Cisco this week announced its intent to acquire Astrix Security, a startup focused on securing AI agents and non-human identities (NHIs), for an undisclosed sum. The deal is the second AI-related acquisition by Cisco in a month, following the April announcement to acquire AI observability firm Galileo Technologies. The move signals Cisco's growing urgency to address the security challenges posed by the rapid proliferation of AI agents, which use non-human credentials such as API keys, OAuth tokens, and service accounts to execute tasks at scale.
Astrix Security, founded five years ago, has built a platform that discovers, governs, and protects AI agents and other NHIs across an organization's environment. According to Peter Bailey, senior vice president and general manager of Cisco's security business, the technology will be integrated into Cisco Identity Intelligence and extended to the company's zero-trust access portfolio, including Cisco Secure Access and Duo Identity and Access Management. The integration will provide customers with a unified view of agent activity, enabling security teams to authenticate, authorize, and detect threats involving agentic identities at machine speed.
The Growing Blind Spot of Non-Human Identities
AI agents and non-human identities now outnumber human users by a factor of 100 to 1, yet many organizations lack visibility into their behavior. Astrix co-founders Alon Jackson and Idan Gour noted that these identities remain under the radar, creating what they call the biggest blind spot in the identity perimeter. Traditional security models are ill-equipped to handle the speed and scale of machine-to-machine interactions, where compromised credentials can be exploited within seconds. Cisco's own AI Readiness Index found that only 24% of organizations can control agent actions with proper guardrails and live monitoring, and just 31% feel fully capable of securing their agent AI systems.
Astrix's platform addresses this gap by providing a real-time inventory of all AI agents, MCP servers, and NHIs, along with contextual risk assessment and business usage analytics. The three core capabilities of Astrix include:
- Discovery and governance for AI agents: Maps the organization's agentic activity, enforces policies to resolve hygiene issues, reduces attack surfaces, and prevents compliance violations.
- Agentic access and lifecycle management: Manages AI agents and their non-human identities from provisioning through decommissioning, ensuring that permissions are always up to date.
- Agentic threat detection and response: Detects and responds to threats such as compromised credentials, out-of-scope agent actions, and anomalous behavior patterns.
These capabilities will feed into Cisco's broader security platform, including Splunk or any SIEM, giving analysts unified visibility into agent activity. Bailey emphasized that the acquisition brings deep capability to discover and secure every AI agent and NHI, including excessive privileges and real-time threats, enabling organizations to adopt AI securely at scale.
Strategic Context: Cisco's AI Security Roadmap
The Astrix acquisition is the latest step in Cisco's effort to build a comprehensive AI security stack. In April, Cisco announced plans to acquire Galileo Technologies, an AI observability firm that provides real-time guardrails for multi-agent development systems. Galileo's technology will strengthen Cisco's Splunk observability portfolio, bringing improved AI agent monitoring and protection to the development lifecycle. Together, these acquisitions address both the operational security of AI agents in production (Astrix) and the safety of their development and training (Galileo).
Cisco's strategy reflects a broader industry trend. As enterprises rush to adopt agentic AI—autonomous software entities that can plan, execute, and learn—security teams face unprecedented pressure to enable innovation without creating new vulnerabilities. The decentralized nature of AI agents, each with its own set of credentials, makes traditional IAM solutions inadequate. Astrix's approach of treating NHIs as first-class identities aligns with zero-trust principles, where every access request is validated regardless of whether it comes from a human or a machine.
Industry analysts have long warned that the explosion of non-human identities is one of the most overlooked security risks. API keys, service accounts, and OAuth tokens are often overprivileged and poorly monitored, providing attackers with easy lateral movement paths. Astrix's ability to continuously monitor and govern these identities will be a critical addition to Cisco's Secure Access and Duo products, which already enforce zero-trust policies for human users.
The financial terms of the acquisition were not disclosed, but the move is expected to close in Cisco's fiscal fourth quarter. The Astrix team, including co-founders Jackson and Gour, will join Cisco's security business unit. In their blog post, the co-founders wrote, “Joining Cisco means Astrix now has the scale, the reach, and the platform to bring agentic and NHI security to organizations worldwide.”
What Astrix Brings to Cisco's Portfolio
Astrix Security's technology is designed to solve a problem that many organizations are only beginning to recognize. The platform integrates with existing identity providers, cloud environments, and SaaS applications to provide a single pane of glass for non-human identities. It can automatically discover all AI agents and their associated credentials, assess their risk levels based on behavior and permissions, and enforce least-privilege policies. In addition, Astrix offers real-time threat detection that can identify compromised credentials or anomalous agent actions, such as an AI agent attempting to access data outside its scope.
For Cisco, the acquisition addresses a gap in its identity portfolio. While Duo and Cisco Secure Access already handle human identities and device access, they were not designed to manage the unique lifecycle of machine identities that change frequently and often without human oversight. By integrating Astrix, Cisco can offer a unified identity security solution that covers both humans and machines, from authentication to continuous monitoring.
The integration with Cisco Identity Intelligence will enhance visibility across all identity types. Customers will be able to discover, authenticate, and authorize agentic identities, as well as detect and respond when those identities are used inappropriately. Bailey noted that this visibility and intelligence also feeds into Splunk, giving security teams the context needed to investigate and respond at machine speed. The combination of Astrix and Galileo positions Cisco to address the full lifecycle of AI agent security: building agents safely, deploying them with proper controls, and monitoring them in production.
As the number of AI agents continues to grow—driven by advances in large language models, automation platforms, and multi-agent systems—the need for specialized security solutions will only intensify. Cisco's aggressive moves in this space suggest that the company sees agent security as a multi-billion-dollar market opportunity. With the Astrix acquisition, Cisco is betting that its existing customer relationships and security platform can give it an edge over standalone competitors.
Source: Network World News