The Non-Human Identity Consolidation

Between May 2024 and July 2026, the standalone non-human identity (NHI) market went through a roughly 24-month consolidation sprint. Every NHI point solution that reached meaningful scale was either acquired or, as of this writing, in acquisition talks — bought by PAM and IGA incumbents that lacked machine-identity depth, by security platforms racing to cover agentic-AI identities, and by a data-cloud vendor that needed a governance choke point for its own AI agents. This page tracks the seven deals that define the wave, what each acquired platform actually did and didn't do, and the capability gaps still open even after $2B+ combined in disclosed and reported deal value.

DATA AS OF 2026-07-17
THE DEALS

Seven companies, 24 months

Status is precise as of 2026-07-17. "Disclosed" prices come from a press release, 10-Q, or other primary filing; "reported" prices are third-party press estimates the acquirer has not confirmed.

DateTargetWhat it didAcquirerPriceStatus
2024-05 (closed 2024-10-01) Venafi Certificate & SSH key lifecycle automation CyberArk $1.54B (disclosed) CLOSED
2025-06 Otterize Kubernetes workload-to-workload access control Cyera $20M (reported; officially undisclosed) CLOSED
2026-01-08 (closed 2026-02-20) SGNL Real-time continuous-authorization enforcement layer CrowdStrike $740M (disclosed) CLOSED
2026-05 (signed 2026-05-24/27) Natoma MCP gateway for governing AI-agent tool calls Snowflake $110M (disclosed) SIGNED — PENDING CLOSE
2026-05-04 Astrix Security Discovery & risk-scoring of NHI and agentic credentials Cisco $400M (reported; officially undisclosed) CLOSED
2026-06-15 (closed 2026-06-29) Entro Security Secrets & token detection across dev pipelines SailPoint $200M (reported; officially undisclosed) CLOSED
2026-07 (talks reported) Oasis Security Full-lifecycle NHI & agentic access management Cyera (reported) $1B+ (reported talks; no deal signed) RUMORED — UNCONFIRMED
WHAT THESE PLATFORMS ACTUALLY DID

Seven platforms, seven different bets

Each of these companies picked a different slice of the non-human identity problem — certificates, Kubernetes workloads, runtime authorization, MCP traffic, discovery, secrets, or full lifecycle governance — and built deep, genuine capability in that slice. None of them, on their own, covered the whole problem.

VenafiCyberArk

CLOSED
Announced 2024-05-20·Closed 2024-10-01·$1.54B disclosed

What it did

Venafi (founded 1999) was the incumbent leader in certificate-based machine identity, built around Trust Protection Platform / TLS Protect: discovery and lifecycle automation for TLS/SSL certificates across on-prem, hybrid, and multi-cloud infrastructure, pulling inventory from cloud CA services and load balancers and automating the full request-issue-deploy-renew loop. Companion product SSH Protect extended the same policy engine to SSH key governance, and a code-signing module secured build pipelines. Later extensions (Firefly, cert-manager integration) pushed the model into Kubernetes and cloud-native workload identity, issuing short-lived certs to ephemeral workloads. This was genuine remediation infrastructure — automation was Venafi's core differentiator, not a read-only inventory dashboard.

What it didn't cover

Its scope was deliberately narrow to cryptographic machine identities — certificates, SSH keys, code-signing artifacts — not the broader NHI surface of API keys, service accounts, OAuth tokens, and secrets that vendors like Entro or Astrix govern. Ownership mapping (which human or team a given certificate belonged to) was historically weak — consistent with CyberArk shipping dedicated machine-identity "discovery and context" capabilities as late as October 2025, a year after close. Governance and certification workflows were not native to Venafi at all; CyberArk plugged that gap separately by acquiring Zilla Security in February 2025. Its identity model also predates agentic AI: Firefly addressed ephemeral workload identity but not session-based, intent-driven agent authorization the way SGNL or Oasis do. Deployments were enterprise-only, with no mid-market or SMB tier.

Why it happened, and after

CyberArk, a human-privileged-access (PAM) incumbent, needed machine-identity depth as NHI volume outpaced human identity counts; Venafi added roughly $150M ARR and was reportedly included in nine of CyberArk's top ten deals in Q1 FY2025. Integration has been staged, not instant — combining certificate lifecycle with CyberArk's Conjur secrets management was slated for 2025, with a fully unified human-and-machine platform targeted for 2026 and, per analysts, still underway. Palo Alto Networks then announced its own roughly $25B acquisition of CyberArk in 2025, meaning Venafi is set to be absorbed into a second, larger platform before its first integration is complete.

OtterizeCyera

CLOSED
Announced ~2026-06 (2025-06-26)·Price undisclosed · ~$20M reported

What it did

Otterize (founded 2022, ~$11.5M raised, open-source-rooted) automated workload-to-workload IAM inside Kubernetes and cloud-native environments using Intent-Based Access Control: each workload declares the calls it intends to make, and a Kubernetes operator translates that into enforcement — network policies, cloud IAM policies, Istio authorization, Kafka ACLs. To bootstrap intents without hand-authoring them, its network mapper passively sniffed pod-to-pod traffic (DNS, TCP, eBPF-based observation) to build a real who-calls-whom map. A credentials operator integrated with SPIFFE/SPIRE to issue short-lived, attested workload identities in place of static secrets, with automatic rotation — converting observed runtime behavior into enforced least-privilege policy, with credential issuance built in rather than bolted on.

What it didn't cover

Otterize was narrow by design: no ownership mapping back to the accountable human or team; solid create/rotate coverage for Kubernetes-native workload identity but no story for the far larger population of NHIs living outside a cluster — long-lived API keys, SaaS OAuth grants, CI/CD tokens; and no certification, attestation, or compliance-reporting layer at all. Where it stood out from most of the NHI cohort was remediation — it actually enforced least privilege rather than just surfacing a risk score, though scoped to what a Kubernetes/cloud-native operator could translate into policy. It predates the 2025-26 agentic-AI wave and wasn't built for autonomous agents, and its Kubernetes-centric surface skewed adoption toward technically sophisticated, infrastructure-fluent teams.

Why it happened, and after

Cyera, a data security posture management (DSPM) vendor whose core asset is knowing where sensitive data lives, used Otterize to extend that into which workloads can reach it and how — closing the loop from data discovery to runtime access control. The team joined Cyera's engineering org, following a similar pattern to Cyera's other 2025 Israeli tuck-ins. Otterize was Cyera's first NHI-specific acquisition; by mid-2026 Cyera was reportedly in advanced, unconfirmed talks to acquire Oasis Security for over $1B — suggesting Otterize was an opening move in a deliberate strategy to assemble NHI/agentic-access capability internally.

SGNLCrowdStrike

CLOSED
Announced 2026-01-08·Closed 2026-02-20·~$740M disclosed

What it did

SGNL was a runtime access-enforcement layer sitting between identity providers (Okta, Entra ID) and the resources they front. Three parts: an "Identity Data Fabric" ingesting identity, security, and business context in near real time; a policy engine letting admins write human-readable, attribute-based rules evaluated at the moment of each access request rather than at provisioning time; and a "CAEP Hub" implementing the OpenID Foundation's Continuous Access Evaluation Profile, an open standard for pushing security-event tokens between systems so access could be revoked or re-scoped within seconds. It eliminated standing privilege for human, non-human, and AI-agent identities alike — genuinely differentiated at the decide-right-now layer, and built on an actual open standard rather than a proprietary event bus.

What it didn't cover

SGNL enforced access to existing identities but did not create, rotate, or decommission them — no joiner-mover-leaver lifecycle. It had no discovery or inventory of NHIs and no certification or attestation workflow of its own; it assumed identities and context were already known and fed in by other systems. Its remediation was genuinely runtime-native (automatic access revocation, not a dashboard) but only for authorization — it did nothing for secrets hygiene, vaulting, or rotation. Its integrations (AWS, Entra ID, PAM tooling) presumed an existing complex identity stack, not a self-serve SMB product.

Why it happened, and after

CrowdStrike framed the deal around extending Falcon Next-Gen Identity Security's just-in-time access — previously scoped to Active Directory/Entra ID — to AWS IAM, Okta, and other cloud/SaaS systems, and wiring CAEP-driven enforcement into Falcon Fusion SOAR so revocation extends past the IdP into downstream apps. CrowdStrike's FY2026 Q1 10-Q (quarter ended 2026-04-30) reported total consideration of $627.9M cash net of acquired cash plus $9.2M in replacement equity awards, and confirmed the deal complete on its Q1 FY27 earnings call, where it described SGNL as "the identity control plane" paired with AI detection/response — integration proceeding as a Falcon-platform feature rather than a standalone product line.

NatomaSnowflake

SIGNED — PENDING CLOSE
Signed 2026-05-24·Announced 2026-05-27·~$110M disclosed

What it did

Natoma (founded 2024, ~$7M seed, ~20-27 employees) built an enterprise Model Context Protocol (MCP) gateway — a centralized control point mediating how AI agents and copilots connect to enterprise tools and data. It enforced identity verification, fine-grained authorization, and audit logging at the individual tool-call level: each time an agent invoked a tool, Natoma evaluated who or what was calling, what permissions it held, and whether that specific action was allowed. It shipped a library of 100+ prebuilt, verified MCP servers spanning SaaS, cloud, VPC, and on-prem systems, treating each agent-to-tool connection as a distinct non-human identity subject to policy — a purpose-built policy and enforcement plane for the MCP layer specifically, not a general NHI platform.

What it didn't cover

No public evidence of tying each MCP connection back to an accountable human owner in a broader identity graph. It enforced authorization at call time but showed no public capability for credential rotation, vaulting, or systematic decommissioning — a runtime gateway, not a credential lifecycle manager. No periodic access-certification workflows; materials describe real-time enforcement and audit trails, not attestation campaigns. Its scope was MCP-mediated traffic only, not agents calling non-MCP APIs directly or classic service accounts/API keys/certs. Market reach was minimal — a pre-scale, single-digit-million-raised startup with no evidence of enterprise-scale deployment beyond early design partners.

Why it happened, and after

Snowflake framed this as extending its "agentic control plane" — as Cortex Agents, Snowflake Intelligence, and Cortex Code move from analytics into autonomous action on systems like Slack, email, CRM, and Jira, it needed a governance choke point for what those agents can touch, and buying MCP-native identity/policy tooling was faster than building it. Unlike the PAM/IGA/security-platform buyers elsewhere in this wave, Snowflake's core business is data, not identity, making it the most adjacent buyer in the cohort. The deal's total consideration (mostly Snowflake stock, roughly 30% subject to post-combination vesting, remainder cash) appeared in Snowflake's Q1 FY2027 10-Q, which guided to a June 2026 close — but as of 2026-07-17 no closing has been publicly confirmed by a press release, 8-K, or trade coverage, and Natoma's own site still describes a signed "definitive agreement" rather than a completed transaction. The accurate status is signed and awaiting confirmed close.

Astrix SecurityCisco

CLOSED
Announced 2026-05-04·Closed shortly after·~$400M reported

What it did

Astrix (founded 2021, ~$85M raised) ran an agentless, API-based discovery engine connecting to cloud (AWS, GCP, Azure), SaaS (Slack, Salesforce, Jira, M365, Google Workspace, Okta), CI/CD, secret vaults, and increasingly AI platforms (OpenAI, Claude, Databricks, Cursor) to build a continuous inventory of service accounts, OAuth apps, API keys, SSH keys, IAM roles, and AI-agent/MCP-server credentials. On top of that it layered risk scoring — over-privilege, staleness, weak auth, anomalous behavior — threat/IOC detection for compromised NHI credentials, and an "Agent Control Plane" aimed specifically at scoping and monitoring autonomous AI-agent access. It was genuinely strong at fast, low-friction discovery of a blind spot legacy IAM/PAM tools never modeled, with early, credible coverage of agentic-AI identities specifically.

What it didn't cover

Astrix's marketing describes governance and "provisioning to decommissioning" lifecycle management, but independent signal was thin — Gartner Peer Insights showed only four verified reviews three years into the market, too small a sample to validate depth claims. Structurally: Astrix sits on top of identity providers, cloud IAM, and secret vaults rather than issuing or owning NHI credentials itself, so rotation/decommission automation is as fragmented as the app-by-app secret formats it touches — there's no SCIM-equivalent standard for machine credential lifecycle. It has no native human-identity/IGA engine of its own, so joint human-and-non-human governance under one policy and certification workflow doesn't exist inside Astrix — precisely why Cisco is wiring it into Identity Intelligence and Duo rather than treating it as already unified. Go-to-market points to an enterprise-only motion, with no self-serve or mid-market/SMB tier.

Why it happened, and after

Cisco's stated rationale was extending Zero Trust to agentic identities — a category "most enterprise security programs have not yet addressed" — by folding Astrix into Cisco Identity Intelligence, Secure Access, and Duo, with NHI/agent telemetry feeding Splunk and compatible SIEMs for unified human-and-machine detection and response. This mirrors the CrowdStrike/SGNL and Snowflake/Natoma pattern: an infrastructure/security incumbent buying discovery-and-context for AI-agent identities rather than building it, using an existing SIEM/XDR asset — Splunk, in Cisco's case — as the analytics backbone the acquired company itself lacked.

Entro SecuritySailPoint

CLOSED
Intent announced 2026-06-15·Closed 2026-06-29·~$200M reported

What it did

Entro's core product, marketed as NHIDR (Non-Human Identity Detection & Response), discovered and contextualized secrets, tokens, service accounts, and certificates across roughly 70 enterprise sources — CI/CD pipelines, codebases, container registries, cloud, SaaS, and vaults — recognizing over 1,200 distinct credential and secret types via regex matching plus AI-powered detection. On top of discovery it built a behavioral baseline for each NHI and AI agent, flagged deviations, and used LLM-driven analysis to add context (ownership, purpose, recent activity) and cut false positives. Its most current-edge capability was real-time interception of AI-agent tool calls — a runtime guardrail against malicious or anomalous agent actions, not just a static inventory — and it tied each NHI/agent to a human owner while automating rotation and decommissioning triggers.

What it didn't cover

Entro's human-owner attribution was an inference layer bolted onto whatever HR/IdP data it could pull in, not a native, bidirectional system of record. It automated rotation and decommission triggers but didn't provision or create NHIs in the first place, and had no native machine-JML workflow tied to change management. Most notably, Entro shipped an agentic governance and administration policy layer but not the enterprise IGA machinery — recurring access-certification campaigns, separation-of-duties analysis, audit-ready compliance reporting — spanning the full human-plus-non-human estate. Market reach was the plainest gap: a ~$24M-raised, 2022-founded startup with a narrow enterprise install base next to SailPoint's large existing IGA customer footprint.

Why it happened, and after

SailPoint (re-IPO'd in 2025 at $11.5B+) needed developer/SDLC-layer secrets and NHI depth to close what it calls an "AI governance gap" and unify human and non-human identity under its "Agentic Fabric." The logic is explicit: an IGA vendor buying an NHI-detection vendor to feed Entro's raw credential and lineage telemetry into SailPoint's existing certification and identity-graph engine — closing SailPoint's own governance gap rather than Entro's. At close, SailPoint said Entro's NHI/credentials tools were available to customers "as standalone offerings," with native platform integration explicitly ongoing — the deep fusion into IdentityNow's certification workflows was not finished at close. Entro's co-founders joined SailPoint's technology organization to lead that integration work.

Oasis SecurityCyera (reported)

RUMORED — UNCONFIRMED
Talks reported early July 2026·No deal signed as of 2026-07-17·$1B+ reported

What it does

Oasis builds what it calls "Non-Human Identity Management" evolving into "Agentic Access Management" — arguably the most complete NHI point solution on the market, covering the full identity-type surface (service accounts, service principals, managed/workload identities, OAuth apps, API keys, RPA credentials, and AI agents) across hybrid cloud and SaaS. It auto-discovers NHIs across cloud/IdP/vault integrations, uses AI and heuristics to infer and assign a human owner and escalation path to each one, and runs a full lifecycle — provision, certify, rotate, monitor, decommission. Its ITDR module ("Scout," with "AuthPrint" behavioral fingerprinting) does runtime anomaly detection for credential misuse. For agentic AI specifically, its "Agentic Access Management" issues just-in-time, ephemeral session credentials per agent action with no standing secrets, infers intent from the agent's actions, and enforces deterministic policy with human-in-the-loop escalation — a materially more built-out AI-agent story than most of this cohort.

What it doesn't cover

Oasis is NHI-only: it maps non-human identities to human owners but doesn't manage human identity lifecycle, SSO, or directory itself, so it sits alongside an IdP/IGA stack rather than unifying human and non-human identity into one governed graph. Its creation-time governance is weaker than its runtime governance — it doesn't sit in the developer/IaC pipeline (Terraform, CI/CD, code) the way SDLC-native players like Entro or GitGuardian do, so it's better at cataloging sprawl than preventing it at the point of creation. Notably, unlike most of this cohort, Oasis does cover access reviews and certification (attestation workflows, compliance dashboards for PCI DSS/SOC 2/GDPR) and does go beyond visibility into automated remediation — lumping it in with "discovery-only" NHI vendors understates it. Its clearest real limitation is market reach: reported AWS Marketplace pricing (entry around $50K/year, enterprise deals $150K-$1M+) points to an exclusively large-enterprise, Fortune-500-weighted customer base with no mid-market or SMB motion.

Why a buyer might want it

Cyera is a data security posture management (DSPM) company whose core value is knowing where sensitive data lives and how exposed it is. Oasis would be Cyera's second NHI-focused acquisition after Otterize (2025) and by far its largest, extending Cyera from "where is sensitive data" to "which non-human and agentic identities can reach it and under what policy." At a reported $1B+ for a company that raised $195M total, the figure — if a deal materializes — would signal that acquirers are pricing NHI/agentic-identity governance as full platform infrastructure rather than a bolt-on feature. As of 2026-07-17, Israeli business press (Calcalist, Globes, Ynet) describes "advanced talks" valuing a potential deal at over $1B, funded partly by Cyera's recent $600M Series G, but neither company has issued a formal announcement — treat the acquirer's identity, valuation, and even the deal's existence as unconfirmed until a press release or filing lands.

SYNTHESIS

The full equation

Reading across all seven platforms, the same six capability gaps recur — no single acquired company closed all of them, including Oasis, the broadest of the cohort. This is the equation acquirers are assembling piece by piece through M&A rather than building from scratch.

01
Human-owner mapping

Tying every service account, API key, and agent connection back to an accountable human or team, in a bidirectional system of record rather than a best-effort inference layer.

02
Machine JML lifecycle

Not just detecting or rotating credentials after the fact, but provisioning, changing, and decommissioning non-human identities on the same joiner-mover-leaver discipline applied to humans.

03
Governance spanning humans and machines

One certification and access-review engine — recurring attestation campaigns, separation-of-duties analysis, audit-ready compliance reporting — covering the human and non-human estate together, not two parallel systems.

04
Remediation, not just dashboards

Actually revoking, rotating, or scoping access in response to risk, rather than surfacing a risk score and leaving enforcement to someone else's workflow.

05
Agentic-AI identities

Treating an AI agent's tool calls as a distinct, ephemeral, intent-bearing identity class — not a service account with a different label — as agentic AI expands the attack surface faster than any prior NHI category.

06
Mid-market accessibility

Pricing and deployment complexity that works below the Fortune 500 — every platform in this wave, without exception, sold almost exclusively to large enterprise.

No acquired company shipped all six. Venafi and Otterize were remediation-strong but governance-thin. SGNL and Natoma enforced access brilliantly but owned no lifecycle or discovery layer underneath. Astrix and Entro discovered and detected deeply but depended on someone else's IGA engine to turn that into certification and compliance. Oasis comes closest — genuine lifecycle, genuine governance, genuine agentic coverage — but even it doesn't unify human and non-human identity in one graph, doesn't sit in the developer pipeline where NHIs are created, and has no path below enterprise pricing.

That gap pattern is the throughline of the whole wave: legacy IAM, PAM, IGA, and DSPM platforms were built around long-lived human credentials and had no native way to discover, right-size, rotate, or revoke short-lived machine and AI-agent credentials at the pace agentic AI now requires. Building that capability from scratch — discovery, lifecycle, governance, remediation, agent-native modeling, and doing it affordably outside the enterprise tier — is a multi-year effort spanning several genuinely different engineering problems (cryptographic protocol handling, runtime traffic analysis, policy engines, LLM-based behavioral detection). Buying a team that already solved one slice was faster than building all six, which is why six of seven deals in this wave were acquisitions by larger platforms rather than organic feature launches, and why the one repeat acquirer (Cyera) is using its own war chest to assemble the pieces itself rather than wait to be acquired.

NOT YET ACQUIRED

Still independent, as of 2026-07-17

Several well-funded NHI vendors have not been acquired. Their continued independence is one reason to read this consolidation wave as early-to-middle innings rather than finished.

Token Security

Machine-first, AI-native platform securing service accounts, API tokens, and AI agents across legacy and cloud applications.

Founded 2023 (Tel Aviv). ~$27M raised ($20M Series A, Jan 2025, Notable Capital).

Clutch Security

Universal NHI security platform providing a unified inventory and control layer for API keys, tokens, certificates, and secrets.

Founded 2023 (Tel Aviv). $28.5M raised ($20M Series A, Jan 2025, SignalFire).

Aembit

Secretless, policy-based workload identity and access management — just-in-time access between non-human workloads without static credentials.

Founded 2021. ~$59.6M raised ($25M Series A, Sept 2024, CrowdStrike Falcon Fund + Okta Ventures).

P0 Security

Unified cloud IGA + PAM platform for least-privilege, agentless, auditable access across human, workload, and agentic identities.

Founded 2022. $20M raised ($15M Series A, Sept 2024, SYN Ventures).

Corsha

Machine Identity Provider purpose-built for operational technology and critical infrastructure — MFA-style identity for machine-to-machine API traffic.

$18M Series A-1 (April 2025); won a $50M DLA contract in 2025.

SlashID

Composable identity platform offering an identity-aware traffic authorizer for APIs and workloads at the network edge, alongside human authentication.

Founded 2022 (Chicago). ~$8.8M seed (2022) — smaller/earlier-stage than the Israeli NHI cohort.

GitGuardian

Secrets detection and NHI governance: scans code, CI/CD, and container registries for 450+ types of exposed credentials.

Founded 2017 (Paris). $106M raised; $13.2M reported 2024 revenue.

Akeyless

SaaS-based secrets orchestration, key management, and data protection positioned as an alternative to HashiCorp Vault.

Founded 2018. $80M raised. Positioned as the independent alternative after IBM's ~$6.4B HashiCorp acquisition (closed Feb 2025).

Britive

Just-in-time, multi-cloud privilege management — dynamically provisions and revokes cloud entitlements for human and machine identities.

Founded 2018 (Glendale, CA). ~$36M raised, Series B. Positioned as the independent successor to Microsoft-acquired CloudKnox.

Every completed deal in this wave was a strategic tuck-in by a larger identity, security, or data platform, not a private-equity rollup: legacy PAM/IGA incumbents (CyberArk/Venafi, SailPoint/Entro) bought certificate- and secrets-layer depth they lacked; a security platform giant (Cisco/Astrix) and an EDR/identity giant (CrowdStrike/SGNL) bought discovery-and-runtime-authorization capability to extend into agentic AI; and a data/cloud platform (Snowflake/Natoma) bought an MCP governance gateway to control what AI agents can touch. Cyera is the outlier pattern to watch — it has used its own capital ($400M and $600M raises) to acquire NHI point solutions directly (Otterize closed 2025, Oasis rumored at $1B+ in 2026), assembling NHI capability inside a DSPM platform rather than waiting to be acquired itself. The common thread across all seven deals is the same capability gap: legacy platforms built around long-lived human credentials had no native way to discover, right-size, or revoke short-lived machine and AI-agent credentials, and buying was faster than building as agentic AI made the gap urgent. The list of well-funded independents above suggests the wave is still in its early-to-middle innings, not complete.

SOURCES

Primary and press sources

Consolidated across all seven deals. Press-reported prices are flagged as such in the timeline table above and are not independently confirmed by the acquirer.

  1. CyberArk — "CyberArk Signs Definitive Agreement to Acquire Machine Identity Management Leader Venafi from Thoma Bravo" — cyberark.com
  2. CyberArk — "CyberArk Completes Acquisition of Machine Identity Management Leader Venafi" — cyberark.com
  3. TechCrunch — "CyberArk snaps up Venafi for $1.54B to ramp up in machine-to-machine security" — techcrunch.com
  4. BankInfoSecurity — "CyberArk to Secure Machine Identities: $1.54B Venafi Buy" — bankinfosecurity.com
  5. Cyera — "Cyera Acquires Otterize, a Platform for Securing Cloud-Native Non-Human Identities and Data Flows" — cyera.com
  6. Calcalist — Otterize/Cyera acquisition coverage — calcalistech.com
  7. SecurityWeek — "Cybersecurity M&A Roundup: 41 Deals Announced in June 2025" — securityweek.com
  8. CrowdStrike — "CrowdStrike to Acquire SGNL to Transform Identity Security for the AI Era" — crowdstrike.com
  9. CNBC — "CrowdStrike AI cybersecurity SGNL acquisition" — cnbc.com
  10. The Register — "CrowdStrike's $740M SGNL deal proves..." — theregister.com
  11. Snowflake — "Snowflake Announces Intent to Acquire Natoma, Providing Secure Connectivity for the Agentic Enterprise" — snowflake.com
  12. CIO.com — "Snowflake to acquire MCP-focused Natoma to boost governance for AI agents" — cio.com
  13. Pulse2 — "Snowflake $6 Billion AWS Commitment and Natoma Acquisition Advance Secure Enterprise Agentic AI Strategy" — pulse2.com
  14. Cisco — "Cisco Announces Intent to Acquire Astrix Security" — blogs.cisco.com
  15. Calcalist — Astrix/Cisco acquisition coverage — calcalistech.com
  16. SecurityWeek — "Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks" — securityweek.com
  17. MarketScreener — "Cisco Systems, Inc. completed the acquisition of Astrix Security Ltd" — marketscreener.com
  18. SailPoint — "SailPoint Closes Entro Security Acquisition" — sailpoint.com
  19. GlobeNewswire — "SailPoint Completes Acquisition of Entro Security to Secure Agentic Identities" — globenewswire.com
  20. Calcalist — Entro/SailPoint acquisition coverage — calcalistech.com
  21. SecurityWeek — "SailPoint to Acquire Entro in Reported $200 Million Deal" — securityweek.com
  22. Calcalist — Cyera/Oasis talks coverage — calcalistech.com
  23. Globes — "Cyera in advanced talks to buy Oasis Security for $1b" — en.globes.co.il
  24. Ynet — Cyera/Oasis talks coverage — ynetnews.com

SGNL's 2026-02-20 close date and consideration breakdown are drawn from CrowdStrike's FY2026 Q1 10-Q and Q1 FY27 earnings call commentary rather than a dedicated closing press release. Natoma's pending-close status reflects the absence of any closing announcement, 8-K, or trade coverage as of 2026-07-17, despite Snowflake's Q1 FY2027 10-Q guiding to a June 2026 close.