CrowdStrike and Check Point are both doubling down on securing the fast-expanding AI threat surface by acquiring startups that beef up their ability to defend against prompt injection, data leakage, and other AI-native security risks. CrowdStrike is purchasing Pangea for about US$260 million, integrating its technologies into the Falcon platform to deliver what they’re calling the first full AI Detection and Response (AIDR), which covers not only traditional assets like endpoints and cloud workloads but also interactions — prompts, responses, and agent communications. Check Point is acquiring Lakera, an AI-native security specialist, to fill in gaps around runtime protection, AI-agent risks, and model governance. Lakera’s tools—Lakera Guard and Lakera Red—will feed into Check Point’s GenAI Protect and Infinity suite, aiming to secure the full AI lifecycle. The terms weren’t disclosed, but the deal is expected to close in Q4 2025.
Sources: SiliconANGLE, Check Point Software
Key Takeaways
– Enterprises can’t treat AI like just another application: New attack vectors (prompt injection, malicious outputs, shadow AI) mean that companies must secure not only infrastructure, data, identity, etc., but also how AI models are used and interacted with.
– Speed + precision matter: Both acquisitions stress low latency detection of threats (e.g. sub-30ms for Pangea, sub-50ms for Lakera) and high efficacy, because delays or false positives in AI interactions hurt usability.
– Full lifecycle / stack integration is the trend: Rather than bolting on point solutions, these moves show a desire to integrate AI-security deeply—into development, deployment, runtime, governance—to offer more holistic protection.
In-Depth
In a moment where generative AI, large language models, and autonomous agents are increasingly woven into business operations—from customer service bots to internal decision-making assistants—security concerns are growing just as fast. CrowdStrike and Check Point, two major players in cybersecurity, are making strategic acquisitions aimed precisely at closing the emerging gaps in AI risk protection.
CrowdStrike’s acquisition of Pangea for roughly US$260 million is about reinforcing the “interaction layer” — the space where employees or agents issue prompts, models generate responses, or AI agents communicate. Pangea’s technology includes browser extensions and an AI gateway that can filter prompts to strip out sensitive data, detect malicious content, and prevent attempts to trick AI models into compromising security. This gets folded into CrowdStrike’s Falcon platform, advancing what they’re calling AI Detection and Response, or AIDR. The idea is to unify detection, compliance, governance, and enforcement across the full AI lifecycle—not just when AI is deployed, but when people are using it, developing it, and potentially misusing it. What’s notable is the performance metrics: CrowdStrike claims Pangea can block up to 99% of malicious prompts with latency under 30 milliseconds. For many enterprises, that level of speed is critical—to avoid disrupting workflow while still catching threats.
Meanwhile, Check Point’s deal for Lakera is focused on delivering “end-to-end AI security.” Lakera brings tools like Lakera Guard and Lakera Red, which respectively provide real-time runtime protection and vulnerability assessments before deployment. These tools target threats such as prompt injection, model manipulation, data leaks, and risks from autonomous agent behavior. Lakera was built from the ground up for these challenges, operating out of both Zurich and San Francisco, with research expertise and performance claims that include detection rates over 98% and latencies under 50ms, alongside very low false positives. When the acquisition is finalized (expected in Q4 2025), Lakera will become the foundation of a Global Center of Excellence for AI Security within Check Point, integrated into their Infinity architecture and past protections (endpoints, cloud, AI models) to offer a full-lifecycle stack.
These acquisitions aren’t happening in isolation. They reflect a broader industry shift: where AI adoption outpaces existing security tools’ capabilities. With more organizations grappling with “shadow AI” (i.e. AI tools used without full governance), “prompt injection” attacks, and model misuse, there’s pressure to build protections that are preventive, not just reactive. The demand is clear: companies want tools that secure AI without slowing it down, that provide visibility into what’s happening under the hood (prompts, models, agents), and that integrate seamlessly with existing platforms.
From a conservative perspective when it comes to risk—whether reputational, regulatory, or operational—the logic is solid. The costs of data exposure, compliance failures, or model manipulation can be enormous. Investments like these signal that cybersecurity vendors are hearing that message and taking steps. The acquisitions by CrowdStrike and Check Point may give customers more confidence in using AI broadly, but the trick will be maintaining robust threat detection without imposing friction or stifling innovation. As these integrations roll out, we’ll be watching how well the claims (latency, detection efficacy, false positive rates) hold up in real-world deployment.