CrowdStrike has announced an expansion of Project QuiltWorks, its coalition focused on identifying and reducing security risks associated with “frontier” AI adoption, and separately introduced Falcon OverWatch for Defender, a managed threat hunting service for organisations using Microsoft Defender.
In an update released on May 5, CrowdStrike said Project QuiltWorks is now joined by Armadin, Cognizant, HCLTech, Infosys, KPMG, NTT DATA, Tata Consultancy Services (TCS) and Wipro Limited. The company said the initiative uses frontier models from OpenAI and Anthropic to support vulnerability discovery and prioritisation, alongside remediation services delivered through partners including Accenture, EY, IBM Cybersecurity Services and Kroll.
Daniel Bernard, chief business officer at CrowdStrike, said: “QuiltWorks proved that frontier AI can find what traditional tools miss, and partners saw the results. Now, more of the industry is joining the coalition to deliver AI-powered discovery, adversary-informed prioritisation, and remediation at enterprise scale.”
CrowdStrike’s release included early results from the program. It said an EY Fortune 100 customer identified nearly 45 million vulnerabilities “within hours” of using QuiltWorks, including issues that had gone undetected for years. It also said Accenture has built 27 “mission-ready agents” on the Falcon platform to automate elements of vulnerability assessment, prioritisation, controls and reporting.
As part of the QuiltWorks update, CrowdStrike said it is integrating Anthropic’s Opus 4.7 across the Falcon platform. It also described Armadin’s “AI attacker” as integrating with Falcon to deliver “continuous agentic hyperattacks” across infrastructure, identity and endpoints, with the aim of surfacing AI-related risk.
The expanded coalition comes as organisations assess how rapidly-developing AI capabilities change the vulnerability landscape, including how quickly new flaws may be found and exploited and how much effort is required to prioritise remediation at scale. CrowdStrike’s announcement highlights a broader trend of security vendors and systems integrators positioning AI-driven discovery and continuous testing as a response to shrinking timelines between vulnerability disclosure, exploit development and real-world abuse.
In a separate announcement, CrowdStrike introduced Falcon OverWatch for Defender, which it described as extending its managed threat hunting service to Microsoft endpoint customers. The company said the service is intended to add “continuous expert monitoring” and additional detection and response capabilities for customers standardised on Microsoft Defender.
Adam Meyers, head of counter adversary operations at CrowdStrike, said: “Today’s attacks are stealthy, fast-moving, and designed to evade detection, making expert-led threat hunting essential. OverWatch for Defender extends proven threat hunting to Microsoft environments, delivering the security outcome customers need most: stopping the breach.”
CrowdStrike cited figures from its 2026 Global Threat Report, including that 82% of detections in 2025 were malware-free, and said attackers increasingly use trusted identities and legitimate tools. The company also referenced “breakout times as fast as 27 seconds” as a driver for more continuous monitoring and intelligence-led hunting.
CrowdStrike said OverWatch for Defender includes intelligence-driven hunting, AI-assisted analysis of large volumes of telemetry, and what it called “power of the crowd” visibility across its customer base. The release also referenced customer results that it said included reductions in alert volume and threat hunting staffing costs, though the company did not provide independent verification details in the announcement.
CrowdStrike said Project QuiltWorks and Falcon OverWatch for Defender are available immediately.
