Falcon Shield maps human identities behind GPT agents, detects risky behaviors, and automates threat responses with a unified view of identity in the AI era.
At Black Hat USA 2025, cybersecurity firm CrowdStrike (NASDAQ: CRWD) announced a key integration with the new ChatGPT Enterprise Compliance API, designed to enhance visibility and governance for generative AI agents revolutionizing business operations.
Thanks to this update, CrowdStrike Falcon® Shield can now detect and control GPT- and Codex-based agents created within corporate environments using ChatGPT Enterprise, expanding coverage to over 175 SaaS applications, including critical platforms like Microsoft 365, Salesforce, Snowflake, and more.
🔐 Governance for a new identity: AI agents
As the use of autonomous AI for workflow automation explodes, these non-human agents have gained persistent privileges and autonomy, but they have also multiplied the attack surface. Many organizations lack visibility into what these agents do, which data they handle, or who created them.
A compromised human identity can lead to hijacking a privileged GPT agent, enabling attackers to exfiltrate data, manipulate systems, or move laterally across critical applications. CrowdStrike warns that each new agent can exponentially increase the impact radius of a breach.
“AI agents are emerging as superhuman identities, capable of executing tasks at machine speed, accessing systems, and triggering processes without human intervention,” explained Elia Zaitsev, CTO of CrowdStrike. “As they multiply across SaaS environments, they will only be as secure as the human identities controlling them.”
🛡️ What exactly does Falcon Shield protect?
With this new integration, Falcon Shield offers:
- Discover AI agents across the SaaS stack: detects GPT, Codex, and embedded AI tools within platforms like ChatGPT Enterprise, Microsoft 365, Salesforce, or Snowflake.
- Map each agent to its human creator: links each non-human identity to its original creator, establishing traceability, accountability, and contextual privilege control.
- Detect risky behaviors: identifies agents with excessive permissions or sensitive capabilities, along with unusual activities through combined identity, application, and data context analysis.
- Automatically contain threats: through Falcon Fusion, CrowdStrike’s no-code SOAR engine, access can be blocked, compromised agents deactivated, or automated responses executed.
- Unify AI agent protection: by combining Falcon Shield, Falcon Identity Protection, and Falcon Cloud Security, CrowdStrike provides a comprehensive view—from human identities to the cloud systems accessed by AI agents.
🧠 Security for the era of “artificial superusers”
With this launch, CrowdStrike strengthens its strategy to address one of the most pressing challenges of the post-GPT era: the proliferation of agents with capabilities that surpass human users in access, autonomy, and operational speed.
In today’s ecosystem, where corporate GPTs are already drafting emails, launching tasks, creating code, and managing systems, security needs extend beyond traditional endpoints to these new autonomous entities capable of executing high-impact actions.
CrowdStrike asserts that security must shift from the perimeter to the control of identities—both human and non-human—integrating protection throughout the entire life cycle of AI agents within organizations.
✅ Frequently Asked Questions (FAQs)
What is a GPT agent in the business context?
They are autonomous entities created within platforms like ChatGPT Enterprise or OpenAI Codex that can perform tasks automatically on behalf of users or systems.
Why do AI agents represent a new attack vector?
They have persistent identities and privileges that can be abused if the human creator is compromised. Additionally, they can operate without direct supervision.
How does Falcon Shield safeguard organizations?
It maps agents to their creators, detects anomalies, blocks risky access, and automates threat responses—all with unified visibility over humans and AI agents.
What does this integration with ChatGPT Enterprise add?
It enables security teams to identify which agents have been created within the enterprise GPT environment and understand their activities—something that was previously opaque.