For decades, the cybersecurity industry worked on the assumption that a lock is only as useful if you know who has the keys. And so, there was a process of verifying a person’s identity, granting access, and then trusting they are who they say they are. However, the proliferation of AI tools has broken that assumption.
Today, the average enterprise network is not only accessed by dozens of employees but by thousands of automated systems, AI agents, and machine credentials, many of which were never designed with security as a priority.
On January 8, 2026, CrowdStrike announced it had signed a definitive agreement to acquire SGNL, an identity security startup, in a deal valued at nearly $740 million. The acquisition targets SGNL’s “identity-first” technology, which aims to eliminate static credentials by providing continuous, real-time automated access decisions based on risk. The deal reflects how seriously the cybersecurity industry now treats identity as an attack surface.
Why Identity Has Become the Biggest Target
Expel found that 73.9% of the attacks it investigated in Q3 2025 were tied to compromised identities, rising from 73.6% in Q2. The Identity Defined Security Alliance (IDSA) also reported that 90% of organizations experienced an identity-related incident in the past year, with 84% reporting direct business impact.
Much of this stems from the explosion of non-human identities. Machine identities, driven primarily by cloud and AI, now outnumber human identities by more than 80 to 1 within organizations, and nearly half of those machine identities have sensitive or privileged access. Attackers exploit mismanaged machine credentials to move laterally across networks and non-human identities have created blind spots in authentication systems.
AI agents amplify the exposure further. CrowdStrike described AI agents as operating at “superhuman speed,” creating security risks that traditional access control models are not built to handle.
What SGNL Brings to the Table
CrowdStrike said SGNL functions as a runtime enforcement layer between identity providers and the software and cloud infrastructure organizations rely on. In practice, that means shifting controls closer to the moment an account tries to access a resource, allowing permissions to be continuously reevaluated and, if necessary, revoked.
SGNL would extend “just-in-time” access controls beyond Microsoft Active Directory and Entra ID to additional identity systems, including AWS Identity and Access Management and Okta. For organizations running complex hybrid environments, that coverage gap has historically been a serious vulnerability.
A Market Moving Fast
CrowdStrike is not alone in making this call. Palo Alto Networks completed its acquisition of CyberArk on February 11, 2026, establishing identity security as a core pillar of its platform strategy in a deal valued at $25 billion. IDC estimates the identity security market will grow from $29 billion in 2025 to $56 billion by 2029.
With AI agents multiplying across enterprise environments and attackers consistently choosing to log in rather than break into the system, the industry has reached this turning point – securing identity is no longer a supporting function in cybersecurity; it is now the main event.
