























Every foundational shift in computing has created a new security category. The internet created network security, the rise of workstations created the need for endpoint detection and response (EDR), and cloud computing created the need for cloud security. Each technology transition has moved faster than the one before it. None has moved faster than AI.
The AI threat surface is fundamentally different from anything security teams have defended before, and the defining challenge is the agent: the autonomous system that executes code, calls tools, invokes APIs, accesses credentials, and takes consequential actions at machine speed with the inherited privileges of the human who deployed it. Powerful AI agents like Claude Code, OpenAI Codex, and OpenClaw now execute on endpoints.
Figure 1. SaaS, endpoint, and cloud environments form the three coverage planes where AI operates.
With great autonomy comes great risk. Agents can be compromised by adversaries; they can also create unintended security risks and accidentally cause breaches via misalignment. For example, in early 2026, adversaries targeted ClawHub, the community skill registry for OpenClaw, in a supply chain attack that deployed silent data exfiltration payloads to affected agents who used the skill.1
The CrowdStrike Falcon® Adversary OverWatch™ threat hunting team is closely monitoring agent-triggered detection leads, which are now tracking at 2.5 times the rate of human-triggered leads on monitored endpoints. In one instance, the team observed an agent attempt to complete a data-sharing task by sharing sensitive company files via a public file-sharing repository.
Agents are ruthlessly goal-seeking, and we are rapidly entering a world where agents, not humans, will become the majority users of software. These examples of agentic threats and risks are the opening chapter of an AI threat landscape that will define enterprise security for decades to come. The traditional tools that security teams have at their disposal were not built for this moment and do not address what matters most: agent runtime. A prompt injection attack does not appear in a governance report. A compromised agent exploiting inherited credentials may not trigger a data loss prevention rule. Detection without runtime interception is observation, not protection. AI detection and response (AIDR) as a cybersecurity solution category must stop what is going wrong at the moment of execution, before the threat propagates.
AIDR is a unified, runtime security category that involves detecting, investigating, and responding to threats targeting and originating from AI systems across the coverage planes where AI operates: endpoints, SaaS applications, and cloud environments. AIDR represents the new runtime security architecture that the agentic era requires, one that is unified and agent-action-oriented.
Three principles separate a true AIDR platform from adjacent solution categories:
Runtime security, not posture management: Posture management operates before and after the action. AIDR operates during the execution, inspecting every prompt, tool call, and agent action at the millisecond cadence that live, autonomous threats require.
Unified platform, not point solutions: AI agents cross boundaries between endpoint, cloud, and SaaS within a single session. A stack of single-layer point tools generates fragmented signals with no correlation layer to stitch the attack chain together in time.
Action-oriented control, not observation: AIDR closes the loop, blocking, redacting, isolating, and revoking at the point of execution.
AIDR must also deliver protection across the seven-layer AI estate: data, models, prompts, agents, identities, infrastructure, and interactions, each of which creates new attack surfaces and security challenges.
Figure 2. Seven layers form the AI estate: data, models, prompts, agents, identities, infrastructure, and interactions.
An AI control plane, the operational core of AIDR, enforces four runtime actions: identity enforcement via continuous authorization, data protection that blocks, redacts, and encrypts, execution controls that stop threats at runtime, and remediation that isolates, contains, and removes. This control plane must cover all seven layers of the AI estate and run across the endpoint, SaaS, and cloud coverage planes.
CrowdStrike is pioneering the AIDR category with CrowdStrike Falcon® AI Detection and Response, which provides unified visibility, real-time threat detection, data protection, access controls, and automated response capabilities across endpoints, SaaS, and cloud environments to secure both workforce AI adoption and enterprise-developed agents and AI workloads at runtime. Its capabilities include:
Figure 3. A Falcon AIDR visibility screen shows users, AI applications, and underlying models being used in an environment as well as token consumption statistics.
The most consequential frontier in AI security is the endpoint, where powerful agents execute. Process-level actions, tool calls, file operations, and MCP invocations occur on the host, largely below the visibility threshold of network and application-layer controls. There is only one vantage point from which to observe, govern, and act on this activity in real time: the endpoint.
CrowdStrike will extend Falcon AIDR via deep integration with the Falcon sensor, the same kernel-level sensor that has protected endpoints from adversaries for over a decade, to detect, identify, and monitor AI agents at the OS level. This will not require third-party vendor relationships, custom SDK integrations, or new deployment motion.
Figure 4. Falcon AIDR view of an enterprise’s agentic deployment with high-risk agents highlighted in red
This fusion will unlock powerful new capabilities to discover and secure AI agents at runtime, including:
This capability is currently pre-beta and will go to GA next quarter (Q3).
The AIDR market is forming rapidly. CrowdStrike’s competitive advantage is structural, built over a decade of endpoint investment and extended through deliberate expansion into cloud and SaaS coverage planes.
The Falcon sensor is deployed on hundreds of millions of endpoints worldwide. When AI agents became a security challenge, CrowdStrike’s existing telemetry infrastructure already observed the relevant process-level behaviors. No competitor can currently replicate this endpoint footprint in a meaningful competitive time frame, and this asymmetry compounds with every additional AIDR capability added to the CrowdStrike Falcon platform.
CrowdStrike’s prompt injection taxonomy will continuously grow as Falcon Adversary OverWatch tracks adversary tradecraft in AI environments. One customer’s agent anomaly becomes every organization’s defense. By the time competitors build the sensor footprint to collect comparable telemetry, CrowdStrike will have built years of behavioral baselines that others cannot retroactively replicate.
With CrowdStrike, AIDR runs on one platform, one sensor, and one console. For organizations already running the Falcon platform, it is not a new vendor relationship or a new deployment motion. It is the next capability of a platform already in production, extending the same sensor that stops adversaries today to secure AI agents at runtime.
For more information:
This blog may include discussion of unreleased services or features. Any unreleased services or features referenced here are still in development and subject to change. Customers should make their purchase decisions based upon features that are currently available.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。