SGNL
Also known as: SGNL.ai, Continuous Identity
Continuous Identity platform delivering dynamic, context aware authorization and zero standing privilege for human, non human, and AI agent identities, with a built in MCP Gateway governing what tools agents can use; being acquired by CrowdStrike in a deal announced January 2026.
SGNL is a Palo Alto, California identity security company founded in 2021 by CEO Scott Kriz and Erik Gustavson, whose previous startup Bitium was acquired by Google in 2017. The company raised thirty million dollars in a February 2025 round with backers including Cisco Investments and Microsoft's venture fund, and in January 2026 CrowdStrike announced a definitive agreement to acquire SGNL for roughly seven hundred forty million dollars, predominantly in cash, expected to close in CrowdStrike's first quarter of fiscal 2027 subject to regulatory clearances. The strategic logic, in CrowdStrike CEO George Kurtz's words: AI agents operate with superhuman speed and access, making every agent a privileged identity that must be protected.
The product is a runtime access enforcement layer that sits between identity providers and the SaaS and hyperscaler resources that people, non human identities, and AI agents access. Instead of static roles and standing privileges, SGNL evaluates every access request against contextual signals including user behavior, device posture, and threat intelligence, granting access the moment it is needed and revoking it the moment it is not, a model the company calls Continuous Identity and zero standing privilege. Human readable policies replace thousands of static roles, and the CAEP Hub event framework continuously monitors risk signals and instantly adjusts privileges as conditions evolve. For agentic AI specifically, every agent action is evaluated using the end user's identity, device posture, and request type in SGNL's policy engine across an identity data fabric, and a built in MCP Gateway sits between existing MCP clients and servers, presenting a consistent, authorized menu of the skills and tools enterprise agents can use and the conditions under which they can use them. Coverage extends just in time access beyond Active Directory and Entra ID to AWS IAM, Okta, and other cloud identity and SaaS systems.
SGNL fits enterprises adopting agentic AI that need standing privileges eliminated across humans, service accounts, and agents, especially shops already in the CrowdStrike Falcon ecosystem where the technology is being integrated. Buyers should weigh the acquisition: product direction, packaging, and pricing are likely to shift into Falcon Next Gen Identity Security after close.
Vendor details
Canonical URL
https://sgnl.ai
Category
Security / SOC agent
Subcategory
Continuous identity and dynamic authorization for humans, NHIs, and AI agents
Funding status
Acquired: CrowdStrike announced a definitive agreement on January 8, 2026 to acquire SGNL for roughly seven hundred forty million dollars, predominantly cash with a stock portion subject to vesting, expected to close in CrowdStrike's first quarter of fiscal 2027 pending regulatory clearances. Founded in 2021 in Palo Alto by CEO Scott Kriz and Erik Gustavson, whose prior startup Bitium was acquired by Google in 2017. Raised thirty million dollars in February 2025 with backers including Cisco Investments and Microsoft's venture fund.
Company status
acquired
Use cases & customers
Primary use cases
Target customers
Deployment options
Integrations
Sits between modern identity providers and SaaS and hyperscaler resources, extending just in time access across Active Directory, Entra ID, AWS IAM, Okta, and other cloud identity and SaaS systems. The MCP Gateway adheres to MCP standards and integrates between existing MCP clients and servers, while the policy engine draws context from connected systems across the identity data fabric.
In practice
An enterprise deploys agents that touch production systems through MCP servers. SGNL's MCP Gateway presents each agent an authorized menu of tools, evaluating every action against the end user's identity, device posture, and policy before it executes.
A security team manages thousands of static roles nobody fully understands. SGNL replaces them with human readable policies that grant access when conditions are met and revoke it the moment they change.
A device shows signs of compromise mid session. The CAEP Hub picks up the risk signal and instantly adjusts privileges across connected systems instead of waiting for the next access review.
Sources & related URLs
Related / legacy domains
Research sources
Capability coverage
6.5 / 14 capabilities · 46%
| Integrations & Tool CallingSits between identity providers and SaaS and hyperscaler resources, extending just in time access across Active Directory, Entra ID, AWS IAM, Okta, and other cloud identity and SaaS systems, with policy context from connected systems across the identity data fabric, CrowdStrike press release and sgnl.ai retrieved 2026-07-08 | Full |
|---|---|
| Workflow OrchestrationThe CAEP Hub event framework coordinates continuous risk monitoring and privilege adjustment across systems, but this is access decision workflow rather than agent workflow orchestration, sgnl.ai homepage retrieved 2026-07-08 | Partial |
| Knowledge Grounding & RAGAccess decisions are grounded in business context through the identity data fabric, evaluating user identity, device posture, and request type against enterprise defined policies, though this is contextual policy evaluation rather than a knowledge or RAG layer, sgnl.ai secure AI agents page retrieved 2026-07-08 | Partial |
| Human Oversight & GuardrailsHuman readable policies define the conditions under which agents and people can use tools and systems, functioning as guardrails, though explicit human approval workflows were not documented on retrieved pages, sgnl.ai homepage and secure AI agents page retrieved 2026-07-08 | Partial |
| Security, Identity & GovernanceThe product is identity security itself: zero standing privilege, dynamic authorization, continuous risk evaluation, and enterprise grade security policies governing every human, NHI, and AI agent identity, sgnl.ai and CrowdStrike press release retrieved 2026-07-08 | Full |
| Observability & AuditabilityThe MCP Gateway provides control over and visibility into all AI interactions, continuous monitoring of risk signals is core to the CAEP Hub, and the platform addresses entitlement audit burdens, sgnl.ai homepage and secure AI agents page retrieved 2026-07-08 | Full |
| Memory & State PersistenceNo agent memory or state persistence capability is described on retrieved pages, sgnl.ai retrieved 2026-07-08 | Unable to verify |
| Deployment & Data ResidencyNo self hosted deployment or data residency options are documented on retrieved pages, sgnl.ai retrieved 2026-07-08 | Unable to verify |
| Prebuilt Agents, Templates & PacksNo prebuilt agents or policy template packs are documented on retrieved pages, sgnl.ai retrieved 2026-07-08 | Unable to verify |
| Triggers & Channel CoverageThe CAEP Hub event framework continuously monitors risk signals and instantly adjusts privileges as conditions evolve, with access dynamically granted, denied, or revoked as conditions change, sgnl.ai homepage and CrowdStrike press release retrieved 2026-07-08 | Full |
| Model Flexibility & RoutingSGNL is a policy and authorization layer rather than an LLM product, and no customer model choice is documented, sgnl.ai retrieved 2026-07-08 | Unable to verify |
| APIs, SDKs & MCP ExtensibilityThe built in MCP Gateway adheres to MCP standards and integrates between existing MCP clients and servers, with enterprise defined policies extensible in the policy engine across connected systems, sgnl.ai secure AI agents page retrieved 2026-07-08 | Full |
| Testing, Debugging & OptimizationNo testing, evaluation, or optimization tooling is documented on retrieved pages, sgnl.ai retrieved 2026-07-08 | Unable to verify |
| Browser & Computer UseNo browser or computer use capability is described on retrieved pages, sgnl.ai retrieved 2026-07-08 | Unable to verify |
Pricing
No public pricing; enterprise contracts are quoted through sales
enterprise contracts, structure not publicly documented
What is public
Nothing numeric. The product structure is public: the Continuous Identity platform, dynamic access management, the CAEP Hub, and the MCP Gateway for AI agents, all sold as an enterprise platform with no published tiers or rates.
Billing mechanics
Enterprise sales led motion. No self serve purchase path, published tiers, or rate card was retrievable.
Cost watchouts
Integration scope is the likely cost driver: the number of identity systems, SaaS applications, and MCP servers brought under policy enforcement determines deployment effort and presumably contract size.
Variable cost rationale
No public rate structure exists, so exposure depends entirely on the negotiated contract. Identity security platforms of this type typically scope by identities and connected systems, and the pending CrowdStrike acquisition adds repackaging risk on renewal since the technology is being folded into Falcon Next Gen Identity Security.
Additional watchouts
CrowdStrike announced a definitive agreement to acquire SGNL in January 2026 with close expected in CrowdStrike's first quarter of fiscal 2027. Buyers should expect packaging, pricing, and contracting to migrate toward the Falcon platform after close, and should ask directly how in flight contracts will be honored.
Sales call required
Yes — required for paid access
Free / trial
No free tier or trial is documented on retrieved pages
Key ambiguities
How SGNL will be packaged and priced within CrowdStrike Falcon Next Gen Identity Security after the acquisition closes.
Missing data
No published pricing, tiers, minimums, or contract terms of any kind were retrievable.
Related vendors
- 7AI — Swarming agentic SOC from the Cybereason founders: sixty plus domain…
- Airrived — Agentic OS that unifies SOC, GRC, IAM, vulnerability management, IT,…
- Assail — Autonomous red teaming platform (Ares) whose AI agents discover,…
- Astelia — AI native exposure management platform from Israeli National Red…
- Capsule Security — Runtime security layer for AI agents that detects and blocks unsafe…
- Clutch Security — Universal non human identity security platform that discovers,…