CrowdStrike to buy Seraphic Security & SGNL in January Acquisition Spree

In an ambitious start to the new year, CrowdStrike has kicked off its 2026 M&A activity with two announcements in January. The global cybersecurity provider says that it intends to purchase identity security vendor SGNL, as well as browser runtime security vendor Seraphic Security. A move like this so early in the year has taken many by surprise: January is one of the quietest months in the tech industry, marking a post-holiday emergence replete with inbox-cleaning, budget discussions and newfound resolutions. CrowdStrike clearly felt however that the time was right to make these announcements, and in doing so set the bar for other vendors looking to expand their portfolios and platform capabilities.

Why buy SGNL and Seraphic Security?

CrowdStrike’s first announcement came on 8th January. In addition to a press release, Michael Sentonas – CrowdStrike’s President – wrote a detailed blog post about the reasons for acquiring SGNL. It’s clear that a key factor in the decision is the plan to evolve its security platform to address the modern risks posed by an explosion of human, machine, and AI agent identities across cloud environments.

CrowdStrike believes that the transition from what it calls the outdated, static security models toward continuous, context-aware authorization is required in order to evaluate risk signals in real time to grant or revoke access. This strategy focuses on achieving what Sentonas calls “zero standing privileges”, a scenario that ensures that users and autonomous bots only possess high-level permissions for the specific duration of a task. Ultimately, the objective of the integration is to create a unified identity fabric designed to proactively stop breaches by securing the entire lifecycle of digital identities in an increasingly complex, AI-driven landscape.

A matter of days after the SGNL announcement, CrowdStrike outlined its intent to acquire Seraphic Security, citing plans to integrate the firm’s browser-native protection directly into its Falcon cybersecurity platform. CrowdStrike says it aims to eliminate security blind spots by securing the modern web browser, which it believes “has become the primary workspace for both human employees and AI agents”

By combining Seraphic’s technology with real-time telemetry and identity authorization, CrowdStrike says it can enforce Zero Trust policies within any browser session without forcing users into restrictive, specialized software. Ultimately, this integration will allow for the dynamic monitoring of data flows and the prevention of sophisticated threats, such as session hijacking and unauthorized data exfiltration, across both managed and personal devices.

A history of acquisitions

CrowdStrike is no stranger to the purchase of other firms, falling into the “serial acquirer” category populated by the likes of Google, Palo Alto Networks and others. Should both acquisitions close, Seraphic will be CrowdStrike’s 12th purchase since Payload Security in 2017, and starting in 2020 the firm has accelerated these activities. This has included buying Israeli cloud security startups Flow Security (estimated $200 million) and Adaptive Shield (estimated $300 million) in 2024, followed by Spanish telemetry pipeline management firm Onum (estimated $290 million) in 2025.

While the transaction values of the most recent deals have not been officially disclosed by CrowdStrike, it is being widely estimated that the Seraphic deal is worth $420 million and the SGNL deal $740 million should they close. This puts CrowdStrike’s spend on acquisitions at around $2 billion dollars since 2024 – a not insignificant number - but one dwarfed by the likes of Palo Alto Networks (purchasing CyberArk for $25 billion), Google (buying Wiz for $32 billion), and Cisco (acquiring Splunk for $28 billion). It seems odd that a spend of $2 billion is now seen as relatively modest, but the flow of capital offered by private equity and other investment - particularly where AI tools and technologies are involved - has accelerated since 2023. As if proof were needed, banking giant Goldman Sachs’ fourth quarter 2025 profits beat Wall Street expectations, with the bank saying it had advised on $1.48 trillion in total volume of deals and raking in $4.6 billion in fees during the year.

Success and scrutiny

As one of the industry’s “big boys”, CrowdStrike has a rich history of innovation and successful security protection of many thousands of customers – including government and public sector firms. Following its June 2019 IPO, total annual revenue grew significantly - from $481 million in FY 2020 to $3.95 billion in FY 2025. At the same time, the firm has seen some controversy: a significant outage in July 2024 was caused by a “defect found in a Falcon content update for Windows hosts” resulting in widespread disruption for healthcare providers, emergency service operations and banking systems worldwide. While not unique to CrowdStrike, such outages highlight the dependency we have on a handful of firms such as CrowdStrike to operate our critical infrastructure, and the vulnerabilities when something like this happens. The episode also prompted a renewed discussion in the wider industry around the importance of resiliency – a timely and important debate given the increase in external attacks on critical infrastructure in general.

The Gist

CrowdStrike’s intent to acquire Seraphic Security and SGNL goes some way to addressing the risks posed by an increasingly agentic workforce. These acquisitions will help the firm integrate enterprise browser protection with continuous identity authorization, the result being a more effective way to eliminate standing privileges across cloud and endpoint environments - if integrated well.

Global security service providers are racing to maintain their market lead since the advent of GenAI and the rapid increase in use of AI Agents by attackers and defenders alike. Acquisition has always been a key strategy for inorganic growth, but the accelerated nature of AI adoption means it has become essential for vendors to keep ahead of a threat actor’s ability to quickly generate and scale attacks using agents and advanced automation. Even those companies that focus on product and IP development – as opposed to managed services – find it essential to acquire point capabilities to add to their own platform’s offerings.

CrowdStrike’s success and its prominence as a leading global provider is a benefit as well as a challenge. High-profile public outages may affect share prices in the short-term, but long-term confidence is what markets and prospective customers alike seek in today’s uncertain world. Beefing-up its Falcon platform with additional functionality that addresses AI-specific vulnerabilities is a good move for CrowdStrike, but the integration will take time – assuming both acquisitions close. Given the pace of adoption and planned use of AI agents globally, we believe this is unlikely to be the last AI-related acquisition that the company makes this year…