Friday, January 9, 2026
Latest:

Threatshub.org sponsored-Post

The Register

As agents run amok, CrowdStrike’s $740M SGNL deal aims to help get a grip on identity security

TH Author

CrowdStrike has signed a $740 million deal to buy identity security startup SGNL. The move underscores the growing threat of identity-based attacks as companies struggle to secure skyrocketing numbers of non-human identities, including AI agents.

The acquisition will boost SGNL’s Falcon cloud security platform’s identity capabilities and provide “context-aware authorization” for human, machine, and AI agent identities, CrowdStrike President Michael Sentonas wrote in Thursday blog post. 

“As the agentic workforce expands and non-human identities multiply, organizations must ensure they only provide identities with the privileges needed to operate for the amount of time required,” Sentonas wrote.

This, he added, requires “a new approach to securing privileged access, one that continuously evaluates identity risk and dynamically grants or revokes access as conditions change.”

That’s where SGNL comes into the picture. 

“When I left Google, I saw an industry at an inflection point,” SGNL CEO Scott Kriz wrote in a blog post announcing the CrowdStrike acquisition.

“Authentication had become mature and commoditized, but authorization – the critical question of ‘what can you do?’ versus just ‘who are you?’ – remained fundamentally broken,” Kriz continued. “Every enterprise struggled with the same challenge: managing access in real-time based on context, not just identity.”

So Kriz and fellow ex-Googler Erik Gustavson founded the company in 2021 to help it provide this type of contextual authorization to customers. The company had raised $42 million from investors, according to Pitchbook, including a $30 million funding round in February.

How to secure machine identities?

Industry analysts told El Reg it’s a smart – albeit pricey – addition to CrowdStrike’s security stack.

“SGNL’s ability to correlate identity data, business context, and security posture across human and non-human identities helps enterprises today and provides a great foundation to improve identity security for AI agents,” Omdia principal analyst Todd Thiemann told us.

Last year saw organizations battle a wave of identity-based attacks ranging from traditional phishing to Scattered Spider-style social engineering scams to ransomware gangs targeting non-human identities that have access to sensitive cloud resources. 

Microsoft said identity-based attacks rose by 32 percent in the first half of 2025, and Cisco-owned Duo declared an “identity crisis” amidst rising login attacks.

Identity remains the most targeted attack surface and one of the most scalable enforcement points for customers

“Identity remains the most targeted attack surface and one of the most scalable enforcement points for customers,” Dell’Oro Group senior director Mauricio Sanchez told The Register. He attributes this to the convergence of human and machine identities.

“Buyers want continuous evaluation of users and privileges because tokens and sessions can be compromised even when authentication looks correct,” Sanchez said.

Meanwhile, “non-human identities – workloads, service accounts, certificates – are proliferating and often carry high privilege,” he added. “In a zero-trust model among machines, machine identity is foundational. If you cannot strongly identify a workload, you cannot reliably authorize it.”

CrowdStrike’s planned SGNL purchase is “a clear signal that identity is becoming a first-class control plane inside major security platforms,” Sanchez said. “CrowdStrike is effectively saying: security vendors want to be in the path of access, not only in the path of detection. The strategic value is tighter linkage between risk signals and real-time authorization across SaaS, cloud, and APIs.”

It also “validates the growing importance of SSF in the agentic AI era,” Forrester VP and research director Merritt Maxim said.

Shared Signals Framework for agentic AI security

Maxim is referring to the Shared Signals Framework (SSF), an OpenID Foundation standard that aims to make it easy for security tools from disparate vendors to share risk signals in real time. This, in turn, should improve companies’ risk-based authentication, and speed up their threat detection and response.

“SGNL brings authorization capabilities based on dynamic signals (aka SSF) and real-time authorization which are important for enforcing zero standing privilege and the context-based controls needed for agentic AI,” he continued. “The $750 million purchase price is a high price for an emerging startup, but reflects CrowdStrike’s optimism in the growth opportunity for identity security going forward.”

The deal “enables Crowdstrike to extend their reach into identity security and will help them execute on their vision for next-gen PIM [privileged identity management] and building out their AI security capabilities,” Maxim added.

The SGNL deal is CrowdStrike’s second AI security acquisition in two years. In September, the security firm announced plans to buy Pangea, which attempts to make AI more secure by stopping risky use, securing AI agents, and so on.

Crowdstrike isn’t the only big security vendor to add identity security to its stack: The deal “echoes Palo Alto Networks’ acquisition last year of CyberArk’s identity security-related assets and directionally reinforces that identity security is no longer optional plumbing,” Sanchez said. “It’s increasingly the battleground for platform differentiation.” ®

READ MORE HERE