January 8, 2026 — Leads & Copy — CrowdStrike (NASDAQ: CRWD) has entered into a definitive agreement to acquire SGNL, a leader in Continuous Identity, the company said today.
The acquisition aims to enhance CrowdStrike’s position in Next-Gen Identity Security. It will enable continuous granting and revoking of access for human, non-human (NHI), and AI identities, based on real-time risk assessment. By adding SGNL, CrowdStrike plans to broaden dynamic authorization across SaaS and hyperscaler cloud access layers.
George Kurtz, CEO and founder of CrowdStrike, said that AI agents operate with high speed and access, making each agent a privileged identity that requires protection. He added that SGNL will enable CrowdStrike to deliver real-time access control and eliminate gaps from legacy standing privileges. He said the company is disrupting the premise of modern privilege and access for every identity, whether human or machine.
The company said identity security is rapidly becoming a significant segment of cybersecurity. IDC data estimates the identity security market will grow from around $29 billion in 2025 to $56 billion by 2029.
As NHIs and the agentic workforce grow, they function as high-privilege identities with access to data, applications, and compute resources. These identities are created dynamically in SaaS applications and hyperscaler workloads and operate across distributed cloud access paths. This shift highlights the risk associated with legacy access models that rely on static policies and standing privileges, which cannot reassess risk or revoke access as threat conditions evolve.
CrowdStrike’s Falcon Next-Gen Identity Security seeks to secure the hybrid identity lifecycle by unifying initial access prevention, privileged access management (PAM), identity threat detection and response (ITDR), SaaS identity security, and agentic identity protection. Falcon correlates identity, asset, and threat intelligence across endpoint, cloud, and SaaS environments to establish a foundation for continuous, risk-aware authorization at scale.
SGNL operates as the runtime access enforcement layer between identity providers and the SaaS and hyperscaler resources accessed by people, NHIs, and AI agents. By utilizing real-time Falcon platform intelligence and risk signals, SGNL will continuously assess identity, device, and behavior to dynamically grant, deny, or revoke access as conditions change.
Key features and benefits of integrating SGNL with the Falcon platform include:
- Eliminating standing privileges for humans, NHIs, and AI agents by granting access only when needed and removing it when not, using continuous dynamic authorization.
- Extending Falcon Next-Gen Identity Security’s Just-in-Time access beyond Active Directory and Entra ID to AWS IAM, Okta, and other cloud identity and SaaS systems.
- Enhancing Falcon’s asset intelligence and identity governance with Continuous Access Evaluation Protocol (CAEP)-driven enforcement integrated into Falcon® Fusion SOAR to revoke access beyond the identity provider.
- Securing every identity across the attack chain, from initial access to privilege escalation and lateral movement across on-prem, SaaS, and cloud environments.
Scott Kriz, CEO and co-founder of SGNL, said the company was founded to connect access decisions with business reality and that the world needs its technology to eradicate the risk that legacy standing privileges expose. He added that joining CrowdStrike provides the global scale to transform enterprise security with Continuous Identity.
The acquisition is expected to close during CrowdStrike’s first quarter of FY’27, pending customary closing conditions and regulatory clearances. The purchase price is expected to be paid predominantly in cash, with a portion in stock subject to vesting conditions.
CrowdStrike, a global cybersecurity leader, provides a cloud-native platform for protecting enterprise risk areas, including endpoints, cloud workloads, identity, and data.
Powered by the CrowdStrike Security Cloud and AI, the CrowdStrike Falcon® platform uses real-time indicators of attack, threat intelligence, adversary tradecraft, and telemetry to deliver detections, automated protection, threat hunting, and prioritized observability of vulnerabilities.
The Falcon platform is built in the cloud with a single lightweight-agent architecture, offering deployment, protection, performance, and time-to-value.
Contact: Investor Relations – CrowdStrike, ir@crowdstrike.com
Source: CrowdStrike
