New innovations bring Continuous Identity to AI agents, extend modern privileged access into AWS cloud infrastructure, and unify identity intelligence across human, non-human, and AI identities.
Identity security has long been built around a simple premise: Authenticate a user, grant access, and trust that decision until their next login. While for many this model worked well enough when identities were primarily human and access patterns were predictable, that’s no longer the case for humans and definitely not the case for AI agents.
Modern identities span humans, service accounts, cloud workloads, SaaS applications, APIs, and increasingly, autonomous AI agents operating across cloud infrastructure, SaaS platforms, browsers, and unmanaged devices. These agents can access multiple systems, invoke APIs, interact with SaaS applications, and make autonomous decisions at machine speed.
This creates a challenge for traditional security models. The speed of these agents, combined with the varying privileges of the humans using them, means a trust decision that was valid at login may no longer be valid moments later. A compromised credential or change in business context can instantly alter risk. It’s not enough to grant access once and assume trust persists.
CrowdStrike is redefining identity security with Continuous Identity — delivered through CrowdStrike Falcon® Next-Gen Identity Security — which continuously evaluates identity, device, threat, and business context to determine whether access should be granted, adjusted, or revoked. Today, we are introducing three innovations that extend Continuous Identity across the modern identity attack surface:
- Continuous Identity for AI Agents, enabling real-time authorization for every agent action
- Expanded modern privileged access for AWS cloud infrastructure
- Unified ownership, visibility, and intelligence across non-human identities (NHIs)
Together, these capabilities help organizations continuously verify trust across human, non-human, and AI identities while reducing standing privileges and identity-driven risk.
Introducing Continuous Identity for AI Agents
Continuous Identity for AI Agents introduces a model that eliminates standing privileges and immediately verifies trust for every agent action. This approach helps address emerging AI agent risks including excessive privileges, compromised credentials, unauthorized access, agent-to-agent delegation risks, and access that remains active after risk conditions change.
Using modern identity standards including SPIFFE and the Shared Signals Framework (SSF), every action is authorized in real time based on what the agent is, who the human behind it is, and what the security and business context demands at that moment. This proactive approach controls access before agents can act.
How It Works:
- Every agent should have a verifiable identity based on the SPIFFE standard.
- Every action is evaluated against the human’s and agent’s entitlements, in addition to security and business context
- An agent with read/write capability acting for a read-only user can only read; the same agent, with a different human, would produce a different outcome
- No standing privileges exist; authorization happens at the moment of action using live risk signals
- When agents delegate to sub-agents, human identity and permissions are preserved
- If context changes — a new vulnerability, an HR status change — access is immediately revoked
CrowdStrike provides defense in depth for AI agent security with Continuous Identity for AI Agents, delivered through Falcon Next-Gen Identity Security, as well as CrowdStrike Falcon® AI Detection and Response (AIDR). Falcon AIDR continuously inspects prompts and intent to detect permission misuse or attempts to manipulate an LLM beyond its authorized scope, triggering Continuous Identity to revoke access before damage is done.
