Analyst(s): Fernando Montenegro
Publication Date: May 5, 2026
Cisco announced its intent to acquire Astrix Security for approximately $400 million, signaling a strategic push to secure the non-human identities driving the modern enterprise. By integrating Astrix’s agentic governance capabilities into Duo, Secure Access, and Splunk, Cisco aims to own the control plane for the rapidly expanding AI workforce. This move effectively forces a necessary convergence between identity architecture and security operations to counter threats at machine speed.
What is Covered in This Article:
- Details of Cisco’s $400 million acquisition of Astrix Security.
- How Astrix increases Cisco’s reach from human users to non-human machine identities.
- The strategic mandate for agentic governance, according to recent market data.
- The convergence of identity, network security, and SOC buyer personas.
- The hyper-competitive vendor landscape and the race to own the agentic narrative.
The News: Following weeks of market speculation, Cisco announced its intent to acquire Israeli cybersecurity startup Astrix Security for approximately $400 million. Founded in 2021, Astrix specializes in securing non-human identities, including the API keys, service accounts, and OAuth tokens that autonomous AI agents rely on to operate. Cisco plans to integrate Astrix’s discovery, lifecycle management, and threat detection capabilities into Cisco Identity Intelligence, Duo, and Secure Access. This agentic telemetry will feed directly into Splunk for machine-speed detection and response.
Does Cisco Put an Astrix on the Agentic Identity Race?
Analyst Take: Cisco has been quite focused on establishing its position as “mission-critical infrastructure” for modern AI deployments, and has been growing its AI security capabilities under multiple offerings, including its hybrid mesh capabilities, its AI Defense portfolio, and the analytics capabilities under Splunk. More than that, though, the company has a strong security portfolio, including zero-trust access, Secure Access Service Edge (SASE), and user security capabilities, among others.
Moving Beyond the Human Needs
Cisco already had a strong enterprise security pedigree with Duo, but Duo’s main focus had always been human users. The Astrix acquisition addresses a rapidly expanding need.
The industry frequently parrots the phrase “identity is the new perimeter,” but that is not new: the concept actually dates back to the Jericho Forum circa 2005. What is new is that, today, the perimeter is increasingly machine-driven. Autonomous agents and their associated credentials are expected to drastically outnumber human users, operating at scales and speeds that legacy Identity and Access Management platforms cannot comprehend. Astrix wisely avoids broad, ambiguous AI security promises. Instead, the company focuses strictly on the actual mechanisms of access: programmable tokens, API keys, and service accounts. This gives Cisco a definitive identity provider layer tailored almost exclusively for machines.
The Mandate for Agentic Governance
The primary challenge for organizations is deploying security controls that can cover a massive, highly fragmented spectrum of agentic technologies. According to The Futurum Group’s Cybersecurity Decision Maker survey from December 2025, the majority of respondents selected “strict role-based and policy-based AI access controls” as a primary measure for securing agentic AI. Astrix aims to provide the exact lifecycle governance required to meet this mandate. The offering allows Cisco to move beyond passively mapping AI usage to actively governing it. This means enforcing dynamic policies, monitoring for toxic permission combinations, and instantly revoking access to contain modern supply chain attacks before hijacked machine identities can move laterally across the network.
Who is the Right Buyer?
This offering forces a necessary convergence within the enterprise buying center. Historically, Identity Architects, Network Security teams, and Security Operations Center leaders managed their domains in isolation. By weaving NHI telemetry directly into Cisco Identity Intelligence, Secure Access, and Splunk, Cisco effectively forces a merge of these disciplines. The right buyer appears to be the Chief Information Security Officer seeking to unify machine-speed telemetry with automated enforcement. The question remains how quickly legacy enterprise customers will actually adapt their internal budgets and organizational structures to fund this consolidated approach.
The Race to Own the Agentic Narrative
The broader cybersecurity market is undergoing massive consolidation as key vendors aggressively attempt to own the narrative around machine identity. Cisco’s acquisition is a meaningful stance in this hyper-competitive arena where capturing the NHI control plane is the ultimate objective.
Competition in the agentic security space is now converging from multiple distinct angles:
- First, traditional large-scale security vendors are executing aggressive consolidation strategies. Palo Alto Networks altered the market with its massive CyberArk acquisition, while CrowdStrike and Check Point have finalized meaningful acquisitions in identity and AI workflows to capture the machine identity control plane.
- Second, the main identity security vendors themselves, notably Okta, SailPoint, and Saviynt, are being forced to adapt. For these incumbents, securing agentic identity serves as a necessary modernization of traditional Identity Governance and Administration (IGA) and Privileged Access Management (PAM) frameworks.
- Third, a hyperactive startup ecosystem continues to tackle agentic identity directly. Names such as Aembit, Entro Security, Noma Security, Oasis Security, among others, have been building out native governance specifically for machine credentials and shadow agents.
- Finally, Cisco faces massive pressure from the major enterprise service providers. Microsoft, Google, AWS, Salesforce, ServiceNow, and IBM, among others, are all attempting to own the agentic control plane by baking AI access controls directly into their core infrastructure and productivity suites.
What to Watch:
- How quickly will Astrix telemetry become actionable inside Splunk? Cisco promises machine-speed detection, but the true test is whether this integration introduces actionable context for the Security Operations Center or merely generates more noise.
- Will Cisco rationalize overlapping identity features within Duo? As Astrix becomes the primary engine for machine identity, Cisco must clarify how this new architecture aligns with or replaces the existing access capabilities native to Duo.
- How will remaining independent NHI startups respond to this market squeeze? Heavily funded challengers must now prove their standalone value against a rapidly consolidating ecosystem of mega-vendors and cloud providers.
For more details on the acquisition, please refer to the Cisco blog post.
Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.
Other Insights From Futurum:
Is 2026 the Turning Point for Industrial-Scale Agentic AI?
Futurum Research Finds API and AI Risks Top Application Security Concerns
Do AI Factories Signal a New Mandate for Certified Security? – Report Summary
Author Information
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
