GenAI adoption is exploding across organizations, transforming how work gets done and where data moves. CrowdStrike is announcing four new innovations in CrowdStrike Falcon® Data Protection to empower organizations to embrace GenAI tools while securing data across endpoints, cloud, GenAI, and SaaS environments.
Sensitive data constantly flows through GenAI tools, SaaS applications, personal cloud accounts, and unmanaged devices. Every movement is a potential exposure. Employees paste data into GenAI tools, potentially leaking critical information. This insider risk is common and costly: Insider threats cost organizations an average of $17.4 million in 2024,¹ and 83% of surveyed enterprises experienced at least one insider-driven incident in the past year.²
Traditional data loss prevention (DLP) tools aren’t enough to mitigate modern data risk. They require heavy agents, rigid rules, and constant tuning –78% of organizations reported struggling just to maintain them.³ Data security posture management (DSPM) tools provide static snapshots of where sensitive data resides but fail to see how it flows in real time.
Security teams need data protection that can keep pace with how information moves. They need real-time visibility into data in motion, consistent data classification across environments, and automated response when risks emerge. Falcon Data Protection already unifies real-time visibility, classification, and defense across endpoint, cloud, SaaS, and AI through a single unified sensor. Now, we’re introducing new innovations to provide the modern protection and speed today’s organizations need.
At Fal.Con 2025, CrowdStrike is introducing four advancements that redefine modern data protection for the AI era:
- GenAI data protection capabilities that can stop sensitive data leaks across browsers, local apps, shadow AI services, and cloud data flows
- A unified suite of out-of-the-box detections across endpoint and cloud, including coverage for GenAI misuse, data loss, and insider activity
- AI-powered data classifications that extend coverage to new, complex data types and improve the accuracy of existing ones
- A new insider risk dashboard that provides analysts the context they need to spot risky behaviors and take action
GenAI Data Protection: Stop GenAI Data Leaks Where They Start
Table of Contents
CrowdStrike is introducing real-time visibility and protection across browsers, local applications, shadow AI services, and cloud data flows to stop GenAI data leaks at the source. With GenAI-specific detections, dedicated dashboards, and expanded enforcement using both process access control and client network inspection, CrowdStrike sheds light on the blind spots left by data protection solutions that only provide browser-based coverage.
Process access control stops unauthorized applications, such as local GenAI clients or desktop tools, from accessing or exfiltrating classified data. Client network inspection provides runtime visibility into data flows and blocks sensitive transmissions across cloud and SaaS connections. Whether data flows through a browser, local application, or cloud service, Falcon Data Protection provides runtime coverage to stop sensitive data before it leaves the enterprise.
Key capabilities:
- A dedicated GenAI dashboard to provide unified visibility into data usage paths, enriched by Charlotte AI insights and recommended actions
- Expanded enforcement controls that use client network inspection to block sensitive data leaving local apps, and process access control to stop unauthorized GenAI tools from accessing classified files
- Cloud runtime coverage that uncovers risky data flows from machine learning or GenAI workloads to unauthorized services, and triggers automated playbooks through CrowdStrike Falcon® Fusion SOAR
- GenAI-specific detections to identify sensitive data flowing into AI tools in real time
Beta is expected in November 2025, and general availability is expected by the end of January 2026.
Unified Detections: Detect More Threats, Faster
Security teams are under pressure to do more with less, but fragmented detections across siloed tools only add noise and delay response. Analysts are forced to pivot between consoles, chasing alerts that lack context while adversaries exploit the gaps.
Falcon Data Protection is gaining a unified suite of out-of-the-box detections across endpoint and cloud, including coverage for GenAI misuse, data loss, and insider activity, boosting detection breadth by 10x.4 Investigations are streamlined, and alert fatigue reduced, with real-time alerts, cross-domain visibility, and automation through the Falcon platform.
Key capabilities:
- Unified, out-of-the-box detections that provide coverage for GenAI misuse, data loss, and insider activity across endpoint and cloud
- Cross-domain visibility to eliminate silos and accelerate investigations with a unified dashboard that correlates detections across hybrid environments
- Context-rich alerts to accelerate response with enrichment from identity, device, and adversary tradecraft
General availability is expected by the end of 2025.
AI-Powered Classifications: Classify Smarter, Protect More
Traditional classification engines struggle to keep pace with evolving data types and formats. Static rules lead to false positives, wasted analyst time, and sensitive data slipping through the cracks. Stopping GenAI data leaks and insider threats requires smart, precise classification.
Falcon Data Protection AI-powered classifications extend coverage to new, complex data types and improve the accuracy of existing ones. Spanning endpoint and cloud, Falcon Data Protection uses large language models to deliver smarter, more precise classification — reducing false positives and enabling consistent protection. On the endpoint, this innovation is further enhanced through a partnership with Intel, bringing AI-powered precision directly into the device layer for stronger, faster enforcement.
Key capabilities:
- Extended coverage adds support for complex data types such as user names and passwords while improving classification for existing types
- The ability to detect and identify unstructured data as sensitive information in free-form content, which static rules often miss
- Accuracy improvements to reduce false positives and strengthen enforcement precision across endpoint and cloud
General availability is expected by the end of January 2026 for cloud and by the end of July 2026 for endpoint.
Insider Threat Dashboard: Take Action on Insider Risk
Insider threats are among the most difficult challenges security teams face. With GenAI tools opening new channels for sensitive data movement, visibility gaps are harder to close. Whether it’s a negligent employee, a malicious insider, or a compromised account, sensitive data can be moved out of the organization long before traditional tools detect it. Fragmented visibility across identity and data movement leaves teams piecing together incomplete signals while risk grows.
The new Insider Risk dashboard in Falcon Data Protection changes that. By correlating telemetry from Falcon Data Protection and CrowdStrike Falcon® Next-Gen Identity Security into a single view, it gives analysts the context they need to spot risky behaviors early and take action.
Key capabilities:
- Centralized visibility provides real-time insights into insider risk by combining identity and data protection telemetry in a unified dashboard
- Contextual filters accelerate investigations by surfacing malicious, negligent, or compromised user behavior
This feature is now generally available to customers of both Falcon Data Protection and Falcon Next-Gen Identity Security.
Built for How Data Moves Today
Legacy data protection tools were built for a different era. DLP enforces static policies with heavy agents that can’t adapt to modern data flows. DSPM provides snapshots of where data sits but fails to see it move at runtime. These fragmented approaches increase complexity, delay response, and leave exploitable gaps.
Only CrowdStrike unifies data protection across endpoint, cloud, SaaS, and AI into a single platform with one unified sensor. With these latest innovations, we deliver the runtime protection, speed, and coverage that modern data demands.
Forward-Looking Statements
This blog includes forward-looking statements including, but not limited to, statements concerning the expected timing of product and feature availability, the benefits and capabilities of our current and future products and services, and our strategic plans and objectives. Such statements are subject to numerous risks and uncertainties and actual results could differ from those statements. Any future products, functionality and services may be abandoned or delayed, and customers should make decisions to purchase products and services based on features that are currently available. These and other risk factors are described in the “Risk Factors” section of our most recent Form 10-Q filed with the Securities and Exchange Commission.
Any forward-looking statements made in this document are based on our beliefs and assumptions that we believe to be reasonable as of the date of the presentation. You should not rely upon forward-looking statements as predictions of future events. Except to the extent required by law, we undertake no obligation to update these forward-looking statements to reflect new information or future events.
Additional Resources
1. Ponemon Institute, 2025 Cost of Insider Risks Report
2. Cybersecurity Insiders, 2024 Insider Threat Report
3. ESG, The State of Data Loss Prevention, 2025
4. Compared to current Falcon Data Protection detection offering
