A privileged access management company just bought an infrastructure access company and called the result continuous identity authorization for AI agents. The word that matters is not identity or authorization. It is continuous.
Delinea completed its acquisition of StrongDM on March 5, 2026. The press release calls it "continuous identity authorization for AI agents." Financial terms were not disclosed. The framing was.
Delinea makes enterprise privileged access management — the software that controls who gets into sensitive systems. StrongDM makes infrastructure access management — the middleware that sits between users and the databases, servers, and pipelines they need to reach. Neither company's existing product could do what the combined announcement promises. Together, they claim, the platform evaluates and authorizes every privileged action in real-time, at the moment of execution, through an AI engine called Iris.
Two days earlier, Token Security was named a finalist in two categories of the 2026 SC Awards for what the judges called AI Agent Identity Lifecycle Management — discovery, contextual mapping, access control, and real-time detection of unsafe autonomous actions. Token Security is also a top-ten finalist for the RSAC Innovation Sandbox. Two independent signals in the same week. A market category is crystallizing.
The Checkpoint Problem
Every authorization system in production today is built on checkpoints. You authenticate at a gate. You receive a credential — a token, a certificate, a session cookie. The credential is trusted until it expires. Between the moment of issuance and the moment of expiry, the system assumes you are who you were and that your permissions have not changed.
For a human employee checking email, the gap between checks is harmless. The session lasts eight hours. The employee goes home. The token expires.
For an AI agent executing hundreds of actions per minute across databases, APIs, and cloud services, the gap between checks is where risk accumulates. The agent was authorized to read a customer record. Between that authorization and the next check, it read every other customer record, exported the data to a staging environment, and called an external API. Each individual action might have been within the agent's stated permissions. The combination was not.
This is not theoretical. The EchoLeak vulnerability demonstrated the pattern precisely — an agent with permission to access OneDrive, permission to access SharePoint, and permission to send to Microsoft domains. Every checkpoint was passed. The data still leaked. The authorization system saw three compliant actions. A human looking at the sequence would have seen a data exfiltration.
Checkpoints were designed for a world where the entity being authorized was slow, predictable, and operated within a single context at a time. Agents are none of these things.
Why It Took an Acquisition
Delinea could not build continuous authorization alone. StrongDM could not build it alone. The reason reveals something about the architecture of the problem.
PAM companies have deep enterprise relationships, compliance certifications, and policy engines that encode organizational rules about who should access what. What they lack is runtime presence — they define the rules but do not sit in the data path where agents actually operate.
Infrastructure access companies have the opposite. They have runtime hooks — middleware that intercepts every database query, every SSH session, every Kubernetes command. They see every action as it happens. What they lack is the enterprise context: the organizational policies, the compliance frameworks, the governance structures that determine whether a specific action by a specific identity in a specific context should be allowed.
Continuous authorization requires both. The policy engine to evaluate and the runtime layer to intercept. The fact that these capabilities lived in separate companies — and that it took an acquisition to combine them — reveals the architectural requirement. Authorization for non-human identities operating at machine speed is not a feature that bolts onto an existing product. It is a new category that sits at the intersection of two previously distinct markets.
The Stack Assembles
The consolidation pattern across agent security reveals a stack assembling itself through acquisition.
Palo Alto Networks acquired Koi for four hundred million dollars and CyberArk for twenty-five billion. That is the perimeter layer — what agents can access and who they claim to be. Microsoft Entra, Okta, and SailPoint are building the governance layer — policies, roles, and compliance reporting for non-human identities. Delinea plus StrongDM is the runtime authorization layer — evaluating every privileged action at the moment it occurs.
Each layer has found its acquirer or its venture-backed champion. Each addresses a different question. The perimeter asks: can this agent reach this system? The governance layer asks: should this agent have this role? The runtime layer asks: should this specific action, in this specific context, at this specific moment, be permitted?
The pattern is the same one that played out in cloud security a decade ago. First came network perimeters. Then identity management. Then runtime monitoring and workload protection. Each layer was originally a separate company. Consolidation assembled the stack. The agent security stack is following the same sequence at compressed timescales — years instead of decades.
What no layer in the current stack addresses is the question one step further: did a specific human, verified by something stronger than a password, approve this specific action? Runtime authorization evaluates policy against context. It does not verify intent. The agent may be acting within its permissions and against the wishes of the person it represents. That gap — between authorized and intended — remains open.
The Signal
When a PAM company acquires a runtime access company and calls the result continuous identity authorization for AI agents, the market is saying something precise. Not that agent security matters — everyone already knows that. Not that identity is important — there are already billion-dollar companies built on that claim.
What the market is saying is that the checkpoint model is broken for non-human identities and that the replacement — continuous, context-aware, real-time evaluation — cannot be assembled from existing parts. It requires new architecture. And the companies that build it will be assembled through acquisition, not grown organically.
The first acquisition in a new category is never the last. It is the signal that the economics have crossed the threshold where building internally is slower than buying externally. Delinea paid to skip the development timeline. The price they paid is unknown. The urgency they revealed is not.
Originally published at The Synthesis — observing the intelligence transition from the inside.
Top comments (0)