Cisco has announced its intention to acquire Astrix Security, a startup specializing in securing AI agents and non-human identities (NHIs), for an undisclosed sum. The move underscores the networking giant's deepening commitment to the rapidly evolving field of agentic AI security, where machine-to-machine connections, API keys, service accounts, and OAuth tokens are becoming prime targets for cyber threats.
Astrix Security, founded five years ago, has built a platform that discovers, governs, and protects every AI agent and non-human identity across an organization's environment. According to Peter Bailey, senior vice president and general manager of Cisco's security business, the addition of Astrix brings deep capability to discover and secure every AI agent and NHI, including excessive privileges and real-time threats. This enables organizations to adopt AI securely and at scale.
Why Astrix Matters for Cisco's Security Portfolio
The acquisition directly addresses a critical blind spot in modern identity perimeters. As organizations race to deploy agentic technologies, the number of non-human identities often outstrips human users by a ratio of 100 to 1. These machine identities typically operate under the radar, lacking the oversight and governance applied to human accounts. Astrix provides real-time inventory of all AI agents, MCP servers, and NHIs, with rich context to understand risk and business usage.
Cisco plans to integrate Astrix's capabilities into its Cisco Identity Intelligence solution, strengthening visibility and context across all identity types within the Cisco Security platform. Additionally, the technology will extend into Cisco's zero trust access portfolio, including Cisco Secure Access and Duo Identity and Access Management. Customers will be able to discover, authenticate, and authorize agentic identities, as well as detect and respond to threats through these tools. The visibility and intelligence also feed into Splunk or any SIEM, giving security teams a unified view of agent activity with the context needed to investigate and respond at machine speed.
Key Features of Astrix Security
Astrix offers three core capabilities that will become part of Cisco's broader security suite:
- Discovery and governance for AI agents: Provides a map of the organization's agentic activity, enforces policies to resolve hygiene issues, reduces attack surfaces, and prevents compliance violations.
- Agentic access and lifecycle management: Manages AI agents and their NHIs from provisioning to decommissioning, ensuring that credentials are properly rotated and revoked when no longer needed.
- Agentic threat detection and response: Detects and responds to threats such as compromised credentials and out-of-scope agent actions, using behavioral analytics to identify anomalies.
These features are particularly important given the findings of Cisco's AI Readiness Index, which revealed that only 24% of organizations can control agent actions with proper guardrails and live monitoring, and just 31% feel fully capable of securing their agent AI systems. The widening gap between agent capabilities and security models has created urgent demand for solutions like Astrix.
Industry Trends and Competitive Landscape
The acquisition of Astrix is the second AI-management-related move by Cisco in recent weeks. In April, Cisco announced plans to acquire AI observability firm Galileo Technologies, whose platform provides real-time observability and guardrails for the development of multi-agent systems. Galileo's technology will strengthen Cisco's Splunk observability portfolio and bring improved AI agent monitoring capabilities.
These acquisitions position Cisco to compete more effectively against other major players in the identity and access management space. Competitors such as Microsoft, Okta, and Ping Identity have also been investing in NHI security, but Cisco's combination of networking, security, and observability portfolios gives it a unique advantage in providing end-to-end protection for agentic workloads.
The broader industry is witnessing a surge in machine identity management startups, driven by the explosion of APIs, microservices, and AI agents. According to industry analysts, the non-human identity security market is expected to grow significantly over the next few years as organizations seek to address the challenges of managing thousands or millions of machine credentials.
Background on Astrix Security
Astrix Security was co-founded by Alon Jackson and Idan Gour, who have deep expertise in identity security and cloud infrastructure. In a blog post about the acquisition, they noted that agents and other NHIs have created the biggest blind spot in identity perimeters. 'Astrix became the platform security teams turn to when they need to discover, govern, and protect every agentic and non-human identity across their environment, from provisioning to decommissioning, from policy enforcement to real-time threat detection,' they wrote.
The startup had raised venture capital from prominent investors and had gained traction with enterprises in finance, healthcare, and technology sectors. Its platform integrates with major cloud providers, identity providers, and DevOps tools to provide comprehensive coverage.
Implications for Cisco Customers
For existing Cisco customers, the integration of Astrix technology will simplify the task of managing AI agent security within their existing infrastructure. Organizations using Cisco Secure Access or Duo will gain native visibility into machine identities without needing additional agents or complex configurations. The ability to feed agent activity data into Splunk will also enhance security operations center workflows, enabling faster investigation and response.
Cisco's approach aligns with the zero trust principle of 'never trust, always verify,' extended to machine identities. By continuously verifying the legitimacy and authorization of every agent action, organizations can reduce the risk of lateral movement and data exfiltration caused by compromised NHIs.
The acquisition is expected to close in the coming months, subject to regulatory approvals. Financial terms were not disclosed, but industry experts estimate the deal could be worth several hundred million dollars given Astrix's growth trajectory and strategic importance.
As agentic AI becomes more pervasive across industries—from automated customer service to supply chain optimization—the need for robust security frameworks will only intensify. Cisco's double bet on Astrix and Galileo signals a clear intention to lead in this space, providing customers with the tools needed to harness AI's potential without compromising security.
Source: Network World News