CrowdStrike widens QuiltWorks & launches Defender hunting

CrowdStrike has expanded Project QuiltWorks and launched Falcon OverWatch for Defender, widening its cybersecurity partner network and adding managed threat hunting for Microsoft endpoint users.

The expanded QuiltWorks coalition now includes Armadin, Cognizant, HCLTech, Infosys, KPMG, NTT DATA, Tata Consultancy Services and Wipro. It is focused on identifying, prioritising and remediating risks linked to the use of frontier artificial intelligence models.

Project QuiltWorks combines CrowdStrike's vulnerability discovery and prioritisation tools with remediation services from partners including Accenture, EY, IBM Cybersecurity Services and Kroll. The programme uses models from OpenAI and Anthropic.

CrowdStrike is also integrating Anthropic's Opus 4.7 across the Falcon platform and extending its vulnerability discovery work through QuiltWorks. It said the broader coalition will bring those services to more organisations across industries and regions.

As an early example, CrowdStrike cited an EY customer in the Fortune 100, where QuiltWorks identified nearly 45 million vulnerabilities within hours. Many of those issues had gone undetected for years.

Accenture has built 27 agents on the Falcon platform to automate vulnerability assessment, prioritisation, compensating controls and reporting. CrowdStrike said the tools are designed to increase the number of clients partners can serve.

Partner expansion

The latest additions extend QuiltWorks beyond its initial group of frontier labs and systems integrators. CrowdStrike said its partner network already includes more than 10,000 certified professionals working inside large enterprises.

Armadin is contributing an AI attacker product that integrates with the Falcon platform. The tool is intended to simulate continuous offensive testing across infrastructure, identity systems and endpoints.

"QuiltWorks proved that frontier AI can find what traditional tools miss, and partners saw the results," said Daniel Bernard, Chief Business Officer, CrowdStrike.

"Now, more of the industry is joining the coalition to deliver AI-powered discovery, adversary-informed prioritisation, and remediation at enterprise scale," he said.

Several partners described the expansion as a response to how quickly AI is changing cyber risk, pointing to the limits of periodic assessments and the need for continuous detection and remediation.

"As frontier AI collapses the exploit window, organisations can no longer rely on periodic assessments to understand their true risk. Continuous, autonomous offensive security is now a requirement. Project QuiltWorks is building the industry coalition needed to meet this moment, and Armadin is proud to stand alongside CrowdStrike and its partners to ensure every enterprise can move from exposure to resilience at machine speed," said Kevin Mandia, Chief Executive Officer, Armadin.

"Frontier AI is expanding the enterprise attack surface faster than traditional security programs can address and most organisations don't yet have the visibility or capacity to respond. Through Project QuiltWorks, Cognizant brings the global scale and deep enterprise expertise needed to help clients move from exposure to remediation," said Vishal Salvi, Global Head of Cognizant's Cybersecurity Service Line.

"Frontier AI models are identifying hidden vulnerabilities and significantly shortening response and remediation timelines. Enterprises must be prepared to strengthen their defences against increasingly sophisticated attacks. CrowdStrike's Project QuiltWorks, combined with TCS's deep cyber domain expertise and global delivery capabilities will help enterprises improve their security posture and operate with greater confidence in a complex threat landscape," said Ganesa Subramanian Vaikuntam, Vice President & Global Head, Cybersecurity Business Group, Tata Consultancy Services.

Defender push

Alongside the coalition expansion, CrowdStrike introduced Falcon OverWatch for Defender, a managed threat hunting service for organisations using Microsoft Defender on endpoints. The service extends CrowdStrike's OverWatch team into environments where customers have standardised on Microsoft's endpoint technology.

The offering is designed to identify threats that automated detections might miss. It adds continuous human-led monitoring, threat escalation and response guidance without replacing existing endpoint protections.

CrowdStrike linked the launch to changes in attacker behaviour. According to its 2026 Global Threat Report, 82% of detections in 2025 were malware-free, reflecting broader use of legitimate tools, trusted identities and AI-assisted techniques to avoid detection.

Breakout times can be as fast as 27 seconds, leaving little room for teams that rely only on alert-driven workflows. CrowdStrike added that its OverWatch team analyses up to 6.2 trillion events a day using proprietary detection patterns, AI and threat intelligence.

It tracks more than 280 nation-state, eCrime and hacktivist groups and uses those insights to guide hunting in customer environments. Visibility across its customer base also helps it apply newly observed attack techniques from one environment to others more quickly.

Customer results cited by CrowdStrike show Falcon OverWatch can reduce alert volume by up to 500 times, deliver 98% true positives and cut threat-hunting staffing costs by up to 95%. The Defender version is intended to bring the same model to Microsoft endpoint customers.

"Today's attacks are stealthy, fast-moving, and designed to evade detection, making expert-led threat hunting essential," said Adam Meyers, Head of Counter Adversary Operations, CrowdStrike.

"OverWatch for Defender extends proven threat hunting to Microsoft environments, delivering the security outcome customers need most: stopping the breach," he said.