CrowdStrike Holdings Inc. today debuted new features that can help enterprises protect employees from malicious artificial intelligence models and other threats.

The capabilities are rolling out for the company’s flagship Falcon cybersecurity platform.

The first new feature, AI Model Scanning, promises to detect so-called trojanized models. Those are AI models that operate as expected in most situations, but generate malicious output if they receive certain prompts. A hacker might, for example, configure a programming assistant to generate incorrect advice when developers ask it how to remove a vulnerability from their code.

Cybercriminals create trojanized models by injecting malicious records into their training data. It’s also possible to generate harmful output by modifying a neural network’s weights, configuration settings that determine how it processes prompts.

Alongside trojanized models, the new AI Model Scanning can spot backdoors and other threats. It ranks the issues it finds by severity using a technology dubbed ExPRT.AI. According to CrowdStrike, ExPRT.AI uses threat intelligence about hacking campaign to determine how likely it is that a vulnerability will be exploited.

AI Model Scanning is rolling out alongside another new feature known as the AI Security Dashboard. It’s designed to help administrators spot shadow AI, or situations where workers use potentially insecure AI applications without permission. Additionally, the feature can monitor how a company’s internal AI training data is used. 

CrowdStrike’s Falcon platform also has another component designed to spot data misuse. Falcon Data Protection, as the module is called, can detect risks such as attempts to download sensitive records onto an insecure device. The module is receiving several new features as part of today’s update.

The company says that Falcon Data Protection can now detect unauthorized data movements on Macs. Additionally, the new release is considerably better at spotting attempts to obfuscate file exfiltration.

Hackers often go about stealing data by breaching a company and then copying records to a server outside the company’s corporate network. Attempts to move files outside the corporate network can be detected by cybersecurity tools with relative ease. As a result, hackers sometimes attempt to cover their tracks by packaging stolen data into encrypted ZIP files before moving it. Such files are difficult for cybersecurity tools to scan.

According to CrowdStrike, the latest release of Falcon Data Protection scans encrypted ZIP files “as they’re created” rather than after the fact. That allows it to scan their contents for stolen data. Additionally, CrowdStrike says, Falcon Data Protection can detect attempts to upload sensitive data to generative AI tools even when the data is modified beforehand.

Rounding out the update is a new version of the tool called Falcon Data Protection for Cloud. It’s designed to identify unauthorized data movements in public cloud environments. The software can spot unauthorized activity across applications, databases and other off-premises assets. 

The product updates are joined by a new professional service offering called SaaS Threat Services. Companies that sign up can have CrowdStrike professionals scan their software-as-a-service applications for insecure configuration settings, risky integrations with external applications and related issues.

Photo: CrowdStrike