CrowdStrike CEO George Kurtz has called 2026 the “breakout year for the agentic SOC.” At RSAC 2026, the company backed that claim with five major launches — all aimed at the same problem: AI agents and AI applications are proliferating faster than security teams can track them.

The central theme: shadow AI is the new shadow IT, and CrowdStrike wants to be the one that finds it all.

Shadow AI Discovery: Endpoint, Cloud, and SaaS

The headline capability: automatic discovery of unsanctioned AI systems running across an organization’s entire environment.

Endpoint discovery detects:

  • AI applications and agents running on workstations
  • LLM runtimes (local model deployments)
  • MCP servers (the protocol connecting agents to tools)
  • Developer tools with AI capabilities (IDE extensions, coding agents)

Cloud discovery provides visibility across both cloud infrastructure and application layers — catching AI deployments that spin up inside containers, VMs, or serverless functions without security team awareness.

SaaS discovery covers the platforms where agents are being built and deployed by business users:

  • Microsoft Power Platform — low-code agents built by non-developers
  • Salesforce Agentforce — CRM-integrated autonomous agents
  • ChatGPT Enterprise — organizational AI deployments

This is the first major security platform to offer unified shadow AI discovery across all three surfaces — endpoints, cloud, and SaaS. For organizations running OpenClaw on developer machines or internal servers, the endpoint discovery is particularly relevant: it can detect MCP servers and agent runtimes that IT may not know about.

Falcon AIDR Expands Beyond the Browser

CrowdStrike’s AI Detection and Response (AIDR) platform, launched in December 2025, originally focused on browser-based AI interactions. The RSAC 2026 update extends coverage to desktop applications:

  • ChatGPT desktop app — the standalone macOS/Windows client
  • Claude desktop app — Anthropic’s native application
  • Microsoft 365 Copilot — AI embedded across Word, Excel, Teams, Outlook
  • Agentic IDE tools — coding agents in Visual Studio Code and similar environments

AIDR provides:

  • Prompt injection detection — catching adversarial inputs in real time
  • Data leak prevention — stopping sensitive data from flowing to AI models
  • Real-time policy enforcement — organizational rules applied at the point of interaction

The IDE coverage is significant. Coding agents like Copilot, Cursor, and Claude Code now operate with deep system access — reading codebases, executing commands, modifying files. AIDR can now monitor those interactions at the endpoint level, providing a security layer that the agents themselves don’t have.

Microsoft Defender for Endpoint in Next-Gen SIEM

In what CrowdStrike’s Chief Business Officer Daniel Bernard called “another watershed moment,” Falcon Next-Gen SIEM now ingests and correlates telemetry from Microsoft Defender for Endpoint.

This isn’t just a partnership announcement — it’s an architectural shift. Many enterprises run both CrowdStrike Falcon and Microsoft Defender. Until now, correlating signals between the two required manual work or third-party SIEM tools. Now Falcon Next-Gen SIEM handles it natively.

Additional SIEM upgrades announced:

  • Intelligent data filtering — control which data gets ingested, filtered, or routed elsewhere
  • Real-time pipeline analytics — detect threats during ingestion (from the Onum acquisition)
  • Federated search across distributed systems including ExtraHop

What It Means for the AI Agent Ecosystem

CrowdStrike is making a bet: the biggest security problem of 2026 isn’t sophisticated AI attacks. It’s AI agents that nobody knows about.

The shadow AI problem mirrors what happened with SaaS adoption a decade ago — business units adopted tools faster than IT could govern them. Now it’s happening with AI agents, and the stakes are higher because agents don’t just store data — they act on it.

For OpenClaw users specifically:

  • MCP server discovery means CrowdStrike can detect OpenClaw instances and their tool connections on corporate endpoints
  • Desktop AI app monitoring covers the Claude and ChatGPT apps that many use alongside OpenClaw
  • IDE agent detection catches coding agents operating in development environments

The pattern across RSAC 2026 Day 1 is clear: every major security vendor — Cisco, CrowdStrike, SentinelOne, Rubrik — announced AI agent security capabilities. The industry has officially recognized that securing AI agents is not a niche problem. It’s the central security challenge of 2026.

CrowdStrike’s announcements are generally available or entering GA in phases. Shadow AI discovery for endpoint, cloud, and SaaS is available now. AIDR desktop expansion is available now. Next-Gen SIEM Microsoft Defender support is available now.