Black Hat USA 2025 announced the general availability of CrowdStrike Signal, a new class of AI-powered detection engines that surface the undetectable threats others miss – before they escalate. Signal uses self-learning models for every host to understand what’s normal in that environment across time, systems, and users. It pinpoints subtle, early-stage threat activity and connects related behaviors – before traditional tools act. This correlation builds high-confidence patterns that reveal stealthy attacker behavior before others can, giving defenders a clear starting point to act. Self-learning AI to Understand the Customer Environment: Signal continuously models behavior for each user, host, and process, adapting over time to surface meaningful deviations. Unlike static rules or pre-trained models, it delivers early-stage detection without manual configuration or constant adjustment. Real-time Detection of Stealthy Tradecraft Others Miss: Signal links subtle behaviors often used by attackers – but also commonly seen on benign hosts – such as the use of living-off-the-land tools for reconnaissance or applications running from temporary directories. This low-signal activity may appear benign in isolation, but analyzed earlier, over time and context, it reveals attacker activity that would otherwise go unnoticed. High-confidence Leads Reduce Alert Volume, Accelerate Response: Signal condenses a vast number of behaviors and detections into a small set of high-fidelity leads. It surfaces early indicators of compromise, reduces false positives, and groups related activity into a single starting point to eliminate manual triage and speed investigation, hunting, and response.