Written by Mark Rogge, CEO EnforceAuth
EnforceAuth becomes the beneficiary of CrowdStrike's acquisition of SDNL. It validates what we've been building and exposes the gap we exist to fill.
On January 8, 2026, CrowdStrike announced it was acquiring SDNL for $740 million.
I've had dozens of people ask me: "How do you feel about this? Wasn't SDNL your competitor?"
My honest answer: I couldn't be more energized.
Here's why.
The Market Just Got Its Price Tag
For years, those of us building in the authorization space have had to educate the market that authorization is a category, not just a feature bolted onto IAM. Authorization deserved its own budget line, because adjacent markets it sits a critical layer below, like identity security, had already matured.
CrowdStrike just answered all of those questions with a single number: $740 million.
That's what a company with $63 million in total funding, founded less than five years ago, sold for. Not because they had the biggest customer roster. Not because they had an endpoint tool or a detection product. An authorization company. A company that proved the problem was growing so fast, and the moat so defensible, that CrowdStrike was willing to acquire at nearly 12x invested capital.
IDC projects the identity security market will grow from $29 billion in 2025 to $41 billion by 2029. But this market now has a new, very visible sub-segment: real-time AI agent authorization across human and machine identities.
The authorization era is not coming. It is here. And now it has a $740 million proof point.
What SDNL Built and Why It Mattered
I have tremendous respect for what Ashot Eni, Gal Gutierrez, and the SDNL team built.
SDNL's core insight was correct: authentication is solved; authorization is broken. Their platform, particularly the relationship-based access model, represented a genuine advance in how enterprises think about identity and permissions. But relationship-based tokens alone cannot govern a world where AI agents route through delegated chains of permissions across infrastructure boundaries.
Their Continuous Identity Architecture, powered by the Continuous Access Evaluation Protocol (CAEP), represented a real step forward. Rather than checking permissions once at login and assuming them for the rest of a session, CAEP evaluates identity context continuously. When your device trust eroded, the authorization reset. When context shifted, your permission scope shrunk.
Important work. It proved that enterprises are ready for dynamic, context-aware authorization. It demonstrated that periodic access reviews are incompatible with the speed and autonomy of modern AI systems.
CrowdStrike recognized this value and paid accordingly.
How Does the SDNL Acquisition Affect Enterprises Not on CrowdStrike?
Here's the part most people overlook.
The day before January 8, SDNL was a vendor-neutral, platform-independent authorization engine. Any enterprise, regardless of their security stack, could deploy SDNL's technology and enforce policies in their environments.
The day after January 8, SDNL became a feature inside CrowdStrike's Falcon platform.
That's not a criticism. It is a strategic reality. CrowdStrike is building one of the most expansive security platforms on the planet. Adding SDNL's continuous authorization capabilities into Falcon is a smart move for their 38,000+ existing customers. The vision of surrounding identity, endpoint, cloud, and threat intelligence into one fabric is compelling.
But it creates a structural consequence that benefits every enterprise not currently committed to the CrowdStrike ecosystem.
Every organization operating multi-cloud environments across AWS, Azure, and GCP. Every enterprise running a heterogeneous security stack. Every company with a different vendor for endpoint protection. Every regulated financial institution balancing overlapping security and compliance frameworks across international jurisdictions.
These organizations just lost access to the most advanced standalone authorization platform on the market.
What Authorization Gap Does the SDNL Acquisition Expose?
Here's what I think the market misses, and it is not subtle.
SDNL solved an important problem: continuous, contextual, session-level authorization. Should this identity, whether human, machine, or AI agent, have access to this resource, right now?
That's necessary. It's also not sufficient.
The harder question, the one keeping CISOs awake in 2026, isn't just "should this agent have access?" It's "should this agent do this specific thing, with this data, in this context, through this delegation chain, and can I prove this decision was accurately classified under these regulatory constraints?"
That's the difference between identity-centric authorization and decision-centric authorization.
Identity-centric authorization asks: What are you, and what can you access?
Decision-centric authorization asks: What are you doing, and should this specific action happen right now?
When an AI agent orchestrates a workflow that touches customer PII, initiates a financial transfer, modifies production infrastructure, or executes a multi-step process spanning six different systems, the question is not just whether the agent has the right role. It's whether this specific decision, at this moment, given this agent's identity, the delegation chain that granted authority, the sensitivity of the resource, the regulatory requirements, and the operational conditions, should be authorized.
I call this the authorization gap. And it's the gap that grows wider, not narrower, as AI agents become more autonomous.
Why This Is Great for EnforceAuth
We built EnforceAuth to solve the harder problem that CrowdStrike's acquisition makes more urgent, not less.
Our AI Security Fabric provides unified, decision-centric authorization across applications, infrastructure, data, and AI workloads. Every action, whether initiated by a human, an AI agent, or an automated pipeline, is evaluated against fine-grained, continuously updated policy before it executes.
Three things make our position stronger after this acquisition.
First, the market is now educated
CrowdStrike's $740 million acquisition of SDNL sent a clear signal to the entire enterprise security market: authorization is a standalone category with real budget behind it.
CrowdStrike runs one of the most powerful marketing engines in cybersecurity. When they pay $740 million for an authorization company, enterprises that had been in the "we'll handle this with RBAC" camp are going to take a harder look. They'll search for "AI agent authorization" and find a market that now has a $740 million validation point.
Every board meeting that discusses the SDNL acquisition to justify security spend is a conversation that creates budget for standalone authorization platforms. CrowdStrike just did our market education for us.
Second, vendor-neutral standalone authorization just became scarce
With SDNL absorbed into CrowdStrike's Falcon ecosystem, the most visible vendor-neutral authorization platform on the market is no longer available as an independent product.
The most visible standalone authorization platform in the market is now CrowdStrike-locked. Earlier, CyberArk acquired identity authorization assets for $510 million. Single-vendor acquisitions keep pulling authorization capabilities into proprietary ecosystems. Microsoft is building its agent authorization for Entra and sticking specifically to its own stack.
Each of these moves pulls authorization deeper into a single vendor's ecosystem. Each one makes standalone, vendor-neutral options rarer.
But not all enterprises run a single security platform. Most run five, or ten, or twenty. They layer point solutions for each domain. They operate sprawling multi-cloud, multi-vendor environments. For those enterprises, the number of independent authorization providers just shrank again.
We are that independent fabric.
Third, the distinction between identity authorization and decision authorization gets clearer every day
The SDNL acquisition highlights a fundamental architectural split in the authorization market: identity-centric systems that govern who gets access versus decision-centric systems that govern what actions are permitted in real time.
SDNL inside CrowdStrike will excel at continuous identity authorization within the Falcon ecosystem. Session-level, context-refreshing, adaptive access based on real-time risk signals. Valuable work.
But as Gartner's own 2026 cybersecurity trends emphasize, the harder challenge isn't session-level authorization. It is action-level authorization. Authorizing the real-time decisions AI agents make every second: autonomous workflows, cross-system tool calls, and decision sequences that no identity system was designed to track or evaluate.
EnforceAuth was built from the ground up for this reality. Our decision-centric architecture evaluates every agent action against contextual, fine-grained policy across all four domains: applications, infrastructure, data, and AI workloads. We run OPA natively, support Cedar and Zanzibar compatibility, log every decision for regulatory compliance, and provide Chain of Custody for every decision an AI agent makes in your environment.
Authorization Is a Category, Not a Feature
Some people look at the SDNL acquisition and conclude that authorization is becoming a feature inside security platforms. I believe the opposite is true. CrowdStrike's $740 million just proved it.
When Okta went public in 2017, the consensus was that authentication would become a feature inside Microsoft and Google. Both built competitive products. Okta now runs at $2.8 billion in revenue, proving that mission-critical infrastructure layers deserve independent platforms that serve the entire market, not just one vendor's ecosystem.
Authorization is following the same trajectory, but it is a harder problem. Authentication is binary: yes or no, you are who you claim to be. Authorization is contextual, continuous, and exponentially more complex. It requires real-time evaluation against fine-grained policy, across domains, for both human and non-human identities, with full audit trails for regulatory compliance.
That's a platform problem.
CrowdStrike, CyberArk, and Microsoft all know this, which is why they've collectively invested over a billion dollars in authorization capabilities. Their investments validate the size of the opportunity. But they also create demand for a vendor that provides decision-centric authorization as a standalone, vendor-neutral platform, the same way Okta, Snyk, and every other independent security platform in your stack operate independently.
That is not a fantasy. That's the next great infrastructure category. And here's the thing: the more platforms absorb their own authorization logic, the more enterprises running multi-vendor stacks need an independent authorization fabric. CrowdStrike didn't make authorization a feature. They proved it's a category worth billions.
Common Questions About the CrowdStrike SDNL Acquisition
What did CrowdStrike acquire with SDNL?
CrowdStrike acquired SDNL for $740 million in January 2026. SDNL built a continuous identity authorization platform powered by the Continuous Access Evaluation Protocol (CAEP), which evaluates identity context in real time rather than checking permissions once at login. The acquisition brings those capabilities into CrowdStrike's Falcon platform for their 38,000+ customers.
What is decision-centric authorization?
Decision-centric authorization evaluates whether a specific action should happen right now, given the identity, the delegation chain, the resource sensitivity, and the regulatory context. It goes beyond identity-centric authorization, which only asks whether an identity has access to a resource. For AI agents making thousands of autonomous decisions per session, this distinction is critical.
What happens to standalone authorization now that SDNL is inside CrowdStrike?
SDNL was the most visible vendor-neutral authorization platform on the market. Now it is CrowdStrike-locked. Combined with CyberArk's $510 million identity authorization acquisition and Microsoft building Entra-specific agent authorization, independent options keep shrinking. Enterprises running multi-vendor environments need a standalone authorization fabric.
What is policy-as-code and why does it matter?
Policy-as-code means writing authorization rules in a structured policy language, versioning them in git, testing them in CI/CD, and deploying them like infrastructure. It replaces manual RBAC configurations with auditable, testable code. EnforceAuth is built on OPA with native Cedar and Zanzibar compatibility, so teams write policy once and enforce it across all four domains.
How does this acquisition affect enterprises not using CrowdStrike?
If you are not in the CrowdStrike ecosystem, the acquisition removed an option. SDNL's technology now serves CrowdStrike's existing customer base within Falcon. Organizations running heterogeneous security stacks, or those in regulated industries balancing overlapping compliance frameworks, now have fewer independent authorization vendors to choose from.
What Comes Next
The next generation of security incidents won't come from bad authentication. They'll come from uncontrolled decisions made by authorized systems.
An AI agent with perfect credentials and a perfectly valid session token. A machine identity with proper access rights initiating a transaction that violates operational policy. An autonomous workflow making decisions at a speed, complexity, and scale that no human can review in real time.
This is not a future risk. It's happening now.
The market is migrating toward decision-centric security right now. Enterprises are looking for platforms that solve authorization once and enforce it everywhere.
At EnforceAuth, we are building for this reality. Our AI Security Fabric is purpose-built for a world where authorized agents need authorized actions. Fine-grained, real-time policy applied to every human and machine decision, built for the speed, scale, and complexity that AI agents demand.
CrowdStrike's SDNL deal validated the market, educated the buyers, and created board-level awareness for authorization as a category. I'm grateful to the SDNL team for the work they did to build this market and pave the road we're now running on.
The authorization era has arrived. If you're deploying AI agents without decision-level governance, we should talk.
About EnforceAuth
EnforceAuth is the AI Security Fabric for the agentic era. We provide decision-centric authorization across applications, infrastructure, data, and AI workloads. Write policy once. Enforce everywhere.