en.Wedoany.com Reported - CrowdStrike recently announced three innovations, including continuous authentication for AI agents, aimed at extending continuous authentication to the modern identity attack surface and addressing new security challenges posed by human, non-human, and AI identities.

For a long time, identity security has been based on a simple assumption: verify a user's identity, grant access, and maintain trust in that decision until the next login. This model worked when identity subjects were primarily humans with predictable access patterns. However, the current identity landscape has fundamentally changed, encompassing humans, service accounts, cloud workloads, SaaS applications, APIs, and an increasing number of autonomous AI agents. These agents operate across cloud infrastructure, SaaS platforms, browsers, and unmanaged devices, capable of accessing multiple systems, calling APIs, interacting with SaaS applications, and making autonomous decisions at machine speed.

This shift poses a severe challenge to traditional security models. The speed at which agents operate, combined with the varying permissions of the humans using them, means that a trust decision valid at login may become obsolete moments later. Credential compromise or changes in business context can immediately alter the risk profile. Granting access once and assuming trust persists is no longer sufficient.

CrowdStrike's continuous authentication for AI agents introduces a new model that eliminates static permissions and verifies trust for every agent action in real time. It operates based on modern identity standards, including SPIFFE and the Shared Signals Framework (SSF). Each agent has a verifiable identity based on the SPIFFE standard, and every action is authorized in real time based on the permissions of both the human and the agent, as well as security and business context. When a read-write capable agent performs an action for a read-only user, its permissions are restricted to read-only; the same agent performing actions for different humans yields different results. Authorization occurs at the moment of action using real-time risk signals, with no static permissions. When an agent delegates to a sub-agent, the human identity and permissions are preserved. If the context changes, such as a new vulnerability emerging or a change in HR status, access is immediately revoked.

Provided through CrowdStrike Falcon Next-Gen Identity Security, continuous authentication for AI agents, together with CrowdStrike Falcon AI Detection and Response (AIDR), builds a defense-in-depth strategy for AI agent security. Falcon AIDR continuously inspects prompts and intents, detecting permission abuse or attempts to manipulate large language models beyond their authorized scope, triggering continuous authentication to revoke access before damage occurs.

Additionally, CrowdStrike has extended modern privileged access capabilities to support AWS cloud infrastructure and introduced unified ownership, visibility, and intelligent management across non-human identities. These capabilities are delivered through CrowdStrike Falcon Next-Gen Identity Security.

Together, these innovations help organizations continuously verify trust across human, non-human, and AI identities while reducing static permissions and identity-driven risks.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com