CrowdStrike expands QuiltWorks with AWS on AI security

CrowdStrike has expanded Project QuiltWorks with AWS and added new AI and cloud security features for AWS customers. The moves deepen CrowdStrike's work with AWS across cloud infrastructure and AI application security.

The Project QuiltWorks expansion brings AWS into a coalition focused on frontier AI risk, linking AWS cloud workloads to intelligence used for vulnerability discovery, prioritisation, remediation and financial protection.

Under the arrangement, organisations running workloads on AWS will gain ongoing visibility into vulnerabilities identified through QuiltWorks intelligence, helping them decide which issues to address first across their wider estates.

CrowdStrike also announced broader protections for AI applications built on AWS through its Falcon AI Detection and Response product, along with wider access to parts of the Falcon platform through AWS Marketplace trials and added integrations for cloud security operations.

QuiltWorks expansion

Project QuiltWorks was created to address risks linked to advanced AI systems by combining vulnerability discovery, remediation support and cyber insurance backing. By adding AWS, CrowdStrike is tying that framework more directly to the infrastructure layer where cloud workloads run.

The integration is intended to give enterprises using AWS a clearer view of vulnerabilities across applications and data, regardless of where those assets sit. AWS customers can also request a QuiltWorks assessment covering their current security programme, present position and remediation capacity.

Daniel Bernard, Chief Business Officer at CrowdStrike, said adding AWS connects the coalition's different layers more closely to production infrastructure.

"QuiltWorks was built to give every organisation a complete answer to frontier AI risk," Bernard said.

"With the addition of AWS, we've closed the loop: the technology to find and prioritise it, the services to fix it, the financial protection to mitigate it, and now the infrastructure where these workloads run. That's the coalition customers need," he added.

AWS said the pace of AI-led vulnerability discovery is changing how customers assess cloud risk.

"As AI accelerates the pace of vulnerability discovery, organisations need new ways to understand and address emerging risk," said Mona Chadha, Director of AI & Strategic Partnerships at AWS.

"By extending QuiltWorks intelligence to include those workloads running on AWS, we're helping customers gain greater visibility into risk across the cloud infrastructure that powers their most critical workloads," Chadha added.

AI security tools

The second announcement focused on AI applications built with AWS technologies, including Amazon Bedrock, Kiro and Strands Agents. CrowdStrike is extending Falcon AI Detection and Response to cover these environments, with monitoring of agent, large language model and Model Context Protocol communications.

The service is designed to detect issues such as prompt injection, sensitive data leakage and malicious AI activity during runtime. The changes are also intended to give customers continued visibility across AI development and deployment.

One addition is a Falcon MCP integration for Kiro, which allows developers to access CrowdStrike intelligence, detections and security context within coding workflows. CrowdStrike positioned this as a way to create feedback loops during the development of agentic applications.

These AI-focused measures sit alongside broader protection for the surrounding cloud stack through Falcon Next-Gen SIEM and Falcon Cloud Security, including controls related to non-human identities, credentials, data flows and misconfigurations in Amazon Bedrock and other AWS services.

"Organisations are rapidly moving AI applications from experimentation into production," said Daniel Bernard, Chief Business Officer at CrowdStrike. "Together, CrowdStrike is helping customers securely build, deploy and operate AI-powered applications on AWS, with protection that spans development, runtime, identities and cloud infrastructure."

Marketplace access

CrowdStrike also expanded commercial access to its products on AWS Marketplace by introducing 30-day free trials for Falcon Next-Gen SIEM, Falcon Cloud Security and Falcon Endpoint Security. Those offers follow the pay-as-you-go model already introduced for the Falcon platform in AWS Marketplace.

The trial structure is meant to give organisations a way to test the products before moving to usage-based pricing. This change also comes with new Quick Start connectors for Amazon CloudWatch and Amazon S3 access logs, which CrowdStrike said will simplify onboarding and help customers ingest AWS telemetry across multi-account and multi-region deployments.

It also introduced AWS PrivateLink cross-region support, allowing customers to route Falcon platform traffic across the AWS backbone rather than the public internet. CrowdStrike said the feature is intended to reduce internet exposure and lower data transfer costs for cloud-scale operations.

The announcements show how security vendors are responding as AI systems move from pilot projects into production and as the same technology changes the speed at which vulnerabilities can be identified and exploited. For CrowdStrike, the emphasis is on linking AI-specific monitoring with cloud infrastructure visibility inside AWS environments.