CrowdStrike Holdings Inc. today expanded its Falcon platform with new cloud security and data protection capabilities aimed at helping enterprises secure increasingly complex, artificial intelligence-driven environments.

The announcements, made on day two of the RSAC 2026 Conference in San Francisco, focus on two related problems: how to prioritize cloud risks based on real attacker behavior and how to protect sensitive data as it moves across endpoints, software services, cloud platforms and generative AI tools.

The updates are in response to a security landscape that has become more dynamic and less predictable as organizations adopt cloud-native applications, software-as-a-service services and agentic artificial intelligence workflows. The landscape on one that has left security teams trying to connect fragmented findings from different tools, while attackers take advantage of the gaps between visibility, prioritization and enforcement.

The first set of updates to Falcon Cloud Security is designed to give customers a more complete way to understand how cloud risk develops and where remediation should begin. The updates address the issue whereby many traditional cloud security products still assess issues in isolation, without enough awareness of how applications actually behave in production or how those exposures align with active adversary techniques.

To address the issue, CrowdStrike is introducing a threat-informed cloud risk prioritization approach that combines application context, cloud infrastructure visibility, adversary intelligence and root-cause analysis into a single operating model. That way, defenders can focus on the exposures most likely to matter in a real attack.

One new component, Application Explorer, gives customers unified visibility into applications and the cloud infrastructure that supports them. The capability maps relationships in one place so security staff can better understand how business applications shape overall risk instead of forcing teams to piece together workloads, services and dependencies manually.

CrowdStrike is also adding a new Cloud Risk Engine that maps cloud exposures to active adversary tradecraft. The engine shifts risk scoring away from a purely technical view of misconfigurations and toward a model based on how an attacker could exploit a weakness in practice.

The cloud updates are rounded out by unified real-time cloud detection and response capabilities that are designed to turn prioritized risk into enforced protection. CrowdStrike is connecting visibility and analysis directly to runtime defense so that risks identified through context and adversary mapping can be acted on faster inside the same platform.

Data security

The second major announcement today is the launch of Falcon Data Security, a new service that offers protection for the agentic enterprise.

Legacy data loss prevention and data security posture management tools were developed for a much more static world, where data largely sat at known endpoints or was inventoried in periodic snapshots rather than constantly moving across systems. CrowdStrike argues that the model is under growing pressure as employees and software agents interact with SaaS applications, cloud workloads, browsers and generative AI tools that can create, access, summarize and transmit sensitive information in real time.

Core to the new offering is AI-powered classification for data in motion. The capability is designed to identify and classify sensitive data across endpoints, SaaS services, cloud environments, browsers and AI workflows to give organizations a way to see what information is moving and whether that movement presents actual risk.

The platform also sees the introduction of generative AI data protection that is aimed at controlling how sensitive data is used across managed and unmanaged AI tools. The feature can help prevent inadvertent exposure and block data leakage when users or workflows interact with browsers, local applications or runtime cloud environments that rely on AI services.

Another part of the new offering is runtime cloud data visibility that gives customers real-time insight into how sensitive data is being accessed and moved. The capability surfaces active cloud data risk as it happens, which is valuable in environments where permissions, workflows and usage patterns change quickly.

Falcon Data Security supports automated enforcement across multiple control points, including blocking risky data movement at the endpoint, preventing unauthorized access in SaaS applications and triggering automated response actions in the cloud through unified security orchestration workflows.

The announcements today see CrowdStrike pushing further into platform consolidation at a time when enterprises are struggling with too many disconnected security products and too little actionable context.

The strategy also strengthens Falcon’s role as a central operating layer for enterprise defense. CrowdStrike is betting that customers will favor a unified system that can both explain risk and help stop it before it turns into impact.

CrowdStrike is demonstrating its new capabilities and services, including those announced yesterday, at the RSAC Conference March 23-26.

Photo: Robert Hof/SiliconANGLE