Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Applying robust security measures to automated software development is no longer a luxury but a necessity. CrowdStrike data scientists have developed an AI-driven, multi-agent proof of concept that leverages Red Teaming capabilities to identify vulnerabilities in code developed by AI agents. While it is still in the research stage, our work shows this advanced AI technology has the potential to revolutionize software security.

CrowdStrike has won the 2025 Google Cloud Security Partner of the Year Award for Workload Security, recognizing our leadership in securing cloud environments at scale. Announced at Google Cloud Next 2025, the award highlights our commitment to joint innovation and delivering best-in-class protection for Google Cloud customers. As part of this growing partnership, we also introduced new CrowdStrike Falcon Cloud Security enhancements purpose-built for Google Cloud environments.

We’re excited to share that CrowdStrike Falcon Cloud Security now offers enhanced tools to help secure artificial intelligence (AI) development, simplify AI security posture management, and quickly respond to AI threats. These updates have been developed in collaboration with NVIDIA since August 2024.

Identity is at the center of the fight against adversaries. As threat actors weaponize legitimate credentials and sell access to the highest bidders, organizations must proactively detect and secure exposed identities to shut down potential attack paths before they can be exploited.

We would like to recognize Amit Serper, Travis Lowe, Tony Gore, Adrian Godoy, Mihai Vasilescu, Suraj Sahu, Pablo Ramos, Raj Jammalamadaka, Lacie Griffin, and Josh Grunzweig for their contributions in authoring this publication. CrowdStrike is committed to protecting our customers from the latest disclosed vulnerabilities. We are actively monitoring activity surrounding “IngressNightmare,” the name given to recently identified vulnerabilities in the Kubernetes (K8s) ingress-nginx controller.

As organizations strengthen endpoint and cloud security, attackers are shifting their focus to often-overlooked network infrastructure like routers, switches, and firewalls. Legacy vulnerability management (VM) solutions struggle to keep pace, relying on slow, periodic scans that fail to provide real-time visibility into emerging threats.

Research is the cornerstone of CrowdStrike’s focus on innovation, and it enables us to stay a step ahead of the most sophisticated adversaries. The work of our dedicated team of researchers and data scientists is reflected in the industry-leading protection delivered by the AI-native CrowdStrike Falcon platform. This team is not only involved in groundbreaking new developments — it is also constantly exploring ways to make existing cybersecurity technology more effective.

The evolving landscape of state-sponsored threats demands the highest levels of security for federal systems and critical infrastructure. As part of our longstanding commitment to protecting federal agencies and critical infrastructure, the AI-native CrowdStrike Falcon platform has achieved Federal Risk and Authorization Management Program (FedRAMP) High Authorization — the U.S. government’s most stringent cloud security standard.

Though 2024 may be behind us, many of the security threats and vulnerabilities that organizations faced last year remain. The CrowdStrike Professional Services Red Team tracks them all in its efforts to defend organizations against adversaries. The three most common exploitation paths we encountered were: In this blog, we break down these three critical exploitation paths, detailing how they occur and what steps organizations can take to mitigate them.

The rise of connected devices has fundamentally reshaped industries, enabling unprecedented levels of automation, efficiency, and innovation. These devices fall under the Extended Internet of Things (XIoT), a broad category encompassing traditional Internet of Things (IoT) devices, operational technology (OT), industrial control systems (ICS), the Internet of Medical Things (IoMT), and other connected assets that span enterprise IT and operational environments.