CrowdStrike named Forrester XDR leader on AI strength

CrowdStrike has been named a Leader in The Forrester Wave: Extended Detection and Response Platforms, Q2 2026 report, achieving the highest score among evaluated vendors in the Current Offering category.

The cybersecurity company also received the highest possible scores in the Innovation and Community criteria within the Strategy category. The recognition comes as organisations increasingly seek integrated approaches to threat detection and response across endpoints, identities, cloud environments and other technology assets.

Extended Detection and Response, or XDR, platforms are designed to consolidate security telemetry from multiple sources and provide a unified view of threats. The market has evolved as organisations face more complex attack techniques and seek to reduce operational complexity in security operations centres.

Platform approach

CrowdStrike said its approach is based on a unified platform architecture that uses a single sensor and management environment across security functions. The company argues that this structure supports what it describes as an agentic security operations centre, where AI-powered systems assist analysts in identifying, investigating and responding to threats.

The company said modern cyber attackers increasingly use AI capabilities and operate across multiple technology domains. Security teams therefore require tools that can automate parts of detection and response workflows while maintaining visibility across enterprise environments.

According to CrowdStrike, the architecture is intended to reduce the fragmentation often associated with multiple security products and management consoles.

The Forrester report highlighted CrowdStrike's use of AI agents within its platform. In its assessment, the analyst firm noted that AI capabilities contribute to the analyst experience and cited the company's approach to testing and validation of AI outputs.

Acquisition strategy

CrowdStrike also pointed to recent acquisitions that have expanded its security coverage into additional areas.

These include SGNL, which focuses on continuous identity security, and Seraphic, which provides browser runtime security capabilities. The company said the acquisitions extend protection across a wider range of enterprise assets and user interactions.

Identity security has become an increasingly important area for organisations as attackers continue to target credentials and authentication systems. Browser security has also received greater attention as web-based applications become central to enterprise operations.

The Forrester report referenced CrowdStrike's acquisition strategy and its ability to integrate acquired technologies into a broader platform model.

The company said this approach enables customers to access additional security functions through a unified operational framework rather than deploying standalone products.

AI security

CrowdStrike said enterprise adoption of AI technologies is creating new security requirements, particularly as organisations deploy AI models, agents and applications across business operations.

The company noted that AI systems increasingly operate on endpoints and interact with sensitive corporate data, creating new attack surfaces that require monitoring and protection.

CrowdStrike is positioning AI Detection and Response, or AIDR, as a dedicated category focused on securing AI environments. The company said AIDR is designed to protect data, models, prompts, agents, identities, infrastructure and related interaction layers.

According to CrowdStrike, its AIDR business recorded 250 per cent sequential annual recurring revenue growth in less than two quarters.

"AI has changed how adversaries operate. CrowdStrike has changed how defenders respond," said Elia Zaitsev, Chief Technology Officer, CrowdStrike. "CrowdStrike committed to one sensor, one console, one platform from day one, and that architectural advantage is why we can deliver the agentic SOC today and own AIDR, the defining security category of tomorrow. For us, Forrester's recognition reflects what that foundation makes possible."

The company said endpoint protection remains a core component of its security strategy. The Forrester report noted CrowdStrike's native detection capabilities and endpoint coverage as key strengths within the evaluated platform.

CrowdStrike said its broader platform combines endpoint, cloud, identity and data protection capabilities to support enterprise security operations through a single architecture and management framework.