CrowdStrike is buying identity management startup SGNL, a move that underscores how identity security has become a central battleground in enterprise cybersecurity as companies add cloud services and deploy AI-driven tools.
The cybersecurity firm did not disclose financial terms in a Thursday announcement, but CrowdStrike CEO George Kurtz told CNBC the deal is valued at nearly $740 million.
The acquisition targets a growing problem for large organizations: Access is no longer limited to employees logging into a handful of internal systems. Modern environments include contractors, automated scripts, cloud workloads and an expanding set of non-human identities, such as service accounts and machine credentials. More recently, companies have begun experimenting with AI agents that can take actions across multiple systems, sometimes with broad privileges.
Kurtz framed that shift as a security challenge, saying AI agents can operate with “superhuman speed and access,” effectively turning each agent into a privileged identity. The company argues that older models built around static policies and “standing privileges” can leave gaps because access rights may remain in place even as conditions change, such as with a compromised device, suspicious behavior or a new threat signal.
The bet behind the SGNL purchase is that access decisions can be made more dynamic and more automated. CrowdStrike said SGNL functions as a runtime enforcement layer between identity providers and the software and cloud infrastructure, including SaaS applications and major cloud platforms. In practice, that implies shifting controls closer to the moment an account tries to access a resource, allowing permissions to be continuously reevaluated and, if necessary, revoked.
The company is also positioning the deal as an expansion of its identity security portfolio within the Falcon platform, which it says spans privileged access management, identity threat detection and response, SaaS identity security, and protections aimed at AI-driven identities. It said SGNL would extend “just-in-time” access controls beyond Microsoft Active Directory and Entra ID to additional identity systems, including AWS Identity and Access Management and Okta.
The announcement points to a broader industry trend: Identity has become a primary attack path, particularly as organizations connect more cloud services and integrate them with single sign-on systems. Even when organizations harden endpoints and networks, a stolen credential can offer a direct route into business applications and data. The rise of automated identities adds another layer of complexity, because these accounts are often created for operational convenience and may be poorly tracked or overprivileged.
SGNL CEO Scott Kriz said the company was founded to connect access decisions with “business reality,” describing standing privileges as a persistent risk. The companies have not detailed how SGNL will be integrated operationally, but the rationale centers on using real-time signals about identity, device and behavior to determine whether access should continue.
The deal also reflects the industry’s focus on artificial intelligence, which is increasingly seen both as a defensive tool and as a source of new security risks.
In the latter half of 2025 alone:
- Palo Alto Networks announced it will acquire Chronosphere, a cloud observability platform, for $3.35 billion in cash and equity.
- Cloud security company Zscaler announced it has acquired SplxAI, an artificial intelligence security platform.
- Veeam acquired Securiti AI for $1.7 billion.
- Check Point acquired AI security firm Lakera.
The proposed acquisition is expected to close during CrowdStrike’s first quarter of fiscal 2027.