CrowdStrike to Acquire SGNL to Transform Identity Security for the AI Era

Key Terms

continuous identity technical

Continuous identity is the ongoing verification and tracking of a person or organization’s digital identity across time and multiple systems, rather than a one-time check. For investors, it matters because it helps companies prevent fraud, meet regulatory rules, keep customer and patient records accurate, and avoid costly security breaches—think of it like a driver’s license that is continually checked and updated as you move between checkpoints so the right person is always recognized.

next-gen identity security technical

Next-gen identity security is the latest layer of tools and practices that verify who someone is when they access systems or data, using techniques like biometrics, behavior patterns, contextual checks and AI instead of or alongside passwords. It matters to investors because stronger, more efficient identity checks reduce the risk of costly data breaches and regulatory fines, lower ongoing security costs, and can be a scalable competitive advantage for companies in digital-first markets.

non-human (nhi) technical

Non-human (nhi) denotes data or tests conducted on subjects that are not people, such as animals, isolated cells, tissue samples, or computer models. Investors care because results labeled 'nhi' indicate early-stage, preclinical evidence rather than proof in human patients; like a prototype tested in a lab instead of in real-world customers, positive non-human results lower scientific risk but still leave major regulatory, safety, and market uncertainties before human use or approval.

privileged access management (pam) technical

Privileged access management (PAM) is a set of tools and practices that control, monitor and secure special accounts or “master keys” that can change or access an organization’s most sensitive systems and data. For investors, PAM matters because it reduces the chance of costly security breaches, regulatory fines and operational downtime—similar to keeping high‑value keys in a vault with strict logs and guards, which helps protect a company’s assets and reputation.

identity threat detection and response (itdr) technical

Identity threat detection and response (ITDR) is a set of tools and practices that watch for misuse of digital identities—like employee logins, service accounts, or customer credentials—and quickly block, investigate, and recover from attacks such as account takeover or credential theft. For investors, ITDR matters because weak identity protection can allow fraud or ransomware that disrupts operations, triggers regulatory fines and lawsuits, and damages customer trust, all of which can hit revenue and share value.

continuous access evaluation protocol (caep) technical

A continuous access evaluation protocol (CAEP) is a regulatory framework that lets a medical product remain available to patients while regulators and manufacturers collect and review ongoing safety and effectiveness data. For investors, a CAEP matters because it can preserve sales and market presence during extended testing or post-approval monitoring, reducing the risk of sudden revenue loss while still signaling that safety and performance are being actively checked — like a car kept on the road while undergoing regular inspections.

soar technical

Soar describes a rapid, large increase in a stock’s price, trading volume, or a company’s reported metric, like revenue or user growth. It matters to investors because a sudden jump can signal strong positive news or shifting sentiment—think of a balloon quickly rising—which can create profit opportunities but also higher short-term risk and volatility that may prompt buying, selling, or closer scrutiny.

just-in-time access technical

Just-in-time access is a security and operations approach that gives people or systems the minimal permissions they need only at the moment they need them, then removes those permissions afterward. For investors, it reduces the risk of data breaches, regulatory fines and insider misuse while improving efficiency and cost control—think of it like lending someone a key that only works for a single task and then disappears.

CrowdStrike is expanding the Falcon platform with Continuous Identity, redefining privilege and access for all users everywhere – from human to non-human AI agents

AUSTIN, Texas--(BUSINESS WIRE)-- CrowdStrike (NASDAQ: CRWD) today announced it has signed a definitive agreement to acquire SGNL, a leader in Continuous Identity. This acquisition will accelerate CrowdStrike’s leadership in Next-Gen Identity Security, enabling access for human, non-human (NHI), and AI identities to be continuously granted and revoked based on real-time risk. With SGNL, CrowdStrike will extend dynamic authorization across SaaS and hyperscaler cloud access layers. The combination of dynamic privilege and access coupled with Falcon® platform intelligence sets a new standard for agentic identity security.

“AI agents operate with superhuman speed and access, making every agent a privileged identity that must be protected,” said George Kurtz, CEO and founder of CrowdStrike. “With SGNL, CrowdStrike will deliver continuous, real-time access control that eliminates the known and unknown gaps from legacy standing privileges. We’re disrupting the premise of modern privilege and access – for every identity, human or machine. This is identity security built for the AI era.”

Falcon Next-Gen Identity Security: Identity Security for the AI Era

Identity security is rapidly becoming one of cybersecurity’s largest and fastest-growing segments. According to IDC, the identity security market is expected to grow from approximately $29 billion in 2025 to $56 billion by 2029.¹

As NHIs and the agentic workforce expand, these entities function as high-privilege identities with access to data, applications, compute resources, and other agents. They’re created dynamically in SaaS applications and hyperscaler workloads and operate across distributed cloud access paths. This shift exposes the risk created by legacy access models built on static policies and standing privileges. These models cannot reassess risk or revoke access as threat conditions change, leaving organizations exposed as AI identities operate autonomously. Identity security for the AI era requires a fundamentally different approach, built on continuous risk evaluation and dynamic authorization across modern access paths.

Falcon® Next-Gen Identity Security already secures the full hybrid identity lifecycle, unifying initial access prevention, privileged access management (PAM), identity threat detection and response (ITDR), SaaS identity security, and agentic identity protection. Falcon correlates identity, asset, and threat intelligence across endpoint, cloud, and SaaS environments, establishing the foundation for continuous, risk-aware authorization at scale.

Securing Modern Identities with SGNL

SGNL is the runtime access enforcement layer between modern identity providers and the SaaS and hyperscaler resources that people, NHIs, and AI agents access. Powered by real-time Falcon platform intelligence and risk signals, SGNL will continuously evaluate identity, device, and behavior to dynamically grant, deny, or revoke access as conditions change, eliminating standing privilege access across every identity and environment.

Key features and benefits of SGNL and the Falcon platform will include:

• Eliminate Standing Privileges for Humans, NHIs, and AI Agents: Grant access the moment it’s needed and remove it the moment it’s not with continuous dynamic authorization powered by real-time Falcon platform risk signals.
• Access Enforcement Across All Major Identity Systems: Extend Falcon Next-Gen Identity Security’s Just-in-Time access beyond Active Directory and Entra ID to AWS IAM, Okta, and other cloud identity and SaaS systems.
• Identity Governance and Downstream Protection: Enhance Falcon’s asset intelligence and identity governance with Continuous Access Evaluation Protocol (CAEP)-driven enforcement integrated into Falcon® Fusion SOAR to revoke access beyond the identity provider, proactively prevent misconfiguration-driven breaches, and protect downstream applications and services.
• Unify Hybrid Identity Security: Secure every identity across the attack chain – from initial access to privilege escalation and lateral movement spanning on-prem, SaaS, and cloud environments.

“SGNL was founded to connect access decisions with business reality,” said Scott Kriz, CEO and co-founder of SGNL. “The world needs our technology to eradicate the significant risk that legacy standing privileges expose in today and tomorrow’s environments. Joining CrowdStrike provides us with global scale natively through cybersecurity’s leading platform to transform enterprise security with Continuous Identity, furthering CrowdStrike’s mission of stopping breaches.”

Transaction Details

The purchase price is contemplated to be paid predominantly in cash and includes a portion to be delivered in the form of stock subject to vesting conditions. The proposed acquisition is expected to close during CrowdStrike’s first quarter of FY’27, subject to customary closing conditions, including the receipt of regulatory clearances.

About CrowdStrike

CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft, and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting, and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity, and immediate time-to-value.

CrowdStrike: We stop breaches.

Learn more: https://www.crowdstrike.com/
Follow us: Blog | X | LinkedIn | Instagram
Start a free trial today: https://www.crowdstrike.com/trial

© 2026 CrowdStrike, Inc. All rights reserved. CrowdStrike and CrowdStrike Falcon are marks owned by CrowdStrike, Inc. and are registered in the United States and other countries. CrowdStrike owns other trademarks and service marks and may use the brands of third parties to identify their products and services.

Forward-Looking Statements

This press release contains forward-looking statements that involve risks and uncertainties, including statements regarding the benefits of the acquisition to CrowdStrike and its customers, CrowdStrike’s plans to integrate SGNL’s technology and operations, and the closing of the acquisition. You should not place undue reliance on these forward-looking statements, as actual outcomes and results may differ materially from those contemplated as a result of risks and uncertainties. There are a number of factors that could cause actual results to differ materially from statements made in this press release, including the satisfaction of conditions to closing the acquisition including the receipt of regulatory clearances, CrowdStrike’s ability to integrate SGNL’s technology and operations, and other risks described in the filings CrowdStrike makes with the Securities and Exchange Commission from time to time, including CrowdStrike’s most recently filed Annual Report on Form 10-K, most recently filed Quarterly Report on Form 10-Q, and subsequent filings. All forward-looking statements in this press release are based on information available to CrowdStrike as of the date hereof, and CrowdStrike does not assume any obligation to update any of these forward-looking statements to reflect events that occur or circumstances that exist after the date on which they were made.

¹ Source: IDC, Semiannual Security Products Forecast, 2025 H1, November 2025.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260107999523/en/

Media Contact

Jake Schuster

CrowdStrike Corporate Communications

press@crowdstrike.com

Source: CrowdStrike, Inc.