CrowdStrike has announced Threat AI, the industry’s first agentic threat intelligence system built to automate the most complex, time-consuming intelligence workflows and accelerate outcomes. As part of CrowdStrike’s newly announced Agentic Security Workforce, Threat AI provides mission-ready agents that reason across threat data, hunt adversaries proactively, and take decisive action across the kill chain, empowering defenders to concentrate on high-impact investigations while remaining firmly in command.
“Adversaries are weaponizing AI to accelerate every stage of attacks,” said Adam Meyers, head of Counter Adversary Operations at CrowdStrike. “What once took months can now happen in seconds, collapsing the defender’s window of response. Intelligence must evolve beyond informing defenders to actively countering threats at the speed of AI.
“Threat AI is the intelligence arm of CrowdStrike’s vision to equip every security analyst with mission-ready agents that eliminate high-friction tasks better suited for machines, ushering in a new era of threat intelligence,” Meyers emphasized.
As CrowdStrike’s Senior Vice President of Counter Adversary Operations, Meyers leads the Threat Intelligence line of business for the company. He directs a geographically dispersed team of cyber threat experts tracking criminal, state-sponsored, and nationalist cyber adversary groups across the globe and producing actionable intelligence to protect customers.
CrowdStrike has long been a force in adversary intelligence, tracking more than 265 of the world’s most sophisticated nation-state, eCrime and hacktivist groups. Embedded inside CrowdStrike’s Threat Intelligence & Hunting modules and informed by years of real-world decisions from CrowdStrike Counter Adversary Operations’ (CAO) team of elite threat hunters and intelligence experts, Threat AI automates complex workflows and surfaces actionable recommendations when analysts need them most.
“Adversaries that are very sophisticated will use AI to their advantage, and adversaries that are less sophisticated actually use it to their detriment,” Meyers noted. “You need to be a subject matter expert to get the most of that AI and get what you need from it.”
Threat AI rapidly accelerates investigations and threat response, with two initial types of agents. The Malware Analysis Agent automates one of the most time-consuming and complex analyst workflows — reversing, classifying, and comparing malware. In seconds, the agent analyzes files, identifies code similarities, and provides instant attribution, delivering actionable insights and scaling defenses across entire malware families.
The second category is the Hunt Agent. It automates proactive, expert-level threat hunting continuously across the environment. The agent executes queries, proactively scans for emerging threats, rapidly surfaces critical findings, and delivers clear, actionable insights and next-step recommendations.
“AI allows some of these adversaries to outpace the defenders,” Meyers observed. “The attacker has the advantage. The defender has to be right 100% of the time. The attacker only has to get lucky once.”
The Malware Analysis and Hunt Agent are the first in a series of Threat AI agents, with additional agents for triage, correlation, and exposure mapping to follow. Each agent will be orchestrated so the output of one strengthens the others.
“I think its still early innings on AI,” Meyers said, noting that in some verticals, CrowdStrike had seen a 200%-300% growth in Chinese intrusion activity, and a 136% cloud intrusion growth since the start of the year, as they use exploits against unmanaged devices.
“All AI is is files with a bunch of numbers in them,” he noted. “If we are not defending AI, how do we protect the data centres in our research foundries.”
CrowdStrike is also introducing a powerful new Chrome extension that brings CrowdStrike adversary intelligence directly into analysts’ web browsers. Analysts can access CrowdStrike’s intelligence while conducting external research, gaining immediate context for investigations and speeding response times with actionable insights, all in the same workflow.
“You could spent $100 million training ChatGPT, but if Chinese espionage actors come in and steal the entire model and all the weights, you have a big problem,” Meyers said.