CrowdStrike launches AI tools for cloud, MDR & data

CrowdStrike has announced three security products focused on cloud risk, managed detection and response, and data protection. The launches extend its push to apply AI and threat intelligence across more of corporate security operations.

The updates cover Falcon Cloud Security, a new Agentic MDR offering within Falcon Complete, and Falcon Data Security. Together, they aim to address a common problem for security teams: rising alert volumes, faster-moving attacks, and a broader attack surface spanning cloud systems, software services, browsers, endpoints, and AI tools.

Cloud risk

The first announcement focuses on cloud security. CrowdStrike has added functions to Falcon Cloud Security that rank risks by linking application behaviour with active attacker tactics, helping security teams focus on exposures most likely to be exploited.

The approach is intended to move beyond static assessments of misconfigurations and permissions. CrowdStrike highlighted three main elements: Application Explorer, which combines application and cloud infrastructure context; Timeline Explorer, which tracks configuration and application changes over time; and Cloud Risk Engine, which maps cloud risks to current adversary tradecraft.

The updates also sit alongside runtime protection and cloud detection and response features designed to act on prioritised risks in real time.

Chief Technology Officer Elia Zaitsev said the changes reflect a broader shift in how security teams need to assess cloud exposure.

"Cloud security isn't about generating more alerts, it's about understanding how risk forms and which exposures adversaries will actually target," Zaitsev said.

"Our latest innovations are the industry's first to connect application behaviour and adversary tradecraft into a single operating model, delivering the context and prioritisation that teams need to eliminate noise and remediate critical exposures with speed and precision."

Managed response

The second launch is Agentic MDR, which CrowdStrike describes as the next version of managed detection and response within its Falcon Complete service. It uses intelligent agents built and deployed by CrowdStrike analysts to automate parts of investigation and response work that would otherwise require manual intervention.

CrowdStrike said this is increasingly important as attackers use AI to speed up operations. It cited an 89% year-on-year rise in AI-enabled adversary activity and said the average eCrime breakout time has fallen to 29 minutes, adding pressure to already stretched security teams.

Agentic MDR is designed to automate repetitive and time-consuming tasks in the security operations workflow while keeping human analysts in the loop. CrowdStrike said the system uses a closed-loop model that improves through repeated engagements.

Austin Murphy, VP and GM of Falcon Complete, said the product is intended to speed response times as attacks become more automated.

"CrowdStrike pioneered managed detection and response and Agentic MDR carries that leadership into the AI era," Murphy said.

"As AI-powered adversaries move faster than defenders can respond, security operations must accelerate beyond manual workflows to machine-speed defence. Agentic MDR combines elite human expertise with agents so our defenders can investigate and respond at the speed modern attacks demand."

CrowdStrike is also evaluating NVIDIA reasoning models within Agentic MDR. In internal testing, investigations ran up to five times faster and achieved more than three times higher triage accuracy in high-confidence benign classification when using NVIDIA Nemotron Nano and Nemotron Super models, according to the company.

Alongside Agentic MDR, CrowdStrike introduced new SOC Transformation Services for organisations looking to redesign security operations, data pipelines, workflows, and governance, including migration to Falcon Next-Gen SIEM.

Data protection

The third announcement is Falcon Data Security, a product intended to discover, classify, and stop data theft across what CrowdStrike calls the "agentic enterprise". It is designed to track sensitive information as it moves across endpoints, software services, cloud systems, browsers, and AI-driven workflows.

CrowdStrike said older data protection tools were built for more static environments, with separate products often used for endpoint data loss prevention and cloud data security posture management. Falcon Data Security is intended to combine those functions with broader context from endpoint, identity, and cloud activity.

Key functions include AI-based classification for data in motion, protection for data shared through generative AI tools, runtime visibility into cloud data access and movement, cross-domain analysis in a single console, and automated enforcement through response workflows.

Zaitsev said the spread of AI tools has changed how data moves through organisations.

"AI has fundamentally changed how quickly data is created, accessed, and shared, placing sensitive information in constant motion," Zaitsev said.

"Legacy data protection tools were built for a world where data was static. Falcon Data Security discovers, classifies, and defends sensitive data wherever it exists, at rest and in motion. This is data security for the agentic era."

The three launches show CrowdStrike expanding its platform across cloud security, managed services, and data protection as cyber vendors race to reposition products around AI-assisted defence and the growing use of AI by attackers.