CrowdStrike (NASDAQ: CRWD) has announced a definitive agreement to acquire SGNL, a continuous identity technology leader, a move designed to enhance its Next-Gen Identity Security offerings by enabling continuous access granting and revocation for human, non-human, and AI identities based on real-time risk.

The acquisition aims to extend dynamic authorization capabilities across SaaS and hyperscaler cloud access layers, integrating dynamic privilege and access with the Falcon platform’s intelligence to establish a new standard for agentic identity security.

George Kurtz, CEO and founder of CrowdStrike, stated, “AI agents operate with superhuman speed and access, making every agent a privileged identity that must be protected. With SGNL, CrowdStrike will deliver continuous, real-time access control that eliminates the known and unknown gaps from legacy standing privileges. We’re disrupting the premise of modern privilege and access – for every identity, human or machine. This is identity security built for the AI era.”

Identity security is recognized as a rapidly expanding segment within cybersecurity, with IDC projecting market growth from approximately $29 billion in 2025 to $56 billion by 2029. The proliferation of non-human identities (NHIs) and agentic workforces, which function as high-privilege identities accessing data, applications, and compute resources across distributed cloud paths, underscores the risk posed by static access policies and standing privileges. These traditional models are unable to adapt to changing threat conditions or revoke access dynamically, particularly as AI identities operate autonomously.

CrowdStrike’s Falcon Next-Gen Identity Security currently secures the hybrid identity lifecycle, encompassing initial access prevention, privileged access management (PAM), identity threat detection and response (ITDR), SaaS identity security, and agentic identity protection. The Falcon platform correlates identity, asset, and threat intelligence across endpoint, cloud, and SaaS environments, providing a foundation for continuous, risk-aware authorization.

SGNL functions as a runtime access enforcement layer situated between modern identity providers and various SaaS and hyperscaler resources utilized by individuals, NHIs, and AI agents. By integrating SGNL with real-time Falcon platform intelligence and risk signals, access decisions—granting, denying, or revoking—will be made continuously and dynamically as conditions evolve, effectively eliminating standing privilege access across all identities and environments.

The combined capabilities of SGNL and the Falcon platform are expected to eliminate standing privileges for human, NHI, and AI agents by granting access only when needed and revoking it immediately when not, driven by continuous dynamic authorization. It will extend Falcon Next-Gen Identity Security’s Just-in-Time access beyond Active Directory and Entra ID to include AWS IAM, Okta, and other cloud identity and SaaS systems. Furthermore, it will enhance Falcon’s asset intelligence and identity governance through Continuous Access Evaluation Protocol (CAEP)-driven enforcement, integrated into Falcon Fusion SOAR, to revoke access beyond the identity provider, prevent misconfiguration-driven breaches, and protect downstream applications and services. This integration aims to unify hybrid identity security across the entire attack chain, from initial access to privilege escalation and lateral movement, spanning on-premise, SaaS, and cloud environments.

Scott Kriz, CEO and co-founder of SGNL, commented, “SGNL was founded to connect access decisions with business reality. The world needs our technology to eradicate the significant risk that legacy standing privileges expose in today and tomorrow’s environments. Joining CrowdStrike provides us with global scale natively through cybersecurity’s leading platform to transform enterprise security with Continuous Identity, furthering CrowdStrike’s mission of stopping breaches.”

The transaction is expected to be paid predominantly in cash, with a portion delivered in the form of stock subject to vesting conditions. The acquisition is anticipated to close during CrowdStrike’s first quarter of fiscal year 2027, pending customary closing conditions, including regulatory clearances.