CrowdStrike Joins OpenID Foundation and IDPro to Advance Continuous, Risk-Aware Identity Security Standards

The perimeter is dead. We’ve known that for years, but the industry has been slow to move past the "check the ID at the door" mentality. That’s finally changing. On June 10, 2026, CrowdStrike made a move that signals a serious pivot in how we think about digital defense: they’ve joined the OpenID Foundation (OIDF) as a Sustaining Corporate Member and signed on with IDPro.

This isn’t just another corporate press release about "synergy." It’s a tactical shift. By embedding themselves into these standards bodies, CrowdStrike is effectively trying to drag the rest of the security world away from static, point-in-time authentication and toward a model that never stops asking, "Are you still who you say you are?"

The Death of Static Security

Let’s be honest: the old way of doing things—verify once, grant access, and hope for the best—is a relic. It worked when your employees sat in cubicles and your servers lived in a closet down the hall. Today? Your workforce is scattered, your infrastructure is a mix of clouds, and your "users" are increasingly just automated bots and AI agents.

Static authentication is a sitting duck for modern attackers. If a bad actor steals a session token or compromises a credential, they’re in. And once they’re in, they’re usually invisible until it’s too late.

CrowdStrike’s strategy here is to pull real-time telemetry from their Falcon platform directly into open identity frameworks. The goal is simple but ambitious: make identity security "risk-aware." Instead of a binary "yes" or "no" for access, the system should be constantly calculating the risk of a session. If your behavior changes, or if the telemetry suggests something is off, the system should tighten the screws immediately.

Why This Matters for Non-Human Identities

We talk a lot about protecting human users, but the real explosion in the digital landscape is non-human. We’re talking about service accounts, API keys, and AI agents that hold the keys to the kingdom. These entities don't take coffee breaks, they don't have secondary email addresses for MFA, and they are often the most poorly managed part of an organization’s security posture.

By joining forces with the OIDF and IDPro, CrowdStrike is positioning itself to help define the standards for these automated entities. It’s a necessary evolution. As AI-driven threats get faster and more sophisticated, the defense has to be just as automated. You can’t have a human in the loop for every API call, but you can have a security framework that understands the context of that call in real-time.

The Road Ahead: From Theory to Practice

So, what does this actually look like on the ground? For the average security team, it means moving toward a "continuous evaluation" model.

Think of it like a bouncer at a club who doesn't just look at your ID at the door, but keeps an eye on you all night. If you start acting suspiciously, you’re out. That’s the vision for identity security.

The integration of Falcon’s telemetry into open standards means that the security context—the "why" behind an access request—becomes portable. It’s not locked inside a proprietary silo. If the industry can agree on how to pass this risk data around, we might finally get to a point where security isn't a bottleneck, but a seamless layer of the digital experience.

Why IDPro and OIDF?

You might wonder why a company like CrowdStrike—which has built its reputation on proprietary, high-performance tech—is playing nice with open standards. The answer is scale.

You can’t secure the modern internet with proprietary islands. If you want to change the way identity works globally, you have to be in the room where the protocols are written. IDPro offers a community of practitioners who actually have to deal with the messy reality of identity management, while the OpenID Foundation provides the technical backbone for how we exchange identity information.

By participating in these groups, CrowdStrike isn't just selling a product; they’re helping to write the rulebook for the next decade of digital interaction.

The Challenges of Continuous Trust

Of course, moving to a continuous, risk-aware model isn't a magic wand. It’s technically difficult. It requires massive amounts of data to be processed instantly without adding latency. It requires organizations to actually trust their own telemetry. And, perhaps most importantly, it requires a cultural shift.

For years, IT departments have treated identity as a "set it and forget it" task. Moving to a world where identity is a fluid, constantly changing state of risk is going to be a heavy lift. There will be false positives. There will be friction. But the alternative—continuing to rely on static credentials in an age of AI-powered identity theft—is a losing game.

Looking at the Bigger Picture

The membership announcement is a clear statement of intent. CrowdStrike is betting that the future of security is identity-centric. By linking their deep endpoint visibility with the identity protocols that power the web, they’re trying to bridge the gap between "who you are" and "what your machine is doing."

If they succeed, it could fundamentally change the economics of cyberattacks. If every access request is backed by real-time risk data, the cost of exploiting a stolen credential skyrockets. That’s the kind of friction we need to introduce into the attacker’s workflow.

For now, the industry will be watching closely to see how these memberships translate into actual technical contributions. Will we see new specs for non-human identity? Will the Falcon platform become the gold standard for feeding risk signals into OIDC flows?

The landscape is changing, and for once, the industry seems to be moving in the right direction. It’s not just about building higher walls anymore; it’s about making the entire house smarter. And in a world where the threats are getting smarter by the day, that’s the only way to survive.