What happened
Cisco announced intent to acquire WideField Security (~June 22, 2026), following its earlier Astrix Security acquisition (~$400M). Astrix discovers and governs non-human identities (NHI) and AI agent credentials (API keys, OAuth tokens, service accounts). WideField adds identity lifecycle and session intelligence across human, machine, and agent identities, normalizing telemetry into Splunk so SOC teams gain session-level context across all identity types. This is Cisco's sixth acquisition in FY2026.
Why it matters
Positions Cisco/Splunk as the Agentic SOC platform of record by unifying NHI governance, agent discovery, and session telemetry. Validates NHI and AI agent identity as a board-level risk category — attackers already abusing OAuth/API-key sprawl across agent deployments. Integrating WideField into Splunk closes the blind spot between authorized agent actions and anomalous behavior at machine speed.
Applicability
Cisco/Splunk customers should roadmap NHI inventory and agent identity governance now; all enterprises should assess current NHI exposure regardless of vendor.