CrowdStrike, establishes the "Project Quiltworks" alliance to address the "new vulnerabilities" caused by AI.

CrowdStrike Holdings ($CRWD) has launched an industry alliance called “Project QuiltWorks,” aimed at addressing new software vulnerabilities exposed by cutting-edge artificial intelligence. The concept is to detect risks that traditional security scanners or manual code reviews might miss more quickly and directly connect them to actual remediation efforts.

Participants in the alliance include CrowdStrike, Accenture, Ernst & Young, IBM Security Services, Kroll, and OpenAI. Support for advanced AI models is provided by OpenAI and Anthropic. CrowdStrike explained that state-of-the-art AI models can identify logical errors, design flaws, configuration mistakes, and even new attack vectors, which means the window of opportunity for defending organizations between discovering vulnerabilities and responding to attacks is rapidly shrinking.

CrowdStrike CEO George Kurtz stated, “As cutting-edge AI accelerates vulnerability discovery, boards around the world are asking CISOs the same question,” “Are our organizations exposed to risk, and are we sufficiently protected? This is critical.” He emphasized that Project QuiltWorks is precisely a way for the industry to collectively answer these questions.

Focusing on ‘Practical Attack Feasibility’ rather than traditional CVSS scores

Project QuiltWorks operates on CrowdStrike’s Falcon platform. The platform processes trillions of security events daily and connects to a network of over 10,000 certified experts to support code-level remediation. Its core approach goes beyond traditional CVSS (Common Vulnerability Scoring System) prioritization methods by using attacker intelligence and attack path analysis to identify vulnerabilities that are truly exploitable.

This differs from simply reducing the number of vulnerabilities. Because when AI detects a surge in vulnerabilities, it becomes difficult to treat all alerts equally. This means response priorities must be determined by considering the actual accessible attack paths and the difficulty of exploitation.

Hapreet Sidhu, Global Head of Cybersecurity at Accenture, said the alliance will provide operational capabilities to address issues at the code level and help clients build enterprise-level defenses. David Cooper from Ernst & Young also noted that many organizations are not yet prepared to manage the new types of vulnerabilities created by cutting-edge AI.

Simultaneously launching a 12-month subscription service

With the alliance established, CrowdStrike also introduced the “Cutting-Edge AI Readiness and Resilience Service.” This is an annually renewable subscription product available for purchase via Falcon Flex Credits.

The new service includes: diagnostics of existing security programs, AI-based application and codebase scanning, red team prioritization analysis beyond CVSS, guided vulnerability remediation, and executive-level reporting briefings. Its key feature is that it is not a one-time check but a continuous, expert-led response process.

Mark Hughes, IBM Consulting’s head of cybersecurity, commented that this collaboration will expand IBM’s “Autonomous Security” approach, enabling it to manage new risk categories at “machine speed.” Doreen Stucky, IBM’s Chief Information Security Officer, also stated that through its “Trusted Access for Cyber” project, it aims to enhance the speed of vulnerability discovery and remediation across the entire ecosystem.

In the context of AI proliferation, the security market is shifting from ‘Detection’ to ‘Remediation’

This announcement indicates that AI has surpassed its role as a cybersecurity defense tool and has become a variable that generates new risks. If in the past, corporate security focused on discovering “what has vulnerabilities,” then in the future, understanding “which vulnerabilities could lead to actual attacks” and “how quickly we can fix them” will likely become more important.

Project QuiltWorks and AI vulnerability assessment services are now live. The market is closely watching whether this alliance can set a new standard for security response in the AI era. Especially considering that AI can detect vulnerabilities faster, corporate security competitiveness may increasingly depend on “remediation execution” rather than detection capability.

TP AI Notice: This article uses a language model based on TokenPost.ai for summarization. The main content may be omitted or may differ from the facts.