Falcon Shield Evolves with AI Agent Visibility and Falcon Next-Gen SIEM Integration

CrowdStrike is introducing two powerful innovations in CrowdStrike Falcon® Shield to stop identity-based attacks in the AI era: a centralized view of AI agents across platforms and the integration of first-party SaaS telemetry into CrowdStrike Falcon® Next-Gen SIEM — the industry’s first native integration of SaaS security posture management (SSPM) and next-gen SIEM. 

Identity has become a key battleground of modern cybersecurity. In 2024, 79% of CrowdStrike detections were malware-free as adversaries increasingly relied on credential theft, session hijacking, multifactor authentication (MFA) manipulation, and abuse of SaaS and cloud identity providers. Adversaries like SCATTERED SPIDER repeatedly demonstrate how quickly a single compromised identity can help them move laterally across domains with speed and precision. Now, as enterprises embrace more SaaS platforms, AI agents, and GenAI tools, the identity attack surface will continue to rapidly expand.

The rise of non-human identities, from service accounts to autonomous AI agents, has intensified these challenges. AI agents, for example, can write code, access sensitive repositories, invoke APIs, and trigger cross-domain workflows that directly affect production systems — yet they’re often created and deployed with minimal security oversight.

A few months ago, we launched CrowdStrike Falcon® Next-Gen Identity Security and announced new AI agent capabilities to help businesses tackle these challenges. Now, we’re building on our momentum. Falcon Shield, part of Falcon Next-Gen Identity Security, already delivers unified AI-native protection designed to stop identity-driven, cross-domain attacks — and the innovations announced today will further strengthen its ability to protect every identity as the attack surface continues to evolve.

Cross-Platform Visibility and AI Agent Governance

The proliferation of AI agents across SaaS ecosystems has introduced a new frontier of privilege and automation, and with that comes risk. Employees can build powerful AI agents that can access cloud drives, ingest corporate data, or interact with source code repositories. These agents effectively operate as autonomous and often privileged users. The problem is that most organizations have no inventory of these agents, no understanding of their access scopes, and no ability to monitor their behavior.

Falcon Shield gives them the visibility they need.

Today, Falcon Shield automatically discovers and classifies AI agents while mapping who created each agent, which users have access to it, which data it can access, what action(s) it can take, and where it’s deployed, among other information. It detects unauthorized AI agents and flags risky configurations such as internet exposure, over-permissioning, and access to code repositories. It also correlates each agent’s privileges to its associated human or service identity for full accountability. 

The newest enhancements to Falcon Shield will support continuous AI agent discovery and deep visibility, which enables organizations to monitor agent behavior and mitigate risk. New innovations will include:

• Visibility of agent-to-agent activity to identify unauthorized actions or misuse
• A centralized and normalized view of agents across diverse AI platforms
• Dedicated AI agent inventory to provide continuous monitoring and investigation
• Greater insights into AI agents, including their knowledge base, specific action capabilities, and more
• The ability to alert agent owners of risky configurations or suspend agents to mitigate potential threats using CrowdStrike Falcon® Fusion SOAR 

If an AI agent begins accessing unauthorized data or acting outside of expected parameters, security teams can disable both the agent and its associated user account automatically by triggering a Falcon Fusion workflow. This brings the same rigor that CrowdStrike applies to human identities to the rapidly expanding universe of AI-driven automation. Customers will get tighter governance and auditability of their AI agent deployments, reduce the risk of identity and agent abuse, and gain confidence to scale AI safely across the business.

The Industry’s First Native Integration of SSPM and Next-Gen SIEM

For the first time, first-party SaaS telemetry is now streamed directly between Falcon Shield SaaS Security Posture Management (SSPM) and Falcon Next-Gen SIEM, creating a shared detection, investigation, and hunting environment that spans every domain: identity, endpoint, network, cloud, and SaaS. This is a breakthrough for defenders facing adversaries that move seamlessly between compromised VPN appliances, cloud control planes, Active Directory, SaaS email tenants, and endpoints — movement that makes detection nearly impossible for teams without a unified dataset.

By integrating Falcon Shield with Falcon Next-Gen SIEM, organizations gain the ability to correlate SaaS events with endpoint detections, identities, cloud events, network telemetry, and third-party SIEM logs to identify threats such as OAuth abuse, unusual file sharing, and anomalous login activity. What previously required manual reconstruction across multiple domains is now within a single, high-fidelity timeline of adversary behavior, enabling faster detection of cross-domain attacks and deeper forensic clarity. 

Why Next-Gen Identity Security Is Essential

These innovations are part of CrowdStrike’s broader strategy to secure every identity — human, non-human, and AI — across the full identity lifecycle, unified through a single, AI-native CrowdStrike Falcon® platform. The convergence of deep SaaS security, real-time identity threat detection, and AI governance is the new baseline for stopping modern breaches.

CrowdStrike will continue expanding Falcon Shield and Falcon Next-Gen Identity Security to meet the rapidly evolving SaaS and identity landscape, bringing together posture management, threat detection, and agentic AI to help our customers stay ahead of threat actors. The future of identity security is unified, AI-native, and built to outpace the adversary. 

See these innovations in action, request a free Falcon Shield risk review, and discover the benefits of a unified SaaS, AI, and identity security posture. Contact your representative to explore how CrowdStrike can empower your business to thrive in today’s dynamic digital landscape.

Forward-Looking Statement

This blog includes descriptions of products, features, or functionality that may not be currently generally available. Any such references are provided for information purposes only. The development, release, and timing of all features or functionality remain at our sole discretion and may change without notice. These statements are subject to risks, uncertainties, and assumptions that may cause actual results to differ materially from those expressed or implied.  Customers should make purchasing decisions based only on services and features that are currently generally available. For more information on our existing offerings, please talk to your CrowdStrike representative.