At RSA 2025, CrowdStrike introduced a series of updates to its Falcon cybersecurity platform aimed at closing critical security gaps in hybrid and multi-cloud environments. These new capabilities focus on securing AI models, runtime cloud data, SaaS applications, and user identities, while also addressing emerging risks from encrypted file exfiltration and GenAI-related data leaks. The updates reinforce CrowdStrike’s strategy of providing unified visibility and control across the full spectrum of cloud risk.
Addressing AI and Cloud Security Challenges
Cloud environments are increasingly complex, with growing adoption of AI workloads and SaaS applications adding new layers of risk. CrowdStrike introduced new Falcon® Cloud Security innovations to detect and mitigate risk in AI models before they become threats, and provide visibility into overall AI security posture. CrowdStrike’s new AI Model Scanning feature proactively inspects AI models in containerized environments for hidden malware, adversarial manipulation, and backdoors before they reach production. Coupled with a new AI Security Dashboard, teams gain real-time insight into their AI workloads, can enforce usage policies, and track sensitive training data to minimize exposure.
Protecting Cloud Data at Runtime
CrowdStrike has also introduced new capabilities across its Falcon platform to better secure cloud identities, protect data at runtime, and mitigate risks in SaaS environments. These additions aim to address the growing challenges of managing access, preventing unauthorized data exposure, and detecting threats across complex hybrid and multi-cloud infrastructures. Falcon Data Protection for Cloud, powered by eBPF, delivers real-time enforcement without impacting performance, ensuring cloud data is shielded both at rest and in motion.
Mitigating SaaS and Identity Risks
To address the risks associated with software-as-a-service, CrowdStrike launched SaaS Threat Services, providing tailored assessments and real-time threat detection across cloud-native applications. These services help organizations close visibility gaps and secure their SaaS ecosystems against emerging threats. CrowdStrike also introduced Falcon Privileged Access, a tool designed to eliminate standing privileges and manual access requests through Just-in-Time access controls, thereby reducing the risk of credential misuse and lateral movement.
Improving Visibility with Expert-Led Services
CrowdStrike Pulse Services further extend these protections by offering modular, expert-led engagements that help organizations prioritize misconfigurations, manage identity risk, and reduce their cloud attack surface. Pulse equips security teams with the guidance needed to respond to threats more quickly and strengthen posture across hybrid environments. Together, these services reflect a shift toward proactive identity and access management, unified data visibility, and reduced operational burden.
Unified Approach to Modern Data Protection
The platform’s broader data protection capabilities consolidate multiple layers of security into a unified architecture. From runtime protection and encrypted file inspection to GenAI data leak prevention and identity-based threat detection, CrowdStrike provides comprehensive tools to counter data exfiltration and insider threats. Expanded macOS support ensures consistent policy enforcement across devices, while unified visibility across endpoints, cloud, and SaaS enables security teams to manage modern threats without relying on fragmented solutions.
