The New Gatekeepers: CrowdStrike Bets on Open Standards to Secure an AI-Driven World

AUSTIN, TX – June 10, 2026 – In a move that signals a fundamental shift in the cybersecurity landscape, CrowdStrike has announced its deep integration with two of the identity sector's most influential standards bodies, the OpenID Foundation and IDPro. While corporate memberships are routine, this one is different. It represents a strategic bet that the future of digital defense will not be won with higher walls, but with a smarter, faster, and more collaborative network of gatekeepers. The company is positioning itself at the heart of this new paradigm, aiming to bake its real-time threat intelligence directly into the protocols that govern who—and what—gets access to our most critical systems.

The announcement comes as enterprises grapple with a security reality that has outpaced traditional defenses. The era of static, perimeter-based security is over, rendered obsolete by cloud adoption and remote work. Now, a new threat is rendering even modern identity solutions inadequate: the proliferation of AI agents and non-human identities (NHIs) operating with a speed and scale that humans simply cannot match.

Identity: The New Front Line in an AI-Powered War

For years, the mantra of cybersecurity has been "identity is the new perimeter." But even that concept is being stress-tested to its breaking point. Legacy identity models, built on the principle of authenticating a user once and then trusting them for the duration of a session, are dangerously brittle. They are no match for adversaries who leverage AI to accelerate attacks or for automated agents that can be hijacked to cause widespread damage.

"Identity is the front line of modern attacks, and static identity frameworks can’t stop AI-driven threats," said Elia Zaitsev, CrowdStrike’s chief technology officer, in a statement accompanying the announcement. The problem is twofold. First, the sheer number of non-human identities—service accounts, API keys, and cloud workloads—now dwarfs human users by as much as 50 to 1 in some organizations, creating a vast and often poorly managed attack surface. Second, the emergence of autonomous AI agents introduces novel vulnerabilities, from prompt injection and tool misuse to identity impersonation. Recent incidents, like the $25 million deepfake fraud that tricked a finance worker, are no longer theoretical risks but costly realities.

This is where the concept of "continuous, risk-aware identity security" moves from an industry buzzword to an operational imperative. Instead of a single checkpoint, it envisions a system of constant verification. Access is not a binary, one-time decision but a dynamic privilege that is continuously evaluated based on real-time signals. Is the user's device suddenly showing signs of compromise? Is an API key being used from an unusual geographic location? Is an AI agent attempting an action outside its normal parameters? A continuous model can detect these anomalies and revoke access instantly, before a breach can occur.

Forging a Common Language for Defense

To make this real-time defense a reality, the entire ecosystem of security tools, identity providers, and SaaS platforms must speak the same language. A threat detected on a single laptop is a valuable signal, but its value multiplies exponentially if it can be instantly shared to lock down that user's access to Salesforce, their cloud console, and their corporate email. This is the core mission behind CrowdStrike's work with the OpenID Foundation.

By taking a Sustaining Corporate Membership, the highest level available, the firm is throwing its weight behind open standards like the Shared Signals Framework (SSF) and the Continuous Access Evaluation Profile (CAEP). In simple terms, SSF provides a standardized, secure pipeline for different systems to share security events. CAEP is the action-oriented protocol that runs over that pipeline, allowing a provider like CrowdStrike to tell an identity platform that a user's session is now considered high-risk and requires immediate re-evaluation.

"CrowdStrike’s leadership in identity security and commitment to strengthening open identity standards make them an invaluable addition," noted Gail Hodges, executive director of the OpenID Foundation. "Their participation sends a powerful message across cybersecurity: in the age of AI-accelerated attacks, open identity standards are not optional but a foundational requirement for effective, real-time defense." This collaboration aims to move the industry from a collection of siloed defense systems to an interoperable, self-healing network.

From Standards to Street-Level Security

Developing standards is one thing; implementing them effectively across a sprawling corporate environment is another. This is where CrowdStrike's dual membership in both the standards-setting OpenID Foundation and the practitioner-focused IDPro becomes strategically astute. IDPro is a professional organization dedicated to advancing the field of digital identity, connecting the experts who build and manage these systems daily. By engaging with this community, CrowdStrike aims to bridge the often-significant gap between protocol development and real-world deployment.

"We are thrilled that they will sponsor IDPro and look forward to welcoming members of their team into our community," said Joni Brennan, IDPro board chair. The move suggests an understanding that technology alone is not enough; a successful shift requires shaping the practices and skills of the people on the ground.

This strategy is underpinned by the cybersecurity leader's own technology stack. Its Falcon Next-Gen Identity Security platform, bolstered by the January 2026 acquisition of SGNL, is already built for this new reality. SGNL's technology specializes in just-in-time access and dynamic authorization, effectively eliminating the dangerous concept of "standing privileges." By integrating SGNL's runtime enforcement with the Falcon platform's vast telemetry and threat intelligence, CrowdStrike can provide the very risk signals that CAEP is designed to carry. The company is not just advocating for an open standard; it is positioning its core platform as the premier source of intelligence to power it, a move that could reshape the competitive dynamics of the rapidly growing $22 billion identity market. This initiative to unify threat intelligence with identity protocols represents a crucial evolutionary step in the industry's ability to build a resilient and adaptive defense against the next generation of automated threats.