissions across platforms like Salesforce Agentforce and ChatGPT Enterprise, AIDR for Copilot Studio Agents to detect prompt injection attacks, and Shadow AI Discovery for Cloud to surface ungoverned AI services. AIDR for Cloud and Kubernetes brings runtime inspection to containerized AI workloads.
The expansion reflects a growing enterprise concern: autonomous AI agents that can take actions, access data, and operate with elevated privileges require the same security governance as human users. CrowdStrike is positioning Falcon as the unified platform for this emerging category.
More info: https://www.crowdstrike.com/en-us/events/rsac/
Comments