CrowdStrike used RSA 2026 to make a specific argument: AI agents are doing real work inside endpoints now, so that's where security needs to sit. Two announcements out of the show back that up,
one focused on AI agent visibility and governance, the other on
SIEM modernization.AI agents are operating where security isn't watching
The endpoint AI security release starts from a concrete problem. CrowdStrike's sensors already detect more than 1,800 distinct AI applications running on enterprise devices, representing nearly 160 million unique application instances across its customer base. Those systems execute terminal commands, modify files, access sensitive data, and trigger downstream workflows autonomously. A lot of that activity is indistinguishable from legitimate user behavior, which means traditional controls aren't positioned to catch what's actually risky.
The new capabilities address this at the point of execution. EDR AI Runtime Protection gives the Falcon sensor visibility into the commands, scripts, file activity, and network connections of agentic applications running on the endpoint. When something looks wrong, security teams can trace it back to the originating process and isolate the endpoint before the problem spreads.
Shadow AI Discovery for Endpoint automatically surfaces AI applications, agents, LLM runtimes, MCP servers, and development tools running across devices, connecting them to asset context and privilege exposure. The goal isn't just knowing what's deployed. It's understanding the blast radius if something gets compromised.
AIDR for Endpoint adds prompt-layer protection to desktop AI applications specifically, covering ChatGPT, Gemini, Claude, DeepSeek, Microsoft Copilot, GitHub Copilot, and Cursor. It inspects prompts in real time for injection attacks, data leaks, and policy violations.
Shadow AI extends across SaaS, browser, and cloud
AI agents don't stay on the endpoint. They operate across SaaS platforms, cloud workloads, and AI pipelines, often with permissions that weren't designed for governance at machine speed.
CrowdStrike is extending the same discovery and runtime controls into those environments. Shadow SaaS and AI Agent Discovery covers platforms including Microsoft Copilot, Salesforce Agentforce, and ChatGPT Enterprise. AIDR for Copilot Studio Agents monitors prompts and agent behavior inside Microsoft's low-code agent builder. On the cloud side, Shadow AI Discovery for Cloud surfaces ungoverned LLM and MCP connections, while AI Data Flow Discovery gives teams real-time visibility into how sensitive data moves through AI services, with automated response through SOAR workflows.
The browser piece comes from CrowdStrike's acquisition of Seraphic, which extends runtime protection to agentic activity at the browser layer.
SIEM: integrate across what's already there
The
second announcement addresses a different pressure. Most organizations aren't rebuilding their security stack from scratch. They have existing tools, existing workflows, and a limited appetite for ripping things out.
Falcon Next-Gen SIEM can now ingest Microsoft Defender for Endpoint telemetry without deploying an additional sensor. Organizations running Defender can correlate that telemetry with Falcon's log data, threat intelligence, and AI-driven analytics without standing up new endpoint infrastructure.
Beyond the Microsoft integration, CrowdStrike is adding capabilities designed to reduce the friction of SIEM modernization. Native Falcon Onum integration delivers real-time data pipelines with performance numbers worth noting: 5X faster streaming, 50% lower storage costs, 70% faster incident response, and 40% less ingestion overhead through intelligent filtering. Federated search extends query access to external data stores including Falcon LogScale and ExtraHop, so analysts can work with data where it lives without duplicating it.
The Query Translation Agent automatically converts legacy SIEM queries, including Splunk searches, into CrowdStrike Query Language. Analysts don't have to rebuild their detection logic from scratch, which removes one of the bigger practical barriers to migration.
Next-Gen SIEM grew 75% year-over-year, which gives some context for how fast this part of the market is moving.
What it means for SOC teams and service providers
These two threads connect inside the SOC. AI is increasing the volume and ambiguity of activity that needs to be monitored, while the tooling environment is becoming more interconnected and harder to manage cleanly.
For MSPs and MSSPs, AI governance is starting to look like a real service line. Clients need help discovering where AI is running, understanding what it can access, and putting guardrails around it. That's not just a tooling question. It's advisory and managed work. The shift toward more open SIEM architectures makes it easier to build services across multi-vendor environments without adding as much operational overhead. Security is moving closer to execution. The teams that learn to manage AI behavior, not just monitor it, will be in a better position than those still treating it as one more application in the queue.
