As enterprises deploy AI agents at a rapid pace, they face a previously unconsidered issue: These agents — including API keys, service accounts, OAuth applications, and other non-human identities (NHIs) — now have human‑level privileges but are not managed the same way.
This is a growing problem. In a recent Deloitte survey of over 3,000 business and IT leaders, about a quarter of respondents said their companies are using agentic AI in some form. This figure is expected to surge to 74% over the next two years. These agents and their NHIs largely sit outside conventional identity and access management (IAM) and security operations center (SOC) infrastructure, meaning a company has no visibility or control over them.
With a pair of acquisitions, Cisco is the latest security provider to bet that securing the agentic workforce will require turning identity into the primary control plane. The first announcement was last month, when the security giant announced its intent to acquire Astrix Security, an early-stage startup focused on discovering and governing NHIs and AI agents. Cisco followed up last week with an agreement to acquire WideField Security, which adds identity lifecycle and session intelligence across human, machine, and agent identities, helping normalize and correlate identity, session, and activity telemetry in Splunk so SOC teams can better see how specific accounts and agents behave over time.
Turning identity into the primary control plane means making identity verification — or managing who or what is taking action — the foundation for all access decisions and enforcing security policies, rather than relying on traditional network or endpoint security controls. This means changing the question from where the request is coming from” to who or what is making this request and whether it should be allowed?
To accomplish this shift, Cisco plans to integrate WideField’s technology into Splunk to advance its Agentic SOC resources by normalizing and correlating identity, session, and activity telemetry from various sources. Integrating WideField into Splunk’s Agentic SOC will let the platform normalize and correlate identity, session, and activity telemetry — including signals from Cisco Identity Intelligence — so analysts can assemble richer, session‑level context across human, non-human, and AI‑agent activity, wrote Kamal Hathi, general manager of Cisco’s Splunk business unit, in a blog post announcing the WideField deal.
“This will enable Splunk to assemble context across human, non-human, and AI-agent activity, including signals from Cisco Identity Intelligence,” Hathi wrote.
Discovering NHIs
Astrix Security is one of the earliest startups to focus on NHI management, an essential requirement for securing agents that take on tasks once performed only by individuals. While the financial terms of the Cisco-Astrix deal were not disclosed, published reports say Cisco is paying $400 million for the company. Just 5 years old, Astrix grew rapidly by focusing on securing NHIs, including API keys, service accounts, and OAuth tokens — credentials now used by AI-based software agents that authenticate business-critical systems.
The Astrix NHI Platform was built to discover every non-human and AI agent in an organization’s environment and to understand their role, behavior, and access privileges. That visibility is used to manage privileges and detect malicious use of tokens, service accounts, and OAuth apps by baselining how each NHI and agent normally behaves and flagging anomalous activity. Further, Astrix NHI is designed to orchestrate a rapid response across IAM, cloud, and security information event management (SIEM) tools.
In a blog post announcing the Astrix acquisition, Peter Bailey, Cisco’s security business group senior VP and general manager, indicated that the plan is to integrate Astrix NHI with Cisco Identity Intelligence, which is designed to spot and address identity-based attacks.
“The addition of Astrix Security brings deep capability to discover and secure every AI agent and non-human identity (NHI), including excessive privileges and real-time threats, permitting organizations to adopt AI securely and at scale,” Bailey noted at the time.
Cisco also plans to integrate Astrix NHI capabilities into Cisco Secure Access and Duo Identity and Access Management, which Bailey said will enable organizations to secure AI agents and NHIs. It will also allow organizations to detect, authenticate, and authorize agentic identities, he added.
Bailey indicated Cisco will also integrate it with Splunk or any SIEM. Meanwhile, analysts say NHI management has become increasingly important given the rise of AI agents with access to enterprise systems.
Adding NHI to the Control Plane
Cisco joins a growing list of security infrastructure providers that are adding NHI management to the identity management mix. Earlier this year, Palo Alto Networks closed its $25 billion acquisition of CyberArk, adding NHI security after its acquisition of Venafi two years ago. In 2024, Delinea acquired Autonomize, and ServiceNow acquired NHI provider Veza late last year.
Chris Steffan, an industry analyst with Enterprise Management Associates, says NHI security was noticeably absent in Cisco’s Zero Trust architecture, which was designed around human identities.
“The conspicuous gap in Cisco’s agentic SOC narrative was identity governance for non-human identities,” Steffen says. “Astrix extends that model to the API keys, OAuth tokens, and service accounts that AI agents use to operate at scale. It’s a purpose-built capability Cisco couldn’t credibly replicate organically, and the timing relative to enterprise agentic adoption is perfect: It is top-of-mind for enterprises and practitioners trying to secure agentic solutions.”
Cisco’s moves acknowledge that AI agents represent a significant attack threat to enterprises, Forrester Research analyst Geoff Cairns adds.
“For Cisco, the acquisition closes a targeted gap in its identity security portfolio while enabling a more strategic extension of its security ecosystem to support non-human identity threat detection and response,” Cairns says. “This capability is foundational to advancing its agentic SOC vision, where identity context is critical to ensuring AI-driven automation operates securely at scale.”

No responses yet