CrowdStrike expands QuiltWorks with cyber insurers

CrowdStrike has expanded Project QuiltWorks to include cyber insurance groups and brokers, broadening the framework from technical AI security work to financial risk mitigation.

The companies named in the expanded programme are Coalition, Liberty Mutual Insurance, Lockton, Resilience and Marsh. The model is intended to help organisations assess frontier AI exposure across vulnerability discovery, remediation and insurance-related financial protection.

The development reflects growing concern in the cyber sector that advances in AI are shortening the time between the discovery of a weakness and its exploitation. Insurers and brokers increasingly want better visibility into how companies manage those risks before offering or renewing cover.

Project QuiltWorks was introduced as a framework for identifying and prioritising frontier AI risk. With the addition of insurers and brokers, it now also covers actuarial analysis, underwriting input and claims-related financial mitigation.

The model uses AI systems from OpenAI and Anthropic alongside CrowdStrike's own vulnerability discovery and threat intelligence tools. It also combines those findings with remediation services from systems integrators, though those firms were not identified in the announcement.

CrowdStrike argued that the insurance element could give boards a clearer view of the balance-sheet impact of cyber incidents linked to frontier AI. That includes estimating financial exposure, deciding which risks matter most and creating a path towards obtaining or retaining cyber insurance cover.

Daniel Bernard, chief business officer at CrowdStrike, set out the company's position on the expanded model.

"Frontier AI risk doesn't stop at technology, it lands on the balance sheet," said Daniel Bernard, chief business officer at CrowdStrike. "Project QuiltWorks is the only framework that delivers the technology to identify and prioritise, the services to remediate, and the financial protection to secure against it. That's how CrowdStrike defines the standard."

Insurance focus

The addition of cyber insurance groups points to a closer link between security operations and underwriting decisions. Insurers have been pushing for stronger controls, more continuous monitoring and clearer evidence of remediation as losses from cyber attacks become more expensive and harder to predict.

The expanded framework is designed to create a feedback loop between vulnerability discovery, threat intelligence, remediation work and insurance data. In practice, underwriting teams and clients would use a shared view of exposure to decide how to reduce risk and how to insure it.

Coalition, one of the participants, said the initiative aligns with its existing model of combining security monitoring with insurance.

"Frontier AI is collapsing the window between vulnerability and loss, which makes continuous visibility and proactive risk mitigation more important than ever. Coalition's approach combines continuous cybersecurity monitoring, response, and expert guidance with comprehensive insurance coverage to help organisations reduce their exposure before an incident can become a claim. Project QuiltWorks extends our approach to frontier AI risk, helping organisations better understand their potential exposure through security intelligence and take action through coordinated remediation before an attack can lead to a financial loss," said Tim MalcomVetter, general manager of security at Coalition.

Lockton also pointed to rising client demand for more precise assessments of AI-related cyber exposure.

"Frontier AI is accelerating how quickly technical exposures become operational and financial impact. As advisors helping organisations manage complex risk, Lockton sees growing demand for greater visibility into frontier AI exposure and a clearer path to mitigation. Through Project QuiltWorks, Lockton and CrowdStrike are giving our clients the coordinated framework they need to get ahead of frontier AI risk, and the financial protection to manage it," said Michelle Faylo, U.S. cyber & technology leader at Lockton.

Board scrutiny

The emphasis on financial modelling and insurance comes as boards face tougher questions over cyber resilience, especially where AI tools may increase both attack speed and the volume of exploitable weaknesses. Security teams have long used scoring systems such as CVSS to rank vulnerabilities, but insurers increasingly look for broader indicators of likely business loss.

QuiltWorks aims to prioritise exposures by combining adversary intelligence, vulnerability telemetry and underwriting insight. The goal is to focus attention on the weaknesses most likely to lead to operational disruption or insured losses, rather than on technical severity alone.

Resilience, another participant in the programme, said companies need a way to distinguish between theoretical risk and material financial exposure.

"Frontier AI is accelerating the speed at which vulnerabilities become material business exposure, and the financial stakes have never been higher. Enterprises need a way to sift through the noise and determine which exposures translate into financial risk. The Resilience Risk Operations Centre (ROC) was built as a way to address this reality: it is unfeasible to secure everything, instead organisations must protect against the threats that pose the most material risk to their business. Taking part in Project QuiltWorks helps us stay ahead of the cyber risk created by frontier AI, enabling us to further inform how we analyse financial exposure for our clients," said Jud Dressler, head of risk operations at Resilience.