Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The rapid adoption of AI has introduced a new, semantic attack vector that many organizations are ill-prepared to defend against: prompt injection. While many security teams understand the threat of direct prompt injection attacks against AI agents developed by their organizations, another more subtle threat lurks in the shadows: indirect prompt injection attacks.

Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits a high level of technical sophistication, advanced operations security (OPSEC) skills, and extensive knowledge of cloud and virtual machine (VM) environments.

Adversaries are increasingly adopting AI technology to make their cyber operations faster, more efficient, and harder to detect. To stay ahead, defenders need intelligent systems capable of reasoning and acting with the same speed and accuracy as the adversary. CrowdStrike empowers defenders with the CrowdStrike Falcon platform, our agentic security platform that is fueled by AI built and governed by experts who understand the mission of defense.

CrowdStrike is announcing new cloud detection and response (CDR) capabilities to help SOC teams reduce mean time to respond (MTTR) and strengthen protection across hybrid and multi-cloud environments. These include new Real-Time Cloud Detections in CrowdStrike Falcon Cloud Security and Automated Cloud Response Actions.

CrowdStrike is redefining how SOC teams turn cloud data into actionable intelligence by unifying speed, scale, and cost efficiency in one platform built for the cloud and AI era. Together with AWS, today we are announcing new integrations and consumption options designed to further simplify how customers secure and operationalize workloads on Amazon Web Services (AWS).

In a cloud-first world, sensitive data moves quickly between microservices, APIs, SaaS applications, and storage services. CrowdStrike Falcon Data Protection for Cloud, now generally available, delivers runtime visibility and protection for sensitive data in motion so organizations have continuous insight into how data moves, when it’s accessed, and where it’s at risk.

In January 2025, China-based AI startup DeepSeek (深度求索) released DeepSeek-R1, a high-quality large language model (LLM) that allegedly cost much less to develop and operate than Western competitors’ alternatives. CrowdStrike Counter Adversary Operations conducted independent tests on DeepSeek-R1 and confirmed that in many cases, it could provide coding output of quality comparable to other market-leading LLMs of the time.

Cross-domain attacks exemplify adversaries’ drive for speed and stealth. In these attacks, threat actors navigate multiple domains such as endpoint, cloud, and identity systems to maximize their reach and impact. Their goal is to exploit the weaknesses in organizations’ fast-growing and complex environments.

Anthropic's Threat Intelligence team recently uncovered and disrupted a sophisticated nation-state operation that weaponized Claude’s agentic capabilities and the Model Context Protocol (MCP) to orchestrate automated cyberattacks simultaneously against multiple targets worldwide. This AI-powered attack automated reconnaissance, vulnerability exploitation, lateral movement, and more across multiple victim environments at unprecedented scale and speed.

AI has collapsed the vulnerability exploit lifecycle. Adversaries now discover, weaponize, and exploit exposures across hybrid environments in minutes — chaining together misconfigurations, unpatched systems, and stolen credentials to gain rapid access and move laterally across environments. For defenders, the speed of the adversary changes everything.