SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
International Women’s Day
385 opinions Read now

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Business pro using fingerprint phone shield biometric mfa secure
#
PAM
#
MFA
#
Cloud Security

CrowdStrike unveils FalconID to combat AI-driven phishing

Mon, 2nd Mar 2026
Author image
By Sean Mitchell, Publisher

CrowdStrike has released FalconID, a multi-factor authentication product positioned as phishing-resistant and built to counter identity-based attacks that rely on social engineering and credential theft.

FalconID is generally available as part of the Falcon platform. CrowdStrike describes it as "zero-friction" MFA that uses real-time risk signals during authentication.

Identity has become a primary route into corporate systems as attackers target logins rather than infrastructure. Security teams have reported rising levels of phishing and credential abuse in recent years. Attackers have also shifted to techniques that work around common MFA deployments, including push-notification bombing, adversary-in-the-middle phishing and session hijacking.

CrowdStrike links this shift to broader attacker use of AI, arguing that more convincing phishing lures and social engineering messages have lowered the barrier to entry and increased the pace of campaigns.

MFA Pressure

The announcement addresses a long-running tension in access security. MFA can reduce account takeovers, but poor user experience can limit adoption. Some organisations scale back prompts on low-risk systems or weaken enforcement after complaints about repeated challenges and sign-in delays.

CrowdStrike argues that traditional MFA is "architecturally broken" because it lacks real-time context and can be bypassed.

"Traditional MFA is architecturally broken. Disconnected from real-time risk signals, it's blind to emerging threats, susceptible to MFA bypass attacks, and creates unnecessary friction," said Elia Zaitsev, chief technology officer at CrowdStrike.

How It Works

FalconID is delivered through the Falcon for Mobile app and integrates with the Falcon sensor, the company's endpoint agent. It evaluates risk signals from across the Falcon platform-identity, endpoint, device and behaviour-during sign-in.

The goal is to make authentication less intrusive when risk is low and more restrictive as risk increases. CrowdStrike frames this as continuous, risk-aware authorisation rather than a one-time access check.

For verification, FalconID uses FIDO2-based biometric authentication and relies on verified physical proximity between a mobile device and the device used for sign-in, such as a laptop or workstation. CrowdStrike says this removes the need for passwords, push notifications and one-time passcodes.

CrowdStrike also says FalconID reduces reliance on redirects and third-party integrations that can introduce gaps, positioning the architecture as built directly into its own tooling rather than added as a bolt-on layer.

Broader Portfolio

FalconID sits within CrowdStrike's Next-Gen Identity Security line. The company says it covers the "full hybrid identity lifecycle" for human users, non-human identities and AI agent identities. Areas in scope include initial access, privileged access, identity threat detection and response, and SaaS identity security.

CrowdStrike ties its identity roadmap to its acquisitions of SGNL and Seraphic. It says SGNL supports continuous access enforcement using the Continuous Access Evaluation Protocol, while Seraphic extends identity controls into browser sessions-reflecting the growing role of the browser as a workspace for SaaS applications and administrative consoles.

In its product description, CrowdStrike says FalconID provides passwordless browser authentication through Seraphic and that enforcement integrates with Falcon Fusion SOAR, its security orchestration and automation product.

Market Context

The MFA market has shifted over the past decade from tokens and SMS codes to app-based prompts and, more recently, to FIDO2 and passkeys. Security agencies and incident response teams have increasingly warned against SMS-based MFA because of SIM-swapping and interception risks. At the same time, attackers have refined real-time phishing kits that can capture credentials and session cookies, defeating MFA methods that rely on codes or push approvals.

According to CrowdStrike's description, FalconID targets those weaknesses by binding authentication to a device and using biometric checks on the user's mobile device. Using platform risk signals also aligns the product with a broader industry move toward adaptive access controls that adjust based on device health, location, behaviour and threat intelligence.

"FalconID accelerates CrowdStrike's identity security transformation, moving organisations beyond isolated, static access controls to continuous, risk-aware protection that stops breaches without slowing the business," Zaitsev said.

Related stories
Terra Security gains first AWS nod for AI threat tests
Dell email mixes payment-style header with promos
Misconfigured Microsoft 365 leaves big firms exposed
Private equity warned over fragile AI foundations
A resilient security culture is built in the flow of work, not the classroom

Top stories

Sama credential leaks raise fears over Meta glasses data
Hexnode debuts device-aware IdP to fuse identity & UEM
Tufin unveils AI assistants & executive security hub
Endor Labs launches AURI to secure AI-driven coding
ShinyHunters claims Woflow breach in supply chain hack