CrowdStrike adds prompt-layer detection to Falcon AIDR

CrowdStrike said on May 14 that Falcon AIDR now detects prompt-layer threats and adversary behavior inside generative-AI application stacks, adding controls aimed at the point where prompts, models, agents and connected tools interact. The company’s product pages and documentation describe the service as part of the Falcon platform, with coverage across applications, gateways, cloud services and OpenTelemetry-based telemetry feeds. CrowdStrike has positioned the product as a way to inspect prompts and responses, detect prompt-injection and jailbreak attempts, and route findings into Falcon Next-Gen SIEM for correlation with other security data. ### What exactly changed on May 14? CrowdStrike’s May 14 update centers on Falcon AIDR’s use inside generative-AI application stacks rather than only on employee use of public AI tools. The company’s current platform page says AIDR is designed to “inspect every input and output,” capture full prompt and response logs, and block prompt attacks in real time, while its documentation says AIDR collectors can capture AI interactions across applications, gateways and cloud platforms. (crowdstrike.com) The AIDR documentation describes stateless analysis through the `/guard_chat_completions` API, which accepts OpenAI Chat Completions-format payloads for security analysis, policy enforcement, logging and optional content transformation such as redaction. That means the product can sit in application workflows and evaluate prompts and responses as they move to and from large language model services. ### How does CrowdStrike say the detection works inside AI apps? (crowdstrike.com) CrowdStrike’s documentation says AIDR can detect prompt injection and jailbreak attempts, analyze prompts and responses for policy violations and sensitive data, and log results whether content is blocked or allowed. The same documentation says collected telemetry can include prompts, responses and metadata such as user identities, device information and application context. (aidr-docs.crowdstrike.com) The platform page says AIDR also monitors model versions, users and related event fields, which analysts can use to investigate AI activity across time. CrowdStrike says the product can apply redaction and blocking controls in line with configured policies. ### Which telemetry sources and integrations are in scope? CrowdStrike’s collector documentation lists Application, Gateway, Cloud and OpenTelemetry collectors for AIDR for Agents. (aidr-docs.crowdstrike.com) The Gateway options named in the documentation include Apigee, Azure API Management, Kong Gateway and Kong AI Gateway, LiteLLM AI Gateway and Portkey AI Gateway. The Cloud collector documentation says AIDR can ingest AI-related telemetry from supported cloud services such as AWS, including model invocation logs from Amazon Bedrock. (crowdstrike.com) The OpenTelemetry collector documentation says customers can forward logs, traces and metrics from applications, services and cloud workloads into AIDR without direct changes to application code. CrowdStrike’s overview pages also say AIDR data can be viewed in Falcon Next-Gen SIEM, where it can be correlated with endpoint, network and identity data. (aidr-docs.crowdstrike.com) That aligns with the company’s description of AIDR as part of a broader Falcon workflow rather than a separate console. ### Why is CrowdStrike focused on the “prompt layer”? CrowdStrike said when it launched Falcon AIDR generally in December 2025 that the product was built to secure the “prompt and agent interaction layer,” which it called the fastest-growing attack surface in the AI era. (aidr-docs.crowdstrike.com) In that announcement and related materials, the company said adversaries were using prompt injection, jailbreaks and agent manipulation to hijack AI systems and access sensitive data. (aidr-docs.crowdstrike.com) Michael Sentonas, CrowdStrike’s president, said in a March 23 release tied to RSA 2026 that organizations need “real-time visibility and control over AI behavior wherever it runs.” That March update expanded CrowdStrike’s AI-security pitch across endpoints, SaaS, browser and cloud environments, while AIDR remained the product family handling AI-specific visibility and runtime controls. (crowdstrike.com) ### What numbers is CrowdStrike using to sell the product? CrowdStrike’s current Falcon AIDR page says the product delivers “99%” prompt-attack detection efficacy with “30 milliseconds” latency or less. The same page says CrowdStrike researchers track more than 180 prompt-injection techniques. CrowdStrike also said on March 23 that its sensors detect more than 1,800 distinct AI applications on enterprise devices, representing nearly 160 million unique application instances across its customer base. (crowdstrike.com) Those figures came in a broader platform announcement, not a standalone AIDR product update, but they show the scale argument CrowdStrike is making around enterprise AI monitoring. (crowdstrike.com) ### What comes next for customers evaluating this release? CrowdStrike’s current documentation says AIDR for Agents is available through the Falcon console with Application, Agentic, Gateway, Cloud and OpenTelemetry collectors, and supports CrowdStrike’s US-1, US-2 and EU-1 clouds. The company’s “Get Started” guides direct customers to register collectors, test policies in the AIDR Playground and review events in the Visibility page and Falcon Next-Gen SIEM. (aidr-docs.crowdstrike.com) (crowdstrike.com)