Artificial intelligence is no longer just a tool for innovation—it’s also the adversary’s new weapon. The latest CrowdStrike 2025 Threat Hunting Report reveals a stark reality: attackers are leveraging GenAI to write code, exploit systems, and launch coordinated strikes at machine speed. As enterprises face AI-native threats that evolve faster than human response, cybersecurity must shift from reactive protection to adaptive, autonomous defense. In this exclusive conversation with CISO Forum, Kartik Shahani, Vice President – India & SAARC at CrowdStrike, explains why identity has become the new perimeter, how agentic security platforms can reason and act in real time, and what it takes for organizations to stay secure in an era where AI is both the attacker and the defense.
Vice President of India and SAARC
CrowdStrike
CISO Forum: How is the rise of AI-native threats reshaping enterprise defense strategies, and what does it take to build truly adaptive, autonomous security systems?
Kartik Shahani: The CrowdStrike 2025 Threat Hunting Report reveals a significant shift in how modern cyberattacks unfold, with adversaries weaponizing AI to accelerate their attacks and scale their operations. Adversaries such as FAMOUS CHOLLIMA integrate GenAI into their sophisticated insider operations, while eCrime actors utilise AI to generate scripts, solve technical problems, and build malware.
Organisations must empower their defenses with AI to evolve from reactive response to a proactive security approach that can disrupt AI-driven threats with machine speed. AI agents operating under human command that can reason, prioritise, and act across identity, endpoint, and cloud data in real-time are the future of security operations.
The Falcon Agentic Security Platform provides the foundation for autonomous security operations, with the industry’s richest AI-ready data layer and revolutionary capabilities to operationalize AI securely, intelligently, and at scale. CrowdStrike’s Agentic Security Workforce provides analysts with an expanding set of mission-ready agents they can command to eliminate time-consuming tasks better suited to machines, completing workflows in minutes that previously took hours or even days. Charlotte Agentic SOAR is a step change in agent-to-agent and analyst-to-agent collaboration, which enables defenders to orchestrate agents across the security lifecycle, connecting context and data, so they can reason and act dynamically together in real time, under human command.
CISO Forum: As cloud, endpoint, and identity layers converge, what architectural shifts are needed to ensure unified visibility at scale?
Kartik Shahani: Identity is the new perimeter. Attackers no longer break in, they log in as trusted users with stolen, legitimate credentials. Cloud environments are a common entry point for adversaries’ identity-driven attacks, as they seek to exploit cloud data, configurations and controls to gain access into organisations’ systems. Once inside, attackers move laterally across identity, endpoint, and cloud domains, blending in with normal traffic. Identity-based attacks are highly prevalent, with 81% of intrusions now malware-free.
Adopting a unified security approach ensures organisations have the security capabilities to defend against identity-based, cross-domain attacks. While modern security platforms continue to be enhanced by new innovations and capabilities, organisations must have a consolidated security architecture to stop breaches. It must be single-agent, single-platform, single-console, where each module shares data and insights with the other to power advanced AI that correlates platform-wide activity, providing full visibility across domains, and delivers machine-speed detection and response.
CISO Forum: With generative AI becoming both a productivity enabler and an attack vector, how can organizations safeguard their models, data pipelines, and intellectual property?
Kartik Shahani: As organisations adopt co-pilots, GPTs, and GenAI systems to transform their operations and workflows across every function, they are expanding their attack surfaces. Adversaries are targeting organisation’s AI adoption by stealing models, poisoning data, injecting prompts, and hijacking agents.
To safeguard their AI adoption, organisations must ensure they have the right security capabilities. AI Security Posture Management (AI-SPM) provides organisations with comprehensive visibility and protection for AI models by detecting misconfigurations and identifying vulnerabilities, and AI Detection and Response (AIDR) secures data, models, agents, identities, infrastructure, and interactions from organisations’ AI development through to workforce usage.
Solutions like CrowdStrike Falcon Shield secure AI agents across the SaaS stack, by providing agent visibility, mapping agents to human creators, detecting risky behavior, and enabling automatic threat containment. While the latest data protection innovations provide real-time, unified security for how data moves in the AI era.
CISO Forum: What role will threat intelligence and real-time telemetry play in moving from reactive security to predictive, pre-emptive defense?
Kartik Shahani: Adversaries’ weaponization of AI is compressing the attack timeline by turning operations that previously took months into seconds and collapsing the defenders’ window to respond. This evolution in attack speed requires organisations to transform their threat detection and intelligence capabilities beyond alerting defenders to actively countering threats at the speed of AI.
CrowdStrike’s Threat AI — cybersecurity’s first agentic threat intelligence system — automates the most complex, time-consuming intelligence workflows to accelerate security outcomes. Informed by over a decade of real-world decisions from CrowdStrike Counter Adversary Operations’ elite threat hunters and intelligence experts, Threat AI delivers mission-ready agents for security analysts that actively reason across threat data, proactively hunt adversaries, and take decisive action across the kill chain. Threat AI rapidly accelerates defenders’ investigation and threat responses, by eliminating high-friction tasks better suited to machines, while ensuring they remain firmly in command.
CISO Forum: As emerging technologies—from edge computing to autonomous systems—expand the attack surface, what principles should define organisations’ security architecture?
Kartik Shahani: Organisations need a modern security architecture that eliminates the complexity and gaps created by fragmented point security tools, enables them to detect and respond at machine speed, and empowers them to safely and securely use AI. By adopting an AI-native, unified security platform, organisations can simplify their operations through consolidation, establish comprehensive visibility across their attack surfaces, deploy force-multiplying agentic security capabilities that detect and respond to threats at the speed of AI, and secure their AI solutions and models. CrowdStrike’s AI-native, unified Falcon platform delivers on these principles through its consolidated, single agent, and single platform architecture that empowers organisations to stop breaches in today’s AI-driven threat landscape.
CISO Forum: How do your solutions help enterprises address current cybersecurity challenges while balancing risk, compliance, and operational efficiency?
Kartik Shahani: AI agents do not replace skilled human defenders, they augment their capabilities and improve security outcomes. This means that humans must remain in control and responsible for decisions, with analysts setting the mission and intelligent agents handling repetitive, time-consuming, and data-intensive tasks at machine speed.
Enterprises should ensure the security agents they deploy have effective governance and guardrails that ensure full transparency and compliance. Without human oversight, risks emerge in deploying AI agents and control is removed. By ensuring humans remain in control, AI-driven solutions and agents can be deployed responsibly and confidently.
For example, CrowdStrike Charlotte AI’s agentic capabilities operate within a bounded autonomy framework that provides accountability, oversight and human definition of how and when agents can act, and what data they act on. Charlotte AI also respects role-based access controls and auditability requirements, enabling enterprises in highly-regulated industries to benefit from its game-changing capabilities.
