$CrowdStrike (CRWD.US)$Announced today, Threat AI is the industry's first agent-based threat intelligence system, aimed at automating the most complex and time-consuming intelligence workflows to accelerate task completion. As a critical part of CrowdStrike’s newly launched Agentic Security Workforce, Threat AI delivers agents capable of executing tasks, which can perform cross-dimensional reasoning on threat data, actively track attackers, and take decisive actions across all stages of the kill chain. This feature enables defenders to focus on high-impact investigative work while retaining full oversight of the overall process.
Adam Meyers, Head of CrowdStrike's Adversary Operations, stated, “Attackers are weaponizing artificial intelligence to accelerate every phase of an attack — what once took months can now occur within seconds, drastically reducing the response window for defenders. Threat intelligence can no longer merely provide information to defenders; it must proactively counter threats at the speed of AI. As the intelligence cornerstone of CrowdStrike’s vision, Threat AI is dedicated to equipping every security analyst with task-executing agents, delegating high-friction tasks better suited for machines to these agents, thereby ushering in a new era of threat intelligence.”
Threat AI: An Intelligence System That Delivers Real Results
For years, CrowdStrike has set the industry benchmark in adversary intelligence, having tracked over 265 of the world’s most advanced nation-state hacking groups, cybercrime organizations, and hacktivist collectives. Embedded within CrowdStrike’s threat intelligence and tracking modules, Threat AI was developed based on years of hands-on experience from CrowdStrike’s Adversary Operations (CAO) elite threat hunting teams and intelligence experts. The system automates complex workflows and delivers actionable recommendations precisely when analysts need them most, significantly enhancing the speed of investigations and threat response. The first wave of agents released includes:
Malware Analysis Agent: Automates analysts' most time-consuming and intricate workflows, including reverse engineering, classification, and comparison of malware. This agent can analyze files within seconds, identify code similarities, determine the source of attacks instantly, and generate YARA rules (a type of malware detection rule). It not only provides immediately applicable insights but also builds comprehensive defense mechanisms against entire malware families.
Tracking Agent: Continuously executes professional-grade proactive threat hunting across the entire network environment. This agent can run query commands, actively scan for emerging threats, quickly filter critical findings, and deliver clear, actionable insights along with follow-up action recommendations.
Expanding the Threat Intelligence Agent Team
The malware analysis agent and tracking agent are the first products in the Threat AI series of agents, with subsequent releases planned for agents specializing in classification screening, correlation analysis, and exposure mapping. All agents will be coordinated through integrated scheduling, where the output of one agent supports others, forming a closed-loop capability.
Threat Intelligence Browser Extension
CrowdStrike has also launched a powerful new Chrome browser extension that directly integrates CrowdStrike's adversary intelligence into analysts' web browsers. Analysts conducting external research can access CrowdStrike's intelligence support without switching contexts, instantly enriching investigations with relevant background information and significantly enhancing response speed.
To learn more about Threat AI and how it is ushering threat intelligence into the age of intelligent agents, read our blog and visit the related page (original link: "visit here", retained as specific links were not provided).
About CrowdStrike
CrowdStrike (Nasdaq: CRWD) is a global leader in cybersecurity, redefining modern security frameworks with its cutting-edge cloud-native platform. It provides comprehensive protection for enterprises’ core risk areas, including endpoints and cloud workloads, identity, and data security.
The CrowdStrike Falcon® platform is powered by CrowdStrike Security Cloud and world-class artificial intelligence, integrating real-time attack indicators, threat intelligence, evolving adversary tactics, and enhanced telemetry data from across the enterprise network. It delivers highly accurate threat detection, automated protection and remediation, elite threat hunting capabilities, and prioritized visualization of vulnerability risks.
Designed for cloud environments, the Falcon platform adopts a single lightweight agent architecture, ensuring rapid deployment, strong scalability, and exceptional protection performance and operational efficiency while reducing system complexity, enabling enterprises to realize value quickly.