Artificial Intelligence has seamlessly integrated into the daily operations of companies at a lightning-fast pace: employees using generative tools to write, summarize, or code; engineering teams building agents capable of executing actions; and organizations connecting models with internal data and cloud services. The result is a significant boost in productivity, but also an uncomfortable shift for security managers: a new attack surface emerges precisely where AI “reasons” and makes decisions.
In this context, CrowdStrike has announced the general availability of Falcon AI Detection and Response (AIDR), an extension of its Falcon platform designed to protect the prompt layer and interactions with agents, both in employee usage scenarios and in the development and deployment flows of AI applications.
The core idea is simple: if previously the perimeter was endpoints, identities, email, or cloud, now we must also monitor the point where a person (or a process) asks, a model responds, and an agent acts. That is, the place where an attacker could attempt to embed hidden instructions, manipulate outcomes, or cause data leaks.
The “prompt” as a vector: when language becomes an attack
CrowdStrike posits that, in the AI era, language can serve as an attack vector, using techniques such as prompt injection, jailbreaks, or manipulation of agents to force unintended behaviors. The company states that its researchers are monitoring over 180 prompt injection techniques, an effort to systematize a problem that is still evolving and, therefore, especially dangerous: many organizations underestimate it until it materializes.
Adding to this is a common phenomenon in many companies: “shadow AI” usage. According to CrowdStrike, 45% of employees report using AI tools without informing their manager, creating a hidden layer where sensitive data could be exposed or services utilized without proper controls.
What Falcon AIDR promises: visibility, control, and real-time protection
Falcon AIDR’s approach relies on a key concept: governing and protecting the interaction with AI, not just the model or its supporting infrastructure. CrowdStrike aims to deliver unified protection encompassing everyday employee usage and real-time execution of AI applications and agents within a single platform.
Highlighted capabilities include:
- AI usage visibility (“seeing AI everywhere”), with execution and activity logs targeted at compliance and investigation.
- Blocking prompt injection attacks and other manipulation techniques.
- Real-time risk interaction control, including containment of agent actions.
- Protection of sensitive information, to detect and prevent credential leaks or regulated data exposure before reaching models, agents, or external services.
- Accelerated secure development, with built-in safeguards for technical teams.
Beyond its feature set, CrowdStrike emphasizes that the “interaction layer” is becoming the new battleground: prompts could become “the new malware” in the sense that they can carry malicious intent and trigger automated malicious behaviors. This mental shift requires rethinking traditional controls, as attackers now may breach defenses not through classic vulnerabilities but via conversations.
Why now: AI’s rise amplifies cloud security risks
While Falcon AIDR focuses on model and agent interactions, this aligns with a broader trend: the expansion of the perimeter as AI grows, especially in cloud environments. A yearly report from Palo Alto Networks on cloud security indicates that 99% of surveyed organizations experienced at least one attack targeting AI systems in the past year, with attackers pivoting toward foundational layers like APIs, identities, and lateral movement.
The practical takeaway is that the average company no longer only has “cloud applications”: it has models connected to data, API-consuming services, and automation performing actions. In this scenario, malicious interactions with an agent can lead to real consequences: access to sensitive information, unauthorized actions, or lateral movement into deeper systems.
The real challenge: securing without hindering business
The key question isn’t whether AI needs protection, but how to do so without hampering its adoption. Most organizations are in a phase where pilots, approved tools, and informal usages coexist. Here, a layer of control over prompts, responses, and actions can make a crucial difference—not as a policing entity that forbids, but as a system that enables innovation within clear boundaries and traceability.
Ultimately, Falcon AIDR arrives at a point where conversations shift from experimental to operational. And when AI begins making decisions and executing actions, security can no longer focus solely on infrastructure; it must also address interaction points.
Frequently Asked Questions
What is a prompt injection attack, and why does it concern businesses?
It is a technique to embed hidden or malicious instructions into a prompt (or content consumed by the model), tricking AI into performing unintended actions: revealing data, bypassing policies, or executing unsafe commands.
How can organizations protect AI agents that perform actions in corporate systems?
In addition to traditional controls (IAM, segmentation, logging), there is a need for specific layers to audit and block dangerous prompts, contain automated actions, and enforce real-time policies on what an agent can or cannot do.
What does “shadow AI” mean in an organization, and how can it be reduced?
It refers to the use of AI tools outside approved channels. It can be mitigated by establishing clear policies, using official, high-performance tools (to discourage shortcuts), and gaining visibility into actual usage along with risk-oriented training.
Why are API security and identity management critical in cloud AI projects?
Because many AI systems depend on APIs to operate and on identities (human or non-human) to access data and services. Weak controls here allow attackers to escalate, move laterally, and extract sensitive information.
via: crowdstrike