As agents run amok, CrowdStrike’s $740M SGNL deal aims to help get a grip on identity security
Summary
CrowdStrike has agreed to acquire identity security start-up SGNL for $740 million to bolster its Falcon platform with context-aware authorisation for humans, machines and AI agents. SGNL — founded by ex-Googlers in 2021 and backed by venture funding — focuses on dynamic, real-time authorisation using risk signals (including the Shared Signals Framework). The purchase reflects rising identity-based attacks and the need to treat identity as a primary control plane rather than just an authentication problem.
Key Points
- CrowdStrike will buy SGNL for $740 million to add real-time authorisation capabilities to Falcon.
- SGNL provides context-aware authorisation for human, machine and AI agent identities, addressing privilege duration and dynamic access.
- Founders include ex-Google engineers; the company raised about $42m, including a $30m Series A in 2025.
- The move responds to a surge in identity-based attacks and the growing number of non-human identities (workloads, agents, service accounts).
- SGNL’s approach aligns with the OpenID Shared Signals Framework (SSF) for sharing risk signals across tools in real time.
- Analysts see identity becoming a first-class control plane inside security platforms — vendors want to be in the path of access, not just detection.
- This is CrowdStrike’s second AI/security-focused buy in two years (after Pangea) and echoes wider industry consolidation around identity (eg Palo Alto/CyberArk moves).
Author style
Punchy: Big cheque, bigger signal. CrowdStrike is doubling down on identity as the frontline control plane — this isn’t plumbing any more, it’s a battleground for platform advantage.
Why should I read this?
Short answer: because tokens, bots and AI agents are everywhere now and your old login checks won’t stop them. CrowdStrike just paid serious money for tech that decides who gets to do what — in real time. If you worry about leaked sessions, runaway service accounts or AI agents with too many privileges, this is one to skim (or actually read) — we’ve done the heavy lifting for you.
Context and Relevance
Identity-based attacks climbed sharply in 2025, with vendors and analysts warning of an “identity crisis.” Organisations now contend with both human and proliferating non-human identities that often hold high privileges. SGNL’s real-time, signal-driven authorisation helps enforce zero standing privilege and supports risk-based controls for agentic AI — a timely capability as enterprises adopt AI agents that act autonomously.
The SGNL deal signals that major security platforms want to integrate authorisation into the access path itself (not just detect after the fact). Expect more consolidation and product bundling as vendors race to own identity controls across SaaS, cloud and APIs.