Delinea buys StrongDM to tackle AI-driven access risk

Delinea has completed its acquisition of StrongDM, combining privileged access management with just-in-time authorisation for users and non-human identities across hybrid and cloud environments.

The deal pairs Delinea's privileged access tools with StrongDM's runtime authorisation, which evaluates access at the moment an action is requested. The companies position the combination as a response to the growing use of automation and agentic AI, which relies on machine identities that can act independently inside corporate systems.

Financial terms were not disclosed. Delinea described itself as an identity security provider with about $400 million in annual recurring revenue.

Shift in identities

Security teams have spent years tightening controls around workforce access, often relying on credentials and role-based access models. The growth of service accounts, bots, workloads and AI agents has introduced a different class of identity that can access systems frequently and across a wide range of tools.

These non-human identities often need privileged access to deploy software, manage cloud infrastructure, run database queries, or orchestrate workflows across CI/CD pipelines. Many organisations still rely on long-lived credentials for these processes, creating standing privilege that can increase the impact of a compromise.

Delinea and StrongDM say they are aligning their products around reducing standing privilege through time-bound, context-aware access. They refer to this as Zero Standing Privilege, closely related to Zero Trust approaches that emphasise continuous verification rather than one-time access decisions.

Product integration

StrongDM sells what it calls universal access management for engineering and DevOps teams, managing access across infrastructure, databases and cloud services. A key capability is just-in-time runtime authorisation, designed to verify whether a specific privileged action should be allowed when it is requested.

Delinea's platform focuses on privileged access management for administrators and machines. Together, the companies describe a unified control plane that evaluates privileged actions by both human and non-human identities across modern infrastructure.

Delinea says the platform is powered by Delinea Iris AI for real-time policy evaluation and governance. It also outlined expected product areas, including discovery and governance of privileged access across infrastructure, databases, containers and CI/CD pipelines. The company says minimising persistent credentials will reduce exposure to credential theft, phishing and software supply chain attacks.

Another focus is increased visibility and auditability, with centralised oversight of privileged actions taken by AI agents and other non-human identities, enforced through policy.

Executive view

Art Gilliland, Delinea's CEO, framed the acquisition around the risks of long-lived and embedded access in automated environments.

"Standing and hard-coded privileges remain one of the largest sources of risk in modern, AI-driven environments," Gilliland said. "Security teams have historically had to balance between strong identity governance policies and maintaining developer and operational speed. By bringing StrongDM's runtime authorization capabilities to the Delinea Platform, we're empowering rapid and secure AI adoption for our customers."

Industry analysts have increasingly focused on machine identity governance as organisations expand cloud usage and automate operations. Security leaders also face pressure to minimise friction in engineering workflows while maintaining tighter controls over sensitive systems and data.

"The rise of agentic AI and non-human identities is accelerating operational workflows to machine speed, exposing the limits of static privilege models," said Emanuel Figueroa, Senior Research Analyst at IDC. "By incorporating StrongDM's JIT runtime capabilities into the Delinea Platform, organizations can extend Zero Trust to the precise moment of action and advance toward ZSP across both traditional and cloud-native environments."

Customer perspective

Axos Financial said it uses Delinea for privileged access across traditional infrastructure and StrongDM for just-in-time access in modern database and cloud environments. Its Chief Information Security Officer linked the combination to governance and enforcement needs as AI projects expand.

Raghu Valipireddy, SVP and Chief Information Security Officer at Axos Financial, commented, "I'm genuinely excited about the possibilities of a unified platform. Delinea has done an excellent job securing privileged access across traditional infrastructure for nearly a decade at Axos, while StrongDM solved just‐in‐time access in innovative ways for modern database and cloud environments."

"When Delinea articulated a vision to bring these capabilities together, it immediately resonated with how we operate and where we're headed. The combined platform will significantly strengthen our security posture by enabling continuous discovery, governance, and real‐time enforcement of least‐privilege access across critical systems and data, which supports our AI initiatives and accelerates our move toward ZSP in alignment with business priorities."

Delinea said the combined offering will treat identity as a central control plane for modern security, evaluating privileged actions in real time across AI-driven environments.