Overview of the Acquisition
Cisco today announced its intention to acquire Astrix Security, a startup that has built a platform dedicated to discovering, managing, and securing AI agents and non-human identities (NHIs). The financial terms of the deal were not disclosed. The acquisition is expected to close in the coming months, subject to customary regulatory approvals.
Astrix, founded five years ago by Alon Jackson and Idan Gour, focuses on the credential and identity layer that underpins modern automated systems. Its platform provides real-time inventory of all AI agents, Model Context Protocol (MCP) servers, and NHIs, along with contextual risk and business usage information. This enables organizations to understand which agents are in use, what privileges they hold, and whether they pose a security threat.
Why This Matters for Enterprise Security
The rise of generative AI and autonomous agents has created a massive blind spot for security teams. According to Cisco's own AI Readiness Index, only 24% of organizations can control agent actions with proper guardrails and live monitoring, and just 31% feel fully capable of securing their agent AI systems. Agents and other non-human identities now outnumber human identities by a ratio of 100:1, yet most security tools are still designed for human users. This imbalance leaves enterprises exposed to credential abuse, privilege escalation, and lateral movement by compromised agents.
Astrix's approach addresses this gap by providing a single pane of glass for all agentic and non-human identities. The platform offers three core capabilities: discovery and governance, lifecycle management, and threat detection and response. Discovery and governance maps every agent in the organization, enforces policies to resolve hygiene issues, and reduces the attack surface. Lifecycle management handles the full provisioning-to-decommissioning workflow. Threat detection identifies compromised credentials and out-of-scope agent actions in real time.
Integration into Cisco's Security Portfolio
Peter Bailey, senior vice president and general manager of Cisco’s security business, stated that the addition of Astrix will bring deep capability to discover and secure every AI agent and NHI, including excessive privileges and real-time threats. Cisco plans to integrate Astrix's technology into Cisco Identity Intelligence, which will strengthen visibility and context across identities within the Cisco Security platform. The capabilities will also extend to Cisco's zero‑trust access portfolio, comprising Cisco Secure Access and Duo Identity and Access Management.
Customers will be able to discover, authenticate, and authorize agentic identities directly through Secure Access and Duo. The visibility and intelligence generated will also feed into Splunk or any other SIEM, providing security teams with a unified view of agent activity and the context needed to investigate and respond at machine speed.
Broader Industry Context
This acquisition comes amid a surge in investment in AI security. The market for AI agent security is expected to grow rapidly as more enterprises deploy autonomous agents for tasks ranging from code generation to customer service. However, these agents often operate with excessive privileges, use long‑lived credentials, and exist outside traditional identity governance frameworks. Astrix’s technology helps close that gap by treating agents as first‑class identity subjects.
In addition to Astrix, Cisco recently announced plans to acquire Galileo Technologies, an AI observability firm. Galileo's platform provides real‑time observability and guardrails for the development of multi‑agent systems. That technology will strengthen Cisco's Splunk observability portfolio, bringing improved AI agent monitoring capabilities, real‑time visibility, and protection to the agent development lifecycle. Together, these two acquisitions represent a significant bet by Cisco on the growing importance of AI agent security and observability.
What Astrix Brings to the Table
The Astrix platform is built on a foundation of non‑human identity management. It automatically discovers every AI agent, MCP server, and NHI across the enterprise, creating a real‑time inventory. That inventory is enriched with context about risk, business usage, and compliance posture. For example, the platform can identify a service account that has been granted administrative privileges but is only used for read‑only API calls, flagging it for remediation.
Astrix also handles the full lifecycle of agentic identities, from provisioning and authentication to decommissioning. This includes managing OAuth tokens, API keys, and service accounts, which are often left active long after the associated agent has been retired. By automating lifecycle management, Astrix reduces the attack surface created by orphaned credentials.
The threat detection engine monitors agent behavior in real time. It can detect anomalies such as a previously dormant agent suddenly making hundreds of API calls, or an agent using credentials that have been compromised in a data breach. When such an event occurs, Astrix can trigger automated responses, such as revoking the compromised token or quarantining the agent.
Historical Parallels and Strategic Fit
Cisco has a long history of acquiring security startups to fill gaps in its portfolio. Notable past acquisitions include Duo Security (2018) for zero‑trust access, and more recently, Splunk (2023) for observability and security analytics. The Astrix and Galileo acquisitions follow a similar pattern, targeting the emerging category of AI security. Cisco's leadership has made it clear that securing AI agents is a top priority, and the company is betting that integrated identity and observability will be key differentiators.
Industry analysts have noted that the combination of Astrix’s identity security and Galileo’s observability provides a comprehensive view of agent behavior, from development to production. This aligns with the broader industry trend toward converged security platforms, where identity, network, and endpoint security are unified under a single management plane.
Challenges Ahead
While the acquisition is promising, Cisco faces several challenges. Integrating Astrix's technology into Cisco's existing security stack will require careful planning to avoid disrupting customer deployments. Additionally, the market for AI agent security is still nascent, and standards for managing non‑human identities are just beginning to emerge. Cisco will need to work with industry bodies to define best practices and ensure interoperability.
Another challenge is the speed of change in the AI landscape. New agent architectures, such as multi‑agent systems and agent‑to‑agent communication protocols, are evolving rapidly. Astrix's platform will need to keep pace with these changes to remain relevant. Cisco’s deep pockets and engineering resources should help, but the company must execute quickly.
Looking Forward
As AI agents become more prevalent, the need for dedicated security tools will only grow. Cisco's acquisition of Astrix is a strategic move to capture this emerging market. By integrating identity security, zero‑trust access, and observability into a unified platform, Cisco aims to provide enterprises with the tools they need to adopt AI securely and at scale. The success of this initiative will depend on how well Cisco can integrate the technology, educate customers, and adapt to the fast‑moving AI landscape.
Astrix co‑founders Alon Jackson and Idan Gour expressed optimism about the acquisition, stating that joining Cisco gives Astrix the scale, reach, and platform to bring agentic and NHI security to organizations worldwide. With the combined resources of Cisco and Splunk, the company expects to accelerate innovation and help customers close the identity security gap that has been widened by the rise of AI agents.
Source: Network World News