SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
CrowdStrike adds Claude monitoring to Falcon tools
Data Protection SIEM Digital Transformation

CrowdStrike adds Claude monitoring to Falcon tools

Fri, 22nd May 2026 (Today)
Sofiah Nichole Salivio
SOFIAH NICHOLE SALIVIO News Editor

CrowdStrike has added an integration with Claude's Compliance API to its Falcon platform, bringing activity from Claude Enterprise and Claude Platform into its security tools.

The integration feeds Claude activity data into Falcon Next-Gen SIEM and Charlotte Agentic SOAR, allowing security teams to view AI-related activity alongside telemetry from endpoints, identities and cloud environments.

The announcement reflects a broader shift as companies adopt generative AI tools for tasks such as code generation, legal review, internal research and customer communications. That wider use has increased pressure on security teams to monitor AI systems within the same operational framework used for other corporate technology.

The integration is designed to place AI activity inside the same environment where organisations already detect threats and investigate incidents, allowing customers to correlate Claude usage with other signals, including unusual identity behaviour and data movement.

Unified monitoring

Under the arrangement, organisations can ingest Claude Enterprise activity logs and conversation content, along with Claude Platform activity logs, into Falcon Next-Gen SIEM. The data can then be analysed alongside other security information collected across the Falcon platform.

This could help security teams identify risks that may not be obvious when AI activity is viewed in isolation. A spike in Claude usage by a user account, for example, may carry more significance when assessed alongside suspicious access patterns or unusual file transfers.

Charlotte Agentic SOAR is also part of the integration, enabling customers to trigger workflows for alerting, investigation and response based on AI-related signals, with the aim of reducing manual work in security operations.

The integration also links to Falcon AI Detection and Response and Falcon Shield, which can extend oversight and policy-based responses to AI-related activity across an organisation.

Security context

The development highlights a growing concern among security teams that AI applications may create blind spots if they sit outside existing monitoring systems. As companies introduce AI into routine workflows, logs and activity records from those tools are becoming more relevant to incident response and governance processes.

Security vendors have been moving to address that issue by folding AI-related signals into broader detection and response products rather than treating them as a separate category. CrowdStrike's latest integration fits that pattern by presenting Claude activity as another stream of operational data.

Daniel Bernard, Chief Business Officer at CrowdStrike, said the company sees AI systems as requiring the same level of scrutiny as other business applications.

"Every enterprise application requires monitoring and protection. AI shouldn't be the exception," Bernard said.

He linked the integration to Claude's growing role in day-to-day operations across customer organisations.

"As Claude becomes part of how organizations operate, security teams need it in the same operational picture as everything else. This integration puts AI activity inside the Falcon platform, right next to endpoint, identity, and cloud signals, so customers can apply the cybersecurity they already trust," Bernard said.

The announcement also underlines the commercial importance of AI oversight as enterprises move from limited trials to production use. For security suppliers, that opens a market for tools that can record, analyse and respond to AI usage in much the same way they handle endpoint events, identity anomalies and cloud workload activity.

For customers already using Falcon, the integration offers a way to bring Claude-related records into established workflows without requiring a separate monitoring environment. That may appeal to companies trying to simplify governance as AI tools become part of mainstream business operations.

By bringing Claude Enterprise and Claude Platform activity into Falcon Next-Gen SIEM and Charlotte Agentic SOAR, CrowdStrike is positioning AI usage data as part of the same evidence base security teams use to investigate incidents across the wider organisation.

Related stories
Exabeam expands AI agent analytics to ChatGPT, Copilot
CrowdStrike adds AI security tools & Microsoft SIEM link
Forcepoint adds ARIA AI assistant to Data Security Cloud
MIND unveils DLP for Agentic AI to secure data use
Proofpoint extends oversight into Claude AI activity
Top stories
Ocean raises GBP £28 million to fight AI email fraud
Geordie links Claude Enterprise to security controls
Dashlane links browser credential risk to Sentinel
CTERA launches InsightAI for unstructured data analysis
Darwinium updates mobile SDKs to spot scam activity