CrowdStrike Debuts AI Detection And Response: 5 Big Things To Know

The cybersecurity giant is providing a massive boost to security around AI prompts and agent interactions with its new Falcon AIDR offering, CrowdStrike President Mike Sentonas tells CRN in an exclusive interview.

CrowdStrike unveiled a pivotal expansion of its AI security capabilities Monday with the general availability launch of Falcon AI Detection and Response (AIDR), which delivers a massive boost to security around AI prompts and agent interactions, according to CrowdStrike President Mike Sentonas.

In an exclusive interview with CRN, Sentonas said that CrowdStrike Falcon AIDR provides the industry’s most comprehensive approach so far to protecting organizations against some of the key risks caused by surging AI adoption.

The cybersecurity giant is ultimately seeking to replicate its track record in its core segment of endpoint detection and response (EDR) within the rapidly growing AI attack surface, he said.

“I believe we pioneered modern endpoint security with EDR, and we're looking to do the same thing in the AI world with AIDR,” Sentonas said. “We want to protect the interaction layer where AI systems reason and they decide and they take action.”

CrowdStrike’s launch of the new Falcon AIDR offering brings the Falcon platform to a total of 32 products, known on the platform as modules. The new AIDR module is based on the company’s acquisition of AI security startup Pangea, which was announced in September.

In an interview with CRN in November, CrowdStrike co-founder and CEO George Kurtz said the vendor is seeing major customer and partner demand for its offerings within crucial new segments of cybersecurity including AIDR.

“Our goal is, every AI agent should be protected by CrowdStrike,” Kurtz said in the previous interview. “And we think that’s a massive market opportunity and a huge [total addressable market] for us.”

Speaking with CRN, Sentonas said the debut of Falcon AIDR provides new functionality and service opportunities for CrowdStrike’s large base of channel partners, particularly for MSSPs that are tasked with keeping up with the security risks posed by widespread deployments of AI tools.

What follows are five big things to know about CrowdStrike’s launch of Falcon AI Detection and Response.

Growing AI Risks

The introduction of Falcon AIDR is aimed at countering some of the most-pressing threats from the usage of AI applications, such as prompt injection, according to CrowdStrike. By entering malicious prompts into GenAI applications and AI agent tools, threat actors can potentially manipulate the AI models’ behavior to steal sensitive data or trigger other unintended actions.

“My view is, we are entering a new era where prompts are the new malware,” Sentonas told CRN. “If you think about the agents and the connectivity that they have, we need to think about security in a different way.”

Crucially, Falcon AIDR—like all other Falcon modules—is now tightly integrated into CrowdStrike's single, unified platform, he noted.

Boosting AI Visibility

A core benefit of Falcon AIDR will be around providing deeper visibility into AI usage than what’s available from existing tools, according to CrowdStrike.

As a result, the vendor’s AIDR offering provides “end-to-end prompt layer protection,” Sentonas said. “We can provide visibility to see AI everywhere.”

This includes providing organizations with the ability to see how employees are using AI and how agents are operating, he said.

Real-Time Response

At the same time, CrowdStrike is seeking to go beyond providing visibility to deliver the real-time response capabilities that many existing tools are lacking, according to the company. Falcon AIDR is “providing that granular control,” Sentonas said.

For example, AIDR can be configured to allow certain AI tools but to prevent others that have been deemed risky, as well as providing protections such as blocking uploads of content.

Other key capabilities include blocking risky AI interactions and containing malicious agents in real-time, as well as preventing sensitive data—such as credentials and regulated data—from reaching AI systems or models, according to CrowdStrike.

With Falcon AIDR, CrowdStrike is ultimately delivering “unified prompt layer protection,” Sentonas said. “And then we want to make sure that we extend that capability—and give our customers the ability to detect, control and respond to the use of AI everywhere in the environment.”

Partner Opportunities

CrowdStrike sees massive opportunities for MSSPs and other partners when it comes to Falcon AIDR, according to Sentonas.

With so many end customers of MSSPs in an exploratory phase around AI and agentic, “now is the time when people need leading security,” he said.

Partners will also find that Falcon AIDR can provide the basis for delivering other types of solutions and services such as security assessments, Sentonas said.

A partner can use AIDR, for instance, to provide a customer with an assessment showing all of the ways their employees are using AI—something that many businesses are currently unaware of, he said.

Broader AI Security Strategy

Importantly, while Falcon AIDR provides a new way to approach one of the biggest emerging risks from AI usage, the offering is just a piece of the broader AI security strategy that CrowdStrike is delivering, according to the company.

In addition to protecting the AI interaction and prompt layer with AIDR, CrowdStrike offers other crucial AI security capabilities on the Falcon platform through its offerings in identity, endpoint, cloud and data protection, the company said.

“It's a very broad problem,” Sentonas said. “It's not just attackers finding ways to manipulate the models and get inside.”

For instance, “it's over-permissioning and [organizations] having identity systems that are not set up for this modern world,” he said.

Unless organizations pay attention to AI security across the full spectrum of IT environments, Sentonas said, they will see “a whole range of issues that go from actual attacks through to misconfiguration, where agents are over-permissioned and data breaches have happened.”