Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today, at Fal.Con 2025, I am delighted to announce CrowdStrike’s intent to acquire AI security leader Pangea. With this acquisition, CrowdStrike will pioneer the category of AI detection and response (AIDR) as we secure enterprise AI development and use across the data, models, agents, identities, infrastructure, and interactions making up the AI lifecycle.

CrowdStrike is introducing Falcon Complete Hub, a new feature within the industry-leading CrowdStrike Falcon Complete Next-Gen MDR, to provide security teams and leaders with unified insight into their managed detection and response (MDR) operations. Modern adversaries are moving faster than ever: eCrime threat actors achieved an average breakout time of just 48 minutes in 2024, according to the CrowdStrike 2025 Global Threat Report.

CrowdStrike has been named a Leader in The Forrester Wave: Managed Detection and Response (MDR) Services in Europe, Q3 2025. In this evaluation, CrowdStrike received the highest possible scores in 16 criteria, including endpoint detection surface, identity detection surface, cloud detection surface, managed response: manual and automated, threat hunting, analyst experience, vision, and innovation.

CrowdStrike data scientists are members of a team of cybersecurity researchers that recently released EMBER2024, an update to EMBER, the popular open source malware benchmark dataset originally released in 2018. The EMBER2024 dataset includes metadata, labels, and calculated features for over 3.2 million files from six different file formats.

As AI becomes embedded across the enterprise — from customer-facing tools to backend automation — it dramatically expands the enterprise attack surface. Models, agents, apps, and data pipelines now span public and private clouds, SaaS, and edge environments, creating a sprawling, opaque risk landscape.

Today, I’m excited to announce CrowdStrike’s agreement to acquire Onum, a leader in real-time telemetry pipeline management that will extend the CrowdStrike Falcon platform’s data advantage. Onum delivers the real-time data architecture to transform data in motion into high-fidelity intelligence, fueling CrowdStrike Falcon Next-Gen SIEM and powering the agentic SOC. This is a pivotal step forward in our mission to stop breaches.

CrowdStrike has been named a Leader in the IDC MarketScape: Worldwide Incident Response Services 2025 Vendor Assessment. We believe this validation reflects CrowdStrike’s strength in delivering rapid, effective response, powered by the AI-native CrowdStrike Falcon platform, frontline breach expertise, and a global 24/7 incident response model designed for today’s most advanced threats.

CrowdStrike has been named a Leader in the 2025 IDC MarketScape: Worldwide Exposure Management 2025 Vendor Assessment. CrowdStrike has redefined exposure management to meet the realities of today’s threat landscape, where modern adversaries move fast, exploit stolen credentials, and use malware-free techniques to bypass defenses and blend into legitimate operations across endpoint, identity, cloud, and unmanaged infrastructure.

Since 2023, CrowdStrike Services and CrowdStrike Counter Adversary Operations have investigated multiple intrusions conducted by MURKY PANDA, a sophisticated adversary leveraging advanced tradecraft to compromise high-profile targets. MURKY PANDA, active since at least 2023, is a cloud-conscious adversary with a broad targeting scope; the adversary’s operations have particularly focused on government, technology, academia, legal, and professional services entities in North America.

Between June and August 2025, the CrowdStrike Falcon platform successfully blocked a sophisticated malware campaign that attempted to compromise over 300 customer environments. The campaign deployed SHAMOS, a variant of Atomic macOS Stealer (AMOS) developed by the cybercriminal group COOKIE SPIDER. Operating as malware-as-a-service, COOKIE SPIDER rents this information stealer to cybercriminals who deploy it to harvest sensitive information and cryptocurrency assets from victims.