CrowdStrike unveils Threat AI to automate threat intelligence
CrowdStrike has announced the launch of Threat AI, described as the industry's first agentic threat intelligence system aimed at automating complex intelligence workflows and enhancing threat response for security analysts.
Threat AI brings together a system of autonomous agents that can reason, hunt, and carry out actions across the cyber kill chain, forming part of CrowdStrike's broader Agentic Security Workforce. The company states that this approach is intended to allow defenders to focus on higher-impact investigations by automating traditionally laborious security tasks.
Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, commented on the motives driving these developments, raising concerns about the use of artificial intelligence by cyber adversaries.
"Adversaries are weaponizing AI to accelerate every stage of attacks – what once took months can now happen in seconds, collapsing the defender's window of response. Intelligence must evolve beyond informing defenders to actively countering threats at the speed of AI,"
he said, continuing,
"Threat AI is the intelligence arm of CrowdStrike's vision to equip every security analyst with mission-ready agents that eliminate high-friction tasks better suited for machines, ushering in a new era of threat intelligence."
The new Threat AI system builds on CrowdStrike's established intelligence capabilities, which include tracking more than 265 sophisticated global groups operating as nation-state actors, eCrime entities, and hacktivist collectives. Threat AI makes use of data, analytics, and expertise from CrowdStrike's Counter Adversary Operations team, aiming to automate multifaceted threat intelligence tasks while delivering timely, actionable recommendations for analysts.
Initial capabilities
The system's launch introduces agents for malware analysis and threat hunting as the first in a series of capabilities. The Malware Analysis Agent is designed to automate reversing, classifying, and comparing malware files. According to CrowdStrike, this agent can analyse files, identify code similarities, provide instant attribution, and generate YARA rules within seconds to offer insights and strengthen defences against various malware families.
The Hunt Agent is described as an automated tool for proactive and continuous threat hunting. The agent can execute queries, scan for emerging threats, and surface findings, providing analysts with clear insights and recommended actions.
Development plans
CrowdStrike indicates that the initial agents for malware analysis and hunting will be followed by additional agents focusing on triage, correlation, and exposure mapping, with orchestration across these functions. Each agent is intended to reinforce the others by sharing output, aiming to provide comprehensive, system-wide threat intelligence support.
Intelligence in the browser
The company also introduced a new Chrome browser extension designed to bring CrowdStrike's adversary intelligence directly into analysts' web browsers. With the extension, users can access intelligence insights while conducting external research, potentially reducing response times by integrating context and recommendations into a single workflow.
Threat AI will be embedded inside CrowdStrike's Threat Intelligence & Hunting modules, and is intended to work in tandem with real-world operational decisions made by the Counter Adversary Operations team at CrowdStrike.
The company describes the Falcon platform as its core offering for cloud-native security, supporting endpoints, cloud workloads, identity, and data with detection, automated protection, and threat hunting capabilities. Threat AI expands the portfolio to include AI-powered, autonomous agent support within the Falcon Architecture, which is built for scalable, rapid deployment and minimal complexity.
The company has stated that the agentic approach underpins its vision of redefining how intelligence is applied in increasingly automated and AI-driven threat environments.