With great autonomy comes great risk. Agents can be compromised by adversaries; they can also create unintended security risks and accidentally cause breaches via misalignment. For example, in early 2026, adversaries targeted ClawHub, the community skill registry for OpenClaw, in a supply chain attack that deployed silent data exfiltration payloads to affected agents who used the skill.1
The CrowdStrike Falcon® Adversary OverWatch™ threat hunting team is closely monitoring agent-triggered detection leads, which are now tracking at 2.5 times the rate of human-triggered leads on monitored endpoints. In one instance, the team observed an agent attempt to complete a data-sharing task by sharing sensitive company files via a public file-sharing repository.
Agents are ruthlessly goal-seeking, and we are rapidly entering a world where agents, not humans, will become the majority users of software. These examples of agentic threats and risks are the opening chapter of an AI threat landscape that will define enterprise security for decades to come. The traditional tools that security teams have at their disposal were not built for this moment and do not address what matters most: agent runtime. A prompt injection attack does not appear in a governance report. A compromised agent exploiting inherited credentials may not trigger a data loss prevention rule. Detection without runtime interception is observation, not protection. AI detection and response (AIDR) as a cybersecurity solution category must stop what is going wrong at the moment of execution, before the threat propagates.
Defining the AIDR Category
AIDR is a unified, runtime security category that involves detecting, investigating, and responding to threats targeting and originating from AI systems across the coverage planes where AI operates: endpoints, SaaS applications, and cloud environments. AIDR represents the new runtime security architecture that the agentic era requires, one that is unified and agent-action-oriented.
Three principles separate a true AIDR platform from adjacent solution categories:
Runtime security, not posture management: Posture management operates before and after the action. AIDR operates during the execution, inspecting every prompt, tool call, and agent action at the millisecond cadence that live, autonomous threats require.
Unified platform, not point solutions: AI agents cross boundaries between endpoint, cloud, and SaaS within a single session. A stack of single-layer point tools generates fragmented signals with no correlation layer to stitch the attack chain together in time.
Action-oriented control, not observation: AIDR closes the loop, blocking, redacting, isolating, and revoking at the point of execution.
AIDR must also deliver protection across the seven-layer AI estate: data, models, prompts, agents, identities, infrastructure, and interactions, each of which creates new attack surfaces and security challenges.