As artificial intelligence moves from experimentation into everyday enterprise operations, a familiar security assumption is starting to fail. Identity, long treated as a static permission set assigned to people, is now being stretched to accommodate non-human and autonomous actors that operate at machine speed and scale. The result is a widening gap between how access is granted and how risk actually evolves in real time.
That challenge is at the centre of CrowdStrike’s decision to acquire SGNL, a move that signals a broader rethinking of identity security for the era of AI agents and non-human identities. The acquisition is intended to extend CrowdStrike’s Falcon platform with what it describes as Continuous Identity, enabling access to be granted and revoked dynamically based on live risk signals rather than static policy.
The deal reflects a growing recognition that AI agents and automated services now function as privileged identities. These entities can access data, applications, cloud resources and even other agents, often without direct human oversight. Legacy identity models, built around standing privileges and periodic reviews, were not designed for this level of autonomy.
Why static access models are breaking down
Identity security has become one of the fastest growing areas in cybersecurity. According to IDC, the identity security market is expected to grow from around $29 billion in 2025 to $56 billion by 2029. That growth is being driven less by traditional user management and more by the complexity introduced by cloud services, SaaS platforms and now AI driven workloads.
Non-human identities and AI agents are typically created dynamically within cloud and SaaS environments. They operate across distributed access paths and often inherit broad permissions to function efficiently. Once granted, those privileges can persist even as conditions change, creating exposure if an agent is compromised or behaves unexpectedly.
CrowdStrike argues that this model is no longer sufficient. In its view, identity security for AI driven environments requires continuous risk evaluation and the ability to adjust access in real time. The acquisition of SGNL is designed to add that capability, allowing access decisions to reflect current device state, behaviour and threat context rather than historical assumptions.
George Kurtz, founder and chief executive of CrowdStrike, described AI agents as operating with “superhuman speed and access”, effectively making every agent a privileged identity. His argument is that standing privileges, whether assigned to humans or machines, create blind spots that attackers can exploit.
Continuous identity and real time enforcement
At the heart of the acquisition is SGNL’s role as a runtime access enforcement layer between identity providers and the resources they protect. Rather than relying solely on identity systems to make access decisions, SGNL continuously evaluates identity, device and behavioural signals, informed by CrowdStrike’s Falcon platform intelligence.
The combined approach is intended to allow access to be granted only when it is needed and revoked as soon as risk conditions change. This applies across human users, non-human identities and AI agents, and across environments including SaaS applications and hyperscaler cloud platforms.
CrowdStrike says the integration will extend just-in-time access beyond traditional directories to systems such as AWS IAM, Okta and other cloud identity services. It also plans to use Continuous Access Evaluation Protocol to enforce decisions downstream, revoking access not only at the identity provider but across connected applications and services.
This shift reflects a broader architectural change. Identity is no longer treated as a gate checked once at login, but as a continuously evaluated control point throughout an interaction. For AI agents that may operate autonomously for long periods, that distinction becomes critical.
A platform approach to identity risk
CrowdStrike’s Falcon Next-Gen Identity Security already brings together initial access prevention, privileged access management, identity threat detection and response, and SaaS identity security. The addition of SGNL is intended to unify these capabilities into a continuous, risk aware system that spans endpoint, cloud and SaaS environments.
Scott Kriz, chief executive and co-founder of SGNL, said the company was founded to connect access decisions with business reality, addressing the risk created by legacy standing privileges. By joining CrowdStrike, SGNL’s technology gains access to a global platform and real time threat intelligence that can be applied consistently across enterprises.
The acquisition also highlights how identity security is converging with broader cybersecurity platforms. Rather than deploying isolated tools for access management, detection and response, vendors are increasingly positioning identity as a dynamic component of overall threat prevention.
As organisations deploy more AI agents and automated services, the question is no longer whether identity should be protected, but how quickly access decisions can adapt to changing conditions. In that sense, the CrowdStrike and SGNL deal reflects a wider industry shift. Identity is no longer just about who you are, but about what you are doing right now, and whether you should still be allowed to do it.
