Cisco recently announced its intent to acquire Astrix Security for an estimated $400 million. On the face of it, this is another security startup exit. But when we look deeper, it is also a statement about three shifts happening in enterprise security right now—shifts that anyone working in Identity Security and access management should be paying attention to.
NHI Security is no longer a niche since the rise of agentic AI
For the past few years, Non-Human Identity (NHI) Security has been primarily the concern of a relatively small group of forward-thinking Identity Security teams. API keys, service accounts, OAuth tokens—these machine identities have multiplied far faster than human accounts, yet for too long they operated in a blind spot: no possibility to confirm identity with tools like MFA for human identities, no trustworthy discovery, no lifecycle management, no real-time threat detection.
Think about what Astrix focuses on: the same credentials—API keys, service accounts, OAuth tokens—that AI agents now also use to act on their own inside enterprise environments. As agentic AI grows, the number of non-human identities acting on behalf of people is dramatically increasing. Leaving them unmonitored isn’t just a compliance gap. It’s an open door into the business.
Many companies still haven’t fully figured out what good governance for their autonomous AI agents even looks like operationally. But what’s becoming increasingly clear is that these identities can no longer sit outside the core Identity Security strategy.
When Cisco—with the reach of Cisco Identity Intelligence (based on Oort), Secure Access, Duo, and Splunk—puts hundreds of millions of dollars into an NHI- and AI-focused startup, the message is pretty clear: this is a top-tier security problem.
NHI Security isn't a product feature. It's becoming a foundational layer of Identity Security in an AI-first enterprise.
Cisco is steadily building out its identity play
It helps to look at this deal in context. Back in 2018, Cisco paid $2.35 billion for Duo Security. At the time, most of us read it as a network vendor moving into IAM. Looking back now, that read was probably too narrow.
Cisco has been systematically assembling the components of an Identity Security vendor. While their identity offering is still mostly focused on visibility and discovery capabilities and not as much on real-time enforcement, it’s still worth taking note of this strategy. Duo brought human identity and MFA. Oort was acquired to bolster Identity Threat Detection and Response (ITDR) capabilities. Cisco Identity Intelligence layered in context and analytics. The Splunk acquisition added the security event backbone. Now Astrix adds another missing piece: the non-human identity layer, including AI agents.
And that points to something the industry can’t really avoid anymore: security and identity aren’t separate disciplines. They’re increasingly becoming the same one.
The old perimeter is gone. Identity has replaced it. Every access decision—by a person, a service, or an AI agent—now runs through an identity layer. Vendors that saw this shift early—from CrowdStrike’s push into identity to Palo Alto Network’s acquisition of CyberArk, through Cisco’s run of acquisitions—are increasingly positioning themselves to shape how enterprise security platforms evolve over the next decade.
Identity Security has to be end-to-end—especially with AI agents in the mix
There’s a harder truth in this deal, too. Astrix has started establishing their technology and customer base, and still its best path forward was inside a bigger platform. That’s not a knock on the team. It’s the reality that point solutions in Identity Security keep running into.
- Fragmented tooling creates blind spots. Most identity programs are stitched together from separate tools for human IAM, PAM, NHI, and cloud entitlements—each with its own data model and its own view of the estate. Attackers don’t respect those seams; AI agents won’t either. Most organizations are still managing these identities in separate operational silos, largely because the tooling evolved that way. The teams who’ll fare best are the ones with a single, consistent view of identity across every account type and every environment.
- You can’t secure what you can’t see end-to-end. Non-human identity is a critical piece, but it’s still one piece. Service accounts and API keys live alongside human users, privileged admins, and AI agents—across on-premises and cloud. A complete identity security posture starts with a unified inventory of every identity in the estate, human and non-human, and the relationships between them. Without that, you’re protecting fragments.
- Runtime enforcement is where it matters. Discovery and posture are foundational—but insufficient on their own. The harder problem is acting on identity risk at runtime—blocking a compromised service account before it causes damage or stepping up controls on AI agents. In the agentic AI era, where agents act on their own at machine speed (and so do AI-based attacks), after-the-fact detection isn’t enough. Enforcement has to live in the authentication and access path itself.
The takeaway for security teams isn’t really about M&A. It’s about what your Identity Security stack actually needs to do in an agentic AI world: see every identity across every environment and enforce policy on each one inline. Anything narrower leaves a gap that AI agents will find before you do.
What this means for the market ahead
What this deal reinforces for us is something we’re hearing more and more across customer environments: Identity Security can no longer be split between human and non-human domains, or between visibility and enforcement. As AI agents proliferate, organizations need a more unified approach across every account, every authentication, and every access decision—one that requires deep context, dynamic policies, and runtime protection to be effective.
The questions worth asking now are: Which organizations are still operating without understanding how their non-human identities and AI agents operate? Which security platforms genuinely unify human, machine, and agentic identity security—versus those that bolt on NHI as an afterthought? And as AI agents proliferate, which Identity Security controls are actually built for the world we’re entering?
The window to get ahead of this is closing. Most organizations have mapped their human identities. Far fewer have a handle on the service accounts, API integrations, and now also AI agents running in their environments—often with too much access, no lifecycle management, and limited real-time monitoring. And more importantly, visibility by itself is not enough. Enterprises that want to stay ahead of the threat today should prioritize identity platforms that deliver robust enforcement and runtime security controls, before access is granted.
That’s the gap the industry is racing to close. The real question is whether you close it on your own terms or wait until you have to.
Silverfort Identity Security Platform
Runtime Identity Security
- Enforce security controls at runtime across every IAM silo.
- Stop identity threats without slowing the business.
- Prepare for the age of frontier AI models.
