CrowdStrike & OpenAI enhance SaaS security with AI agent oversight
The company's Falcon Shield product now features integration with the OpenAI ChatGPT Enterprise Compliance API, providing the ability to discover and manage both GPT and Codex agents created within OpenAI's ChatGPT Enterprise environment. This expansion supports more than 175 SaaS applications, addressing the increasing use of agentic AI in business operations.
AI and the expanding attack surface
As enterprises leverage AI agents to automate workflows and increase efficiency, the number of such agents is rising rapidly. CrowdStrike highlighted that while these agents deliver operational benefits, they also introduce new security challenges. Organisations may struggle to monitor agent activities, understand the data and systems these agents can access, and determine who is responsible for creating or controlling them.
Autonomous AI agents frequently operate with non-human identities and persistent privileges. If a human identity associated with such an agent is compromised, there is potential for adversaries to use the agent to exfiltrate data, manipulate systems, or move across key business applications undetected. The proliferation of these agents increases the attack surface and can significantly amplify the impact of a security incident.
Enhanced visibility and governance
Falcon Shield's new capabilities are intended to help organisations address these risks by mapping each AI agent to its human creator, identifying risky behaviour, and aiding real-time policy enforcement. When combined with the company's Falcon Identity Protection, CrowdStrike's platform aims for unified visibility and protection for both human and non-human identities. "AI agents are emerging as superhuman identities, with the ability to access systems, trigger workflows, and operate at machine speed," said Elia Zaitsev, chief technology officer, CrowdStrike. "As these agents multiply across SaaS environments, they're reshaping the enterprise attack surface, and are only as secure as the human identities behind them. Falcon Shield and Falcon Identity Protection help secure this new layer of identity to prevent exploitation."
Key features of the Falcon Shield integration include the discovery of embedded AI tools such as GPTs and Codex agents across various platforms, including ChatGPT Enterprise, Microsoft 365, Snowflake, and Salesforce. This is designed to give security teams increased visibility into AI agent proliferation within an organisation's digital environment.
Accountability and threat containment
The integration links each AI agent to its respective human creator. According to CrowdStrike, this supports greater accountability and enables organisations to trace access and manage privileges using contextual information. Falcon Identity Protection works alongside these capabilities to further secure human identities associated with AI agent activity.
CrowdStrike stated that the system is capable of analysing identity, application, and data context to flag risks such as overprivileged agents, GPTs with sensitive abilities, and any unusual activity. Threats can be contained automatically using Falcon Fusion, the company's no-code security orchestration, automation, and response (SOAR) engine, which can block risky access, disable compromised agents, and trigger response workflows as required.
Unified protection approach
The product suite combines Falcon Shield, Falcon Identity Protection, and Falcon Cloud Security to provide what the company describes as end-to-end visibility and control over AI agent activity, tracking actions from the person who created an agent to the cloud systems it is able to access.
Organisations using agentic AI in their operations are being encouraged to consider tools and approaches that not only monitor the agents themselves but also strengthen oversight of the human identities behind these digital entities.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
NZ Herald
9 hours ago
- NZ Herald
ChatGPT got a big upgrade. Here's what to know about OpenAI's GPT-5
How much does it cost to access GPT-5? All ChatGPT users will get access to GPT-5, even those using the free version. But only those with a US$200-a-month ($335) 'Pro' subscription get unlimited access to the newly released system. GPT-5 will be the default mode on all versions. Users not paying for ChatGPT will only be able to ask a certain number of questions answered by GPT-5 before the chatbot switches back to using an older version of OpenAI's technology. How will GPT-5 change ChatGPT? GPT-5 responds to questions faster than OpenAI's previous offerings and is less likely to 'hallucinate' or make up false answers, OpenAI executives said at a news briefing before its release. It gives ChatGPT 'better taste' when generating writing, said Nick Turley, who leads work on the chatbot. OpenAI's new AI software can also answer queries using a process dubbed reasoning that shows the user a series of messages attempting to break down a question into steps before giving its final answer. 'GPT-5 is the first time that it really feels like talking to an expert, a PhD-level expert,' OpenAI CEO Sam Altman said. Altman said GPT-5 is particularly good at generating computer programming code, a feature that has become a major selling point for OpenAI and rival AI developers and has transformed the work of programmers. In a demo, the company showed how two paragraphs of instruction was enough to have GPT-5 create a simple website offering tutoring in French, complete with a word game and daily vocabulary tests. Execs say ChatGPT users can now connect the app with their Google calendars and email accounts. Photo / Getty Images Altman predicted that people without any computer science training will one day be able to quickly and easily generate any kind of software they need to help them at work or with other tasks. 'This idea of software on demand will be a defining part of the new GPT-5 era,' Altman said. Turley also claimed the upgrade made ChatGPT better at connecting with people. 'The thing that's really hard to put into words or quantify is the fact that just feels more human,' he said. In a livestream Thursday, OpenAI execs said ChatGPT users could now connect the app with their Google calendars and email accounts, allowing the chatbot to help people schedule activities around their existing plans. What does it mean for an AI chatbot to 'reason?' GPT-5 could give many people their first encounter with AI systems that attempt to work through a user's request step-by-step before giving a final answer. That so-called 'reasoning' process has become popular with AI companies because it can result in better answers on complex questions, particularly on math and coding tasks. Watching a chatbot generate a series of messages that read like an internal monologue can be alluring, but AI experts warn users not to confuse the technique with a peek into AI's black box. The self-chatter doesn't necessarily reflect an internal process like that of a human working on a problem, but designing chatbots to create what are sometimes dubbed 'chains of thought' forces the software to allocate more time and energy to a query. OpenAI released its first reasoning model in September for its paying users, but Chinese start-up DeepSeek in January released a free chatbot that made its 'chain of thought' visible to users, shocking Silicon Valley and temporarily tanking American tech stocks. The company said ChatGPT will now automatically send some queries to the 'reasoning' version of GPT-5, depending on the type of conversation and complexity of the questions asked. Is GPT-5 the 'super intelligence' or 'artificial general intelligence' OpenAI has promised? No. Tech leaders have for years been making claims that AI is improving so fast it will soon become able to learn and perform all tasks that humans can at or better than our own ability. But GPT-5 does not perform at that level. Super intelligence and artificial general intelligence, or AGI, remain ill-defined concepts because human intelligence is very different from the capabilities of computers, making comparisons tricky. OpenAI CEO Altman has been one of the biggest proponents of the idea that AI capabilities are increasing so rapidly that they will soon revolutionise many aspects of society. 'This is a significant step forward,' Altman said of GPT-5. 'I would say it's a significant fraction of the way to something very AGI-like.' Some people have alleged that loved ones were driven to violence, delusion or psychosis by hours spent talking to ChatGPT. Photo / Getty Images Does GPT-5 change ChatGPT's personality? Changes OpenAI made to ChatGPT in April triggered backlash online after examples of the chatbot appearing to flatter or manipulate users went viral. The company undid the update, saying an attempt to enhance the chatbot's personality and make it more personalised instead led it to reinforce user beliefs in potentially dangerous ways, a phenomenon the industry calls 'sycophancy'. OpenAI said it worked to reduce that tendency further in GPT-5. As AI companies compete to keep users engaged with their chatbots, they could make them compelling in potentially harmful ways, similar to social media feeds, The Washington Post reported in May. In recent months, some people have alleged that loved ones were driven to violence, delusion or psychosis by hours spent talking to ChatGPT. Lawsuits against other AI developers claim their chatbots contributed to incidents of self-harm and suicide by teens. OpenAI released a report on GPT-5's capabilities and limits Thursday that said the company looked closely at the risks of psychosocial harms and worked with Microsoft to probe the new AI system. It said the reasoning version of GPT-5 could still 'be improved on detecting and responding to some specific situations where someone appears to be experiencing mental or emotional distress'. Earlier this week, OpenAI said in a blog post it was working with physicians across more than 30 countries, including psychiatrists and paediatricians, to improve how ChatGPT responds to people in moments of distress. Turley, the head of ChatGPT, said the company is not optimising ChatGPT for engagement.
Techday NZ
11 hours ago
- Techday NZ
Exclusive: Garrett O'Hara on Mimecast's AI fight against cyber risk
In a world where cyberattacks are growing more sophisticated and frequent, organisations are increasingly focusing on what Garrett O'Hara calls the "most unpredictable element in security" - humans. Speaking during a recent interview, Garrett O'Hara, Senior Director of Solutions Engineering for APAC at Mimecast, explained how artificial intelligence (AI) is now being deployed to manage and mitigate human risk at scale. "Human risk is anything people can do that exposes an organisation to risk, either by accident or intent," he said. "Most of the time, it's not malicious - it's tiredness, deadlines, or someone trying to do their job more efficiently." He pointed out that employees often unintentionally bypass security policies under pressure. "They might upload sensitive documents to a personal drive just so they can work from home, not realising the huge risk that introduces," he added. AI tools, while offering productivity benefits, have also opened new doors for attackers. "We're seeing employees use tools like ChatGPT to summarise documents or create presentations, not realising they're potentially uploading sensitive corporate data to third-party platforms," he said. On the flip side, O'Hara said AI is a vital asset in the fight against these new types of threats. "AI is incredibly good at detecting patterns and threats that traditional methods might miss. For example, analysing URLs for slight variations that indicate a phishing attempt or identifying AI-generated scam emails." He described how phishing campaigns have become almost indistinguishable from genuine communications. "The old advice about bad grammar or strange formatting doesn't apply anymore. With AI, attackers are producing flawless emails in seconds," he said. "But the good news is that AI on the defensive side is just as powerful." Mimecast's platform uses AI throughout its stack, from sandboxing and behavioural analysis to identifying language markers in emails associated with business email compromise (BEC). "We look for those AI fingerprints - which often show up in machine-generated messages," he explained. For example, if there was an email that simulates a CEO urgently requesting staff to buy gift cards - a common BEC tactic - Mimecast's AI can intercept it. "Instead of an employee reacting to that urgency, we use AI to throw bubble wrap around them, flagging the threat before any action is taken," he said. Trust in AI is still an issue, however. "It's a double-edged sword," O'Hara acknowledged. "There's hype fatigue in cybersecurity - zero trust, now AI. And the problem is when vendors slap 'AI' onto everything, it erodes trust." He noted that some vendors rely solely on AI, which leads to high false positive rates and overburdened security teams. "AI is probability-based. Without cross-checking, it can trigger too many false alarms, and analysts burn out sifting through them," he said. "Our platform uses a layered approach - AI decisions are supported by additional checks across other systems, improving accuracy." Mimecast has gone a step further by achieving ISO certification for ethical use of AI, addressing concerns about bias and data misuse. "Transparency matters. You need to understand how the model works, especially if it goes off track," he said. "That's why we plan for machine unlearning - to rollback models if they learn something they shouldn't." Looking ahead, O'Hara envisions a future where AI acts as a sort of digital guardian angel. "Imagine a Clippy-like assistant - but useful - that knows your role, your habits, and quietly keeps you safe behind the scenes," he said. He also discussed how application programming interfaces (APIs) play a crucial role in integrating Mimecast's human risk platform with other systems. "We pull in data from HR, endpoint and identity platforms to paint a picture of risk - right down to the individual level," he explained. "If someone's on notice or switching roles, their risk profile changes. APIs help us adapt protection accordingly." Importantly, AI in cybersecurity is no longer just about detection and defence. Mimecast also uses it for prediction and prevention. "With data from 44,000 companies and billions of emails daily, our AI tools can identify emerging threats early and act before damage is done," he said. "That's where we're moving - from reactive to proactive security." But for smaller organisations, predictive security can seem out of reach. "The average Australian SMB doesn't have the budget or capacity for that level of protection," he noted. "We offer it as a service - so they benefit without the overhead." As for the future of cybersecurity training, O'Hara predicts a shift from generic instruction to highly tailored behavioural nudges. "Instead of monthly sessions, we'll see hyper-contextual, AI-generated interventions in the moment," he said. "That's the power of AI - it knows how to reach each individual in a way that resonates." He added that balancing automation with human oversight remains a key concern. "Right now, most organisations use automation to assist - not replace - analysts. And that's wise," he said. "False positives can grind a business to a halt if something like Salesforce gets blocked. But as AI improves, that balance will shift." Ultimately, he believes that the most exciting developments are still unknown. "I'm genuinely excited by what we don't yet see coming," he said. "AI has unlocked possibilities that feel like magic." And while security teams dream of AI replacing their most tedious tasks, O'Hara points out there's a long way to go. "If AI can act like Cinderella's godmother - guiding users to return home just before the stroke of midnight - then we're on the right track," he said.
Techday NZ
13 hours ago
- Techday NZ
GigaChat AI assistant achieves 93% accuracy in medical diagnoses
SberHealth's GigaChat-powered artificial intelligence assistant has demonstrated a diagnostic accuracy rate of 93% during recent tests conducted by the Artificial Intelligence Research Institute (AIRI). The experiment involved the AI healthcare assistant, which is based on the GigaChat neural network model, diagnosing 30 real clinical cases that were randomly selected from the New England Journal of Medicine. These cases varied in complexity, and the testing methodology used was similar to an experiment conducted by Microsoft to verify its own AI diagnostic orchestrator, MAI-DxO. According to AIRI, the SberHealth system established correct diagnoses in 28 out of 30 cases, while a comparable foreign solution recorded an 85% accuracy rate. The AI assistant operated with limited initial data, receiving only the patient's gender, age and symptoms before interacting through simulated doctor-patient dialogues. It followed a sequence of requesting additional clinical tests, imaging, or consultation information as needed to make diagnoses. The median number of dialogue turns between the AI and the simulated patient was three, indicating a relatively high speed of decision-making. Sergey Zhdanov, Director of the Healthcare Industry Centre at Sberbank, said: "The experiment demonstrated that our technology is not only competitive but also sets new standards in medical diagnostics worldwide. We observe how multi-agent architecture speeds up and enhances the diagnostic process. It's particularly important that the system exhibits flexibility: it revises hypotheses, requests additional data, and even responds to the emotional presentation of clinical scenarios. In the future, this opens up opportunities for interdisciplinary care teams, with AI serving as a reliable assistant to physicians." During the experiment, each clinical case was labelled by level of difficulty. The AI system was able to successfully identify and diagnose several rare conditions, including Whipple disease, which it recognised in one step, aceruloplasminemia, identified in six moves, and rasburicase-induced methemoglobinemia. The assistant's performance was characterised by several features, according to researchers. It typically completed diagnoses in three moves, deployed logical reasoning, and handled both rare and complex pathologies. The system was also noted for its ability to blend clinical accuracy with a dialogue logic that could adapt effectively to different presentation styles, which included effectively responding to emotional cues in simulated scenarios. Ivan Oseledets, Chief Executive Officer of AIRI, commented: "Today, multi-agent systems are capable of confidently identifying rare, masked pathologies that go beyond typical emergency department algorithms. Can a medical AI assistant adjust its hypothesis in time, discarding the most probable but incorrect pathway? The AI assistant proved it could, doing so faster than anticipated by a seasoned observer with 15 years of medical experience." The researchers at AIRI described the experiment as exploratory and indicated that further development is planned. They have proposed expanding the sample size by incorporating additional cases from other medical journals to investigate the capabilities of the assistant more widely. The system's potential uses were not limited solely to practical medicine but also extended to the area of physician training, where it could offer realistic simulations of complex clinical cases. The GigaChat-based assistant is a product of cooperation between AIRI and SberMedAI. Since its introduction, it has been piloted in the SberHealth app and has already been used over 160,000 times in real conditions to assist people seeking medical support. Follow us on: Share on:
