CrowdStrike has signed a definitive agreement to acquire SGNL as it looks to strengthen identity security for human, non-human and AI-driven identities operating across modern cloud environments.
The acquisition is aimed at extending CrowdStrike’s Falcon platform with continuous, risk-based authorisation that dynamically grants and revokes access in real time. The move reflects the growing role of identity as a primary attack surface, particularly as organisations deploy autonomous AI agents and non-human identities (NHIs) with broad system access.
Identity security in the AI era
According to CrowdStrike, the rise of agentic AI and machine identities is reshaping how access and privilege must be managed. Unlike traditional user accounts, AI agents and NHIs are created dynamically across SaaS platforms and hyperscaler cloud environments, often operating with elevated privileges and minimal human oversight.
Legacy identity and access models—built around static policies and standing privileges—struggle to reassess risk as conditions change, creating exposure when identities continue to operate autonomously. CrowdStrike said the acquisition of SGNL is intended to address this gap by introducing continuous, real-time access enforcement across modern identity systems.
Commenting on the acquisition, George Kurtz, CEO and founder of CrowdStrike, said, “AI agents operate with superhuman speed and access, making every agent a privileged identity that must be protected. With SGNL, CrowdStrike will deliver continuous, real-time access control that eliminates the known and unknown gaps from legacy standing privileges. We’re disrupting the premise of modern privilege and access – for every identity, human or machine. This is identity security built for the AI era.”
Market growth and strategic context
Identity security is one of the fastest-growing segments in cybersecurity. According to IDC, the market is expected to grow from approximately $29 billion in 2025 to $56 billion by 2029. This growth is being driven by cloud adoption, SaaS sprawl and the increasing use of non-human and AI-driven identities across enterprise environments.
CrowdStrike’s Falcon Next-Gen Identity Security already spans identity threat detection and response (ITDR), privileged access management, SaaS identity security and hybrid identity protection. By integrating SGNL, the company plans to add a runtime access enforcement layer that operates between identity providers and the SaaS and cloud resources those identities access.
What SGNL adds to the Falcon platform
SGNL functions as a real-time access control layer that evaluates identity, device posture and behaviour continuously. When combined with Falcon platform intelligence, the technology enables access to be granted only when needed and revoked as soon as risk conditions change.
According to CrowdStrike, the combined capabilities will extend just-in-time access beyond traditional directories to cloud-native identity systems such as AWS IAM, Okta and other SaaS platforms. It also introduces Continuous Access Evaluation Protocol (CAEP)-driven enforcement, enabling access revocation beyond the identity provider and into downstream applications and services.
The integration is expected to help organisations reduce risks associated with misconfigurations, lateral movement and privilege escalation across on-premises, SaaS and cloud environments.
SGNL’s perspective
SGNL was founded to address the disconnect between static access models and real-world business risk. Scott Kriz, CEO and co-founder of SGNL, said the acquisition would allow the company’s technology to operate at global scale.
He also said, “SGNL was founded to connect access decisions with business reality. The world needs our technology to eradicate the significant risk that legacy standing privileges expose in today and tomorrow’s environments. Joining CrowdStrike provides us with global scale natively through cybersecurity’s leading platform to transform enterprise security with Continuous Identity, furthering CrowdStrike’s mission of stopping breaches.”
Toward continuous identity control
The acquisition underscores a broader shift in enterprise security architectures, where identity is increasingly treated as a dynamic, continuously evaluated control plane rather than a static gatekeeper. As AI agents, automation and non-human identities become embedded into business processes, security leaders are being forced to rethink how access is granted, monitored and revoked.
With SGNL, CrowdStrike is positioning its Falcon platform to address these emerging risks by making identity security adaptive, real-time and tightly integrated with threat intelligence—an approach increasingly viewed as essential in AI-driven enterprise environments.