快讯

$CrowdStrike(CRWD.US)$ today launched Threat AI, the industry's first intelligent threat intelligence system designed to automate and accelerate the most complex and time-consuming intelligence workflows. As a key component of CrowdStrike's newly introduced Agentic Security Workforce, Threat AI provides intelligent agents capable of task execution. These agents can perform cross-dimensional reasoning on threat data, proactively track attackers, and take decisive action at various stages of the kill chain. This functionality allows defenders to focus on high-impact investigative work while maintaining control over the overall process. Adam Meyers, head of CrowdStrike's adversary operations department, stated: "Attackers are weaponizing artificial intelligence to accelerate every phase of an attack—what used to take months can now happen in seconds, significantly compressing the defender's response window. Threat intelligence can no longer be limited to providing information to defenders; it must actively combat threats at the speed of AI. Threat AI, as the intelligence core of CrowdStrike's vision, aims to equip every security analyst with task-executing agents, delegating high-friction tasks better suited for machines to these agents, thus ushering in a new era of threat intelligence."

Threat AI: A Truly Effective Intelligence System

For a long time, CrowdStrike has set the industry benchmark in adversary intelligence, tracking over 265 of the world's most advanced nation-state hacker groups, cybercrime organizations, and hacker collectives. Threat AI is embedded within CrowdStrike's threat intelligence and tracking module, developed based on years of practical experience from CrowdStrike's elite threat tracking team and intelligence experts in the adversary operations department (CAO). The system automates complex workflows and provides actionable recommendations at critical moments for analysts, significantly enhancing investigation and threat response speed.

The first batch of agents launched includes:

Malware Analysis Agent: This agent automates the most time-consuming and complex workflows for analysts, specifically reverse engineering, classification, and comparison of malware. It can complete file analysis, identify code similarities, instantly determine attack sources, and generate YARA rules (a type of malware detection rule) in seconds. It not only provides directly applicable insights but also builds a comprehensive defense system for entire malware families.

Tracking Agent: This agent continuously and automatically executes professional-grade proactive threat tracking across the entire network environment. It can run query commands, actively scan for emerging threats, quickly filter key findings, and provide clear, actionable insights and follow-up action recommendations.

Expanding the Threat Intelligence Agent Team

The Malware Analysis Agent and Tracking Agent are the first products in the Threat AI series, with more agents for classification filtering, correlation analysis, and exposure mapping to be launched in the future All intelligent agents will achieve collaborative scheduling, with the output results of one intelligent agent providing support to other intelligent agents, forming a capability closed loop. The threat intelligence browser extension CrowdStrike has simultaneously launched a powerful new Chrome browser extension that integrates CrowdStrike's adversary intelligence directly into analysts' web browsers. Analysts can access CrowdStrike's intelligence support at any time while conducting external research without switching work contexts, providing instant background information for investigative work and significantly enhancing response speed. For more information about Threat AI and how it is leading threat intelligence into the era of intelligent agents, you can read our blog and visit the relevant pages (the original text states "visit here" as no specific link was provided, so this expression is retained).

About CrowdStrike: CrowdStrike (NASDAQ: CRWD) is a leading company in the global cybersecurity field, redefining modern security protection systems with its world-class cloud-native platform, providing comprehensive protection for core risk areas of enterprises (endpoints and cloud workloads, identity authentication, and data security). The CrowdStrike Falcon® platform, driven by the CrowdStrike Security Cloud and world-class artificial intelligence technology, integrates real-time attack indicators, threat intelligence, evolving adversary attack techniques, and enhanced telemetry data from across the enterprise network, enabling ultra-high precision threat detection, automated protection and remediation, elite threat tracking, and prioritized visualization of vulnerability risks. The Falcon platform is designed for cloud environments, adopting a single lightweight agent architecture that not only allows for rapid deployment and strong scalability but also provides excellent protection performance and operational efficiency while reducing system complexity, helping enterprises achieve immediate value returns