CrowdStrike acquires Pangea Cyber for $260 million to boost AI security
CrowdStrike announced Tuesday that it will acquire Pangea Cyber in a deal valued at roughly $260 million, underscoring growing concerns about the security risks tied to the rapid adoption of generative AI platforms across industries. The transaction is expected to close this quarter.
Founded in 2021 and based in Palo Alto, Calif., Pangea Cyber focuses on monitoring interactions between AI systems, users, and corporate networks. Its technology is designed to prevent prompt injection attacks, a technique where hackers manipulate large language models (LLMs) into disregarding safety controls. Such exploits can cause an AI system to leak sensitive data or execute harmful actions.
CrowdStrike CEO George Kurtz likened the current landscape of AI security to a “Wild West,” noting that businesses are still in the early stages of grappling with the risks.
“It’s probably the top of the first inning in terms of AI,” Kurtz said.
AI Security Under Siege
As enterprises integrate AI tools to automate workflows and, in some cases, replace human roles, vulnerabilities are becoming more apparent. Earlier this year, AI startup Anthropic disclosed incidents where attackers used prompt injection on its Claude platform. The method allowed hackers to bypass guardrails through tactics such as role-playing or overwhelming the model with excessive input—at times persuading the AI to generate malicious code.
Kurtz said CrowdStrike is observing novel AI-driven threats, including malware leveraging public AI systems to optimize data harvesting. Another emerging tactic, known as indirect prompt injection, hides malicious prompts inside emails that are later read by AI-powered email monitoring agents.
“Those are the crazy things that we see out there, and it’s only getting worse,” Kurtz warned.
Expanding AI Security Efforts
The acquisition of Pangea Cyber builds on CrowdStrike’s broader push into AI security. The company has recently struck partnerships with Nvidia and Amazon Web Services to develop AI application security solutions and rolled out products tailored to protecting sensitive data in AI environments.
Yet, Kurtz emphasized that the industry’s challenges extend beyond endpoint security, traditionally the cornerstone of cybersecurity. The rise of autonomous AI agents, which operate independently across corporate networks, presents a much larger and more complex attack surface.
“You’ve got lots of computers that are out there, but the number of AI agents will be many magnitudes larger in the future,” he said.
The Shadow AI Problem
Adding to the complexity is the rise of shadow AI—the use of AI platforms in workplaces without corporate oversight. A study from MIT in July found that while more than 90% of workers reported using commercial AI tools on the job, only 40% of companies had official subscriptions or security measures in place.
With the acquisition of Pangea, CrowdStrike is positioning itself to address one of the most urgent challenges in enterprise technology: securing AI systems before adversaries can exploit their vulnerabilities at scale.
