Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Frontier AI for Defenders: CrowdStrike and OpenAI TAC

CrowdStrike has been selected for OpenAI's Trusted Access for Cyber (TAC) program. Today, OpenAI released GPT-5.4-Cyber, a frontier model designed for defensive cybersecurity, and expanded the TAC program to give verified, selected defenders governed access through identity verification and tiered controls. CrowdStrike continues to lead the market in secure AI adoption, trusted by AI leaders and organizations of all sizes to accelerate the world's AI revolution.

How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed

When a new vulnerability is disclosed, security leaders want to know whether they’re exposed. In many organizations, the answer still depends on scan cycles that lag behind exposure — an architectural delay. Adversaries are moving faster: The average eCrime breakout time fell to 29 minutes in 2025, and the fastest was only 27 seconds, the CrowdStrike 2026 Global Threat Report found.

Anthropic Claude Mythos Preview: The More Capable AI Becomes, the More Security It Needs

The Claude Mythos Preview matters for every enterprise. Frontier models raise the ceiling for both offense and defense. Our job is to make sure defenders hold the advantage. That is what we have always done. That is what we do today. Today, CrowdStrike is a founding member of Project Glasswing. Anthropic builds the model. CrowdStrike secures AI where it executes. That’s the division of labor the industry needs.

Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management

Microsoft has announced the retirement of the Windows UEFI CA 2011 certificate and the transition to the Windows UEFI CA 2023 certificate, with hard enforcement beginning in 2026. This update is part of Microsoft’s ongoing effort to preserve the integrity of the Windows Secure Boot trust chain and ensure continued delivery of boot-level security updates. For enterprise IT teams, this is not simply a certificate replacement.

STARDUST CHOLLIMA Likely Compromises Axios npm Package

On March 31, 2026, a threat actor used stolen maintainer credentials to compromise the widely used HTTP client library Axios Node Package Manager (npm) package and deploy platform-specific ZshBucket variants. CrowdStrike Counter Adversary Operations attributes this activity to STARDUST CHOLLIMA with moderate confidence based on the adversary’s deployment of updated variants of ZshBucket (malware uniquely attributed to STARDUST CHOLLIMA) and overlaps with known STARDUST CHOLLIMA infrastructure.

Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse

CVE-2026-20929, a vulnerability with a CVSS of 7.5 that was patched in the January 2026 Patch Tuesday update, enables attackers to exploit Kerberos authentication relay through DNS CNAME record abuse. This blog focuses on detecting one particularly impactful attack vector: relaying authentication to Active Directory Certificate Services (AD CS) to enroll certificates for user accounts, as detailed in recent research.

How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem

The era of human-speed defense is over. With eCrime breakout times collapsing to as fast as 27 seconds and attacks from AI-powered adversaries increasing 89% year-over-year, the traditional SOC has reached a breaking point. Manual processes, fragmented tools, and rule-based playbooks were built for a different era. Today, if your defense depends on human reaction time, you’re not just behind — you’re at risk.

CrowdStrike Advances CNAPP with Industry-First Adversary-Informed Risk Prioritization

Interest in cloud-native application protection platforms (CNAPPs) has exploded over the recent years, partly due to their ability to reduce alert noise by translating siloed misconfigurations into correlated, theoretical attack paths and exposures. While many organizations have adopted these solutions in pursuit of outcomes like zero critical issues, cloud breaches continue to rise.

Falcon Data Security Secures Data Wherever It Lives and Moves

In modern organizations, sensitive data lives everywhere and is constantly moving. It is created, accessed, transformed, and shared across endpoints, browsers, SaaS applications, cloud services, GenAI tools, and agentic workflows. CrowdStrike is introducing CrowdStrike Falcon Data Security to protect data across constantly evolving business environments.

New CrowdStrike Innovations Secure AI Agents and Govern Shadow AI Across Endpoints, SaaS, and Cloud

As organizations race to adopt new AI tools, deploy AI agents, and build AI-powered software, they create new attack surfaces that traditional security controls were never designed to protect. A key example is the prompt and agentic interaction layer, which faces novel threats like indirect prompt injection and agentic tool chain attacks.