Cisco has announced its intent to acquire Astrix Security, a startup focused on securing AI agents and non-human identities (NHIs), for an undisclosed sum. The acquisition underscores the networking giant’s commitment to addressing the rapidly growing security challenges posed by the proliferation of AI agents in enterprise environments. Astrix’s technology will be woven into Cisco’s existing identity and access management portfolio, including Cisco Identity Intelligence, Cisco Secure Access, and Duo Identity and Access Management.

The Growing Challenge of AI Agent and Non-Human Identity Security

As organizations accelerate their adoption of agentic AI — software agents that can autonomously perform tasks, make decisions, and interact with other systems — the attack surface expands dramatically. These agents rely on a complex web of non-human identities: API keys, service accounts, OAuth tokens, and machine-to-machine credentials. According to Astrix co-founders Alon Jackson and Idan Gour, such NHIs now outnumber human identities by a ratio of 100 to 1. Yet most security teams lack the visibility and control needed to govern these identities effectively. Traditional identity security tools were designed for human users, not for autonomous agents that can operate at machine speed and scale. As a result, misconfigured or compromised NHIs have become a prime vector for lateral movement, data exfiltration, and privilege escalation.

Cisco’s own AI Readiness Index, cited in the company’s acquisition announcement, reveals that only 24% of organizations can control agent actions with proper guardrails and live monitoring. Moreover, just 31% feel fully capable of securing their agentic AI systems. This gap highlights an urgent need for specialized security solutions that can discover, authenticate, authorize, and monitor the behavior of AI agents throughout their lifecycle.

What Astrix Brings to Cisco

Founded five years ago, Astrix Security has built a platform purpose-built for the unique requirements of securing non-human identities and AI agents. The company’s core capabilities include real-time inventory and discovery of every AI agent, MCP server (Model Context Protocol server), and NHI across an organization’s environment. This inventory is enriched with context — such as risk scores, business usage, and privilege levels — allowing security teams to prioritize threats and remediate hygiene issues.

Specifically, Astrix’s platform delivers three key functions:

• Discovery and governance for AI agents: It provides a comprehensive map of all agentic activity, enabling teams to enforce policies that reduce the attack surface, prevent compliance violations, and ensure that agents do not accumulate excessive privileges.
• Agentic access and lifecycle management: The platform manages AI agents and their associated NHIs from provisioning through decommissioning. This includes automating the rotation of credentials, revoking access when agents are retired, and maintaining least-privilege principles.
• Agentic threat detection and response: Astrix detects and responds to real-time threats such as compromised credentials, out-of-scope agent actions, anomalous API calls, and credential abuse. It can feed alerts into any SIEM system, including Splunk, for unified investigation and response.

Peter Bailey, senior vice president and general manager of Cisco’s security business, emphasized that these capabilities will help customers discover and secure every AI agent and NHI — including those with excessive privileges — enabling organizations to adopt AI securely and at scale. “The addition of Astrix Security brings deep capability to discover and secure every AI agent and non-human identity, including excessive privileges and real-time threats,” Bailey wrote in a blog post about the acquisition.

Integration into Cisco’s Security Portfolio

Cisco plans to embed Astrix’s technology into several of its flagship security products. First, it will become part of Cisco Identity Intelligence, strengthening the visibility and context across all identity types within the Cisco Security platform. Identity Intelligence already offers identity threat detection and response (ITDR) capabilities; adding Astrix will extend this coverage to AI agents and NHIs, which have historically been a blind spot.

Second, the technology will be integrated into Cisco’s zero-trust access portfolio, including Cisco Secure Access (a cloud-delivered security service edge solution) and Duo Identity and Access Management. This means that customers will be able to discover, authenticate, and authorize agentic identities directly within their access policies. When an AI agent attempts to access a resource, Cisco’s controls can enforce context-aware policies — just as they do for human users — and detect and respond to anomalies in agent behavior.

“Customers will be able to discover, authenticate, and authorize agentic identities, as well as detect and respond when they use Cisco Secure Access as well as Duo,” Bailey noted. “This visibility and intelligence also feeds into Splunk (or any SIEM), giving security teams a unified view of agent activity with the context needed to investigate and respond at machine speed.”

The Splunk integration is particularly strategic because it allows security operations centers to correlate agentic activity with other telemetry — such as network logs, endpoint events, and cloud infrastructure alerts — providing a holistic view of potential threats. While Splunk is Cisco’s own SIEM platform, Astrix’s platform is designed to be SIEM-agnostic, so organizations using other tools can also benefit.

The Broader Context: Cisco’s AI Security Strategy

The Astrix acquisition is the second AI-management-related deal Cisco has closed in a matter of weeks. In April 2026, the company announced plans to acquire Galileo Technologies, an AI observability firm whose platform provides real-time guardrails and monitoring for multi-agent systems. Galileo’s technology will strengthen Cisco’s Splunk observability portfolio, bringing improved AI agent monitoring capabilities and protection to the agent development lifecycle.

Together, these acquisitions signal Cisco’s intention to create a comprehensive security and observability framework for the age of agentic AI. On the one hand, Galileo addresses the development and runtime observability of AI agents — tracking their performance, accuracy, and potential drift. On the other hand, Astrix addresses the identity and access security of those same agents, ensuring that only authorized agents can act and that they do so within defined guardrails.

Industry analysts have long warned that the explosion of machine identities and AI agents will overwhelm traditional identity governance models. According to numerous reports, the number of non-human identities is expected to grow by hundreds of percent over the next few years, driven by the adoption of generative AI, robotic process automation, and cloud-native microservices architectures. Yet many organizations still treat these identities with the same policies and processes used for human users, leading to gaps in monitoring, credential rotation, and revocation.

Astrix’s co-founders, Jackson and Gour, stated in their own blog post that the company became the platform security teams turn to when they need to discover, govern, and protect every agentic and non-human identity across their environment — from provisioning to decommissioning, from policy enforcement to real-time threat detection. “Joining Cisco means Astrix now has the scale, the reach, and the platform to bring agentic and NHI security to organizations worldwide,” they wrote.

What This Means for Enterprises

For enterprises already invested in Cisco’s security ecosystem, the integration of Astrix promises to simplify the management of an increasingly complex identity landscape. Instead of deploying a separate, point solution for non-human identity security, customers will be able to access these capabilities natively within the tools they already use for network access, multi-factor authentication, and SIEM. This consolidation reduces operational overhead and improves detection efficacy by eliminating data silos.

Furthermore, as AI agents become more autonomous — executing transactions, handling customer interactions, and even managing other agents — the need for continuous validation of their identity and intentions becomes critical. A compromised agent could wreak havoc at machine speed before a human analyst could intervene. Astrix’s real-time threat detection capabilities are designed to spot such anomalies, such as an agent suddenly accessing databases it has never touched before, or using an expired credential that wasn’t rotated.

Cisco’s move also reflects a broader industry recognition that identity security must evolve beyond human-centric models. Gartner and other research firms have increasingly highlighted non-human identity security as a top priority for 2026 and beyond. By acquiring Astrix, Cisco is positioning itself to lead in this emerging category, competing with specialized startups and larger platform vendors alike.

While the acquisition price was not disclosed, the deal is expected to close in the coming months, subject to regulatory approvals. Once completed, Cisco will begin the integration work, with initial capabilities likely to appear in Cisco Identity Intelligence and Duo within the next year. Customers can expect to see unified dashboards that combine human and non-human identity risk scores, as well as policy templates designed specifically for AI agent governance.

Source: Network World News