Cyber security firm CrowdStrike says traditional access controls are no longer fit for autonomous AI agents.
CrowdStrike has unveiled Continuous Identity for AI Agents, a new feature within its Falcon platform aimed at securing autonomous AI systems by continuously authorising access decisions based on real-time risk signals.
According to CrowdStrike, traditional identity and access management models built around static policies and standing privileges are ill-suited to AI agents operating at machine speed. Instead, Continuous Identity evaluates access requests in real time using contextual factors such as the identity of the agent owner, the user or system invoking the agent, and the security posture of associated devices.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
“AI agents are transforming how work gets done, and how identities must be secured,” Elia Zaitsev, chief technology officer at CrowdStrike, said in a 16 June statement.
“Point-in-time authorisation becomes a legacy approach the second agents are given autonomy. Authorise once and trust indefinitely is not a security model, it’s a liability. That’s the shift CrowdStrike is driving, from static, one-time access decisions to Continuous Identity.”
The capability is powered by technology acquired through CrowdStrike’s recent purchase of SGNL and is designed to dynamically grant, deny, or revoke access based on changing risk conditions. The company said the platform eliminates standing privileges by granting access only when required and removing it once tasks are completed.
Key features include cryptographically verifiable agent identities based on the SPIFFE standard, context-aware authorisation that preserves identity information across chains of delegated sub-agents, and integration with Falcon AI Detection and Response (AIDR). AIDR continuously monitors prompts and agent activity for signs of misuse or attempts to manipulate large language models beyond their authorised scope, triggering access revocation when necessary.
CrowdStrike said the new capability extends its risk-based authorisation model across human, non-human and AI identities, covering on-premises, SaaS, browser and cloud environments.
Want to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.