What happened
Cisco announced its intent to acquire Astrix Security, a startup specializing in securing non-human identities (NHIs) such as API keys, service accounts, and OAuth tokens used by applications and AI agents. The acquisition aims to extend Zero Trust principles to what Cisco calls the 'agentic workforce,' where AI agents and machine identities are rapidly expanding the enterprise attack surface.
Why it matters
As autonomous agents execute code, initiate transactions, and make decisions without human intervention, identity-based access controls alone are insufficient. Astrix's technology provides visibility, lifecycle management, and automated detection of over-privileged, unnecessary, or malicious access—including compromised credentials and rogue agent behavior. This M&A signals that major security vendors are restructuring their platforms to treat AI agents as first-class security principals, not afterthoughts.
Applicability
Organizations deploying agentic AI systems, especially those using tool-use frameworks (MCP, LangChain, AutoGPT), should evaluate whether their current IAM and Zero Trust architectures account for non-human identities. CISOs should audit how many API keys and service accounts exist, which agents can access them, and whether continuous monitoring is in place to detect privilege creep or compromise.