CrowdStrike ships Continuous Identity for AI Agents

CrowdStrike shipped Continuous Identity for AI Agents at Identiverse 2026, a new authorization plane inside Falcon Next-Gen Identity Security. It treats AI agents as first-class identities, gives every agent a SPIFFE-based identity, and authorizes every action against owner, caller, and device risk. When any of those change, the credential is revoked. Grant Thornton Advisors is rolling it into a global managed security deployment this week.

The framing matters. CrowdStrike is not pitching another AI agent. It is selling the part of the stack that decides what the agent is allowed to do, when, and on whose authority, then pulls that authority back the moment any of those facts change. Static credentials and one-time grants are the legacy pattern. The new model is risk-aware, real time, and continuous, with the agent's identity rooted in the SPIFFE standard so it is portable across the platforms an enterprise already runs.

The story behind the launch is the one every CISO is now living through: agents move faster than humans, hold system-level privilege by default, and delegate to other agents. The access models built for employees, contractors, and CI jobs were never designed to handle that pattern, and the gap has been the single biggest open question in enterprise agent deployments for the last 18 months. CrowdStrike is the first major incumbent endpoint security vendor to put a named product on it.

What Continuous Identity for AI Agents actually does

The capability is a thin authorization plane on top of the Falcon platform, with a few distinct jobs. First, every agent gets a cryptographically verifiable identity under the SPIFFE standard, replacing API keys, shared secrets, and one-off tokens. Second, every action the agent takes is authorized in real time against three live signals: who owns the agent, who is calling it, and the current risk posture of the device it is running on. Third, the authorization context follows the agent when it delegates to a sub-agent, so a downstream tool call inherits the same constraints the original request started with. Fourth, the system can revoke access instantly when any of those inputs change, so a compromised device or a sudden risk event breaks the agent's session before the next call goes out.

The product is also designed to cooperate with CrowdStrike's existing Falcon AI Detection and Response product, which inspects prompts and intent for signs of misuse. When AIDR sees an attempt to push a model outside its authorized scope, Continuous Identity is the layer that yanks the credential. The two products form a defense-in-depth pair: one watches the conversation, the other enforces what the conversation is allowed to touch.

Under the hood, the product is powered by the SGNL technology CrowdStrike acquired in early 2026, which gave the company a graph-based authorization engine that already understood non-human identities. Continuous Identity for AI Agents is the agent-specific application of that engine, wrapped in Falcon's identity security brand and aligned with the Falcon platform's existing risk signals. The full Continuous Identity for AI Agents press release lays out the SGNL heritage, the SPIFFE-based identity, and the Falcon AIDR pairing in detail.

Why the timing lines up with the wider agent security market

The launch is not landing in a vacuum. Cisco announced its intent to acquire WideField Security for agent identity work on June 18, the day after CrowdStrike's Identiverse release. Beyond Identity shipped Ceros as a standalone identity platform for AI agents in late May. AppViewX launched its own Agent Identity Security product in late May. NeuralTrust raised a $20M Series A to give enterprise agents a trust layer. SailPoint announced the acquisition of Entro to plug the agent identity gap in its IGA stack. Tenet Security raised $6M from a team of former Cisco AI Defense builders to lock down rogue agents. The category is forming in real time, with the major incumbents and a wave of well-funded startups all converging on the same problem from different angles.

What sets CrowdStrike's play apart is the platform reach. The company is not asking enterprises to rip and replace. Continuous Identity for AI Agents runs on the same Falcon console they already use for endpoint detection, the same risk signals their SOC already ingests, and the same policy layer their identity teams already touch. For a Falcon shop, the move from human identity to agent identity is a configuration change, not a procurement event. For a CrowdStrike competitor, that is a hard moat to attack.

The second piece of timing is the customer. Grant Thornton Advisors, one of the largest advisory platforms in the world, announced on June 16 that it is standardizing its global managed security services on Falcon Complete through CrowdStrike's Agentic MDR program. The deployment uses intelligent agents to augment human analysts across its multinational footprint, which now spans nearly 20 markets and almost 25,000 professionals. Continuous Identity is the policy plane that decides what those internal agents are allowed to do across customer environments, and the Grant Thornton win is the first reference deployment at scale.

Three things to watch from here

For most enterprise teams, the agent identity question has been the blocker that nobody could answer cleanly. Workday, Salesforce, Microsoft, ServiceNow, and every other major SaaS platform has shipped agent features in the last 12 months. Almost none of them have shipped a clean way to authorize a specific agent's access to a specific record, on a specific device, at a specific moment. The default has been to give the agent the same standing access as the human user, which is exactly the model CrowdStrike is now saying does not work.

Continuous Identity closes that gap on the CrowdStrike side. An enterprise can write a policy that says "this agent can read customer support tickets when called by a Tier 1 analyst from a managed device, and otherwise it gets nothing." The policy is evaluated on every call. If the analyst moves off the managed device, the next call returns no data. If the agent is asked to do something outside the policy, the next call returns no data. If the device hits a CrowdStrike risk threshold, the next call returns no data. This is the difference between authorization as a one-time grant and authorization as a continuous function.

The deeper shift is the SPIFFE-based identity. SPIFFE is the open standard for workload identity that has been quietly winning in the Kubernetes world for years, and it is the right primitive for agents because it is portable, cryptographically verifiable, and does not depend on any one vendor's directory. CrowdStrike adopting it for agent identity means an enterprise can move the same workload identity across CrowdStrike, a competing platform, or its own internal service mesh without re-issuing credentials. That is a small detail in a press release, and a big deal for anyone who has lived through a vendor lock-in on identity.

The product also positions CrowdStrike inside the broader OpenID Foundation and IDPro conversations. The company joined both groups this month, with the explicit framing of pushing real-time risk signals into open industry standards. The bet is that agent identity will end up being a federated, standards-based layer rather than a collection of vendor silos, and CrowdStrike wants to be the reference implementation. Three things will tell us if this sticks: whether Falcon customers actually turn the capability on, whether competitors respond with a similar product or route around the identity layer with application-level controls, and whether the standards work inside OpenID and IDPro converges on a SPIFFE-shaped identity primitive that any vendor can implement.

For a broader look at how enterprise teams are weighing runtime choices, governance, and rollout for AI agents today, see the Enterprise AI in 2026: Use Cases, Governance, and Rollout reference page. For the related news on Cisco's bid for WideField Security on the same agent identity problem, see Cisco plans to acquire WideField Security for AI agent identity.