Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions

IDENTITY & ACCESS MANAGEMENT SECURITY CYBERSECURITY OPERATIONS News, news analysis, and commentary on the latest trends in cybersecurity technology. Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions Cisco joins a growing list of security platform providers that are betting that securing the agentic workforce means turning identity into the primary control plane. Jeffrey Schwartz,Contributing Writer June 26, 2026 5 Min Read SOURCE: LAURENT DAVOUST VIA ALAMY STOCK PHOTO As enterprises deploy AI agents at a rapid pace, they face a previously unconsidered issue: These agents — including API keys, service accounts, OAuth applications, and other non-human identities (NHIs) — now have human‑level privileges but are not managed the same way. This is a growing problem. In a recent Deloitte survey of over 3,000 business and IT leaders, about a quarter of respondents said their companies are using agentic AI in some form. This figure is expected to surge to 74% over the next two years. These agents and their NHIs largely sit outside conventional identity and access management (IAM) and security operations center (SOC) infrastructure, meaning a company has no visibility or control over them.   With a pair of acquisitions, Cisco is the latest security provider to bet that securing the agentic workforce will require turning identity into the primary control plane. The first announcement was last month, when the security giant announced its intent to acquire Astrix Security, an early-stage startup focused on discovering and governing NHIs and AI agents. Cisco followed up last week with an agreement to acquire WideField Security, which adds identity lifecycle and session intelligence across human, machine, and agent identities, helping normalize and correlate identity, session, and activity telemetry in Splunk so SOC teams can better see how specific accounts and agents behave over time. Related:Oracle Red Bull Racing Team Revs Up Automation to Boost Security Turning identity into the primary control plane means making identity verification — or managing who or what is taking action — the foundation for all access decisions and enforcing security policies, rather than relying on traditional network or endpoint security controls. This means changing the question from where the request is coming from" to who or what is making this request and whether it should be allowed? To accomplish this shift, Cisco plans to integrate WideField's technology into Splunk to advance its Agentic SOC resources by normalizing and correlating identity, session, and activity telemetry from various sources. Integrating WideField into Splunk's Agentic SOC will let the platform normalize and correlate identity, session, and activity telemetry — including signals from Cisco Identity Intelligence — so analysts can assemble richer, session‑level context across human, non-human, and AI‑agent activity, wrote Kamal Hathi, general manager of Cisco's Splunk business unit, in a blog post announcing the WideField deal.  "This will enable Splunk to assemble context across human, non-human, and AI-agent activity, including signals from Cisco Identity Intelligence," Hathi wrote.  Related:Microsoft Proposes Better Identity, Guardrails for AI Agents Discovering NHIs Astrix Security is one of the earliest startups to focus on NHI management, an essential requirement for securing agents that take on tasks once performed only by individuals. While the financial terms of the Cisco-Astrix deal were not disclosed, published reports say Cisco is paying $400 million for the company. Just 5 years old, Astrix grew rapidly by focusing on securing NHIs, including API keys, service accounts, and OAuth tokens — credentials now used by AI-based software agents that authenticate business-critical systems. The Astrix NHI Platform was built to discover every non-human and AI agent in an organization's environment and to understand their role, behavior, and access privileges. That visibility is used to manage privileges and detect malicious use of tokens, service accounts, and OAuth apps by baselining how each NHI and agent normally behaves and flagging anomalous activity. Further, Astrix NHI is designed to orchestrate a rapid response across IAM, cloud, and security information event management (SIEM) tools.  In a blog post announcing the Astrix acquisition, Peter Bailey, Cisco's security business group senior VP and general manager, indicated that the plan is to integrate Astrix NHI with Cisco Identity Intelligence, which is designed to spot and address identity-based attacks. Related:Delinea's StrongDM Acquisition Highlights the Changing Role of PAM "The addition of Astrix Security brings deep capability to discover and secure every AI agent and non-human identity (NHI), including excessive privileges and real-time threats, permitting organizations to adopt AI securely and at scale," Bailey noted at the time. Cisco also plans to integrate Astrix NHI capabilities into Cisco Secure Access and Duo Identity and Access Management, which Bailey said will enable organizations to secure AI agents and NHIs. It will also allow organizations to detect, authenticate, and authorize agentic identities, he added. Bailey indicated Cisco will also integrate it with Splunk or any SIEM. Meanwhile, analysts say NHI management has become increasingly important given the rise of AI agents with access to enterprise systems. Adding NHI to the Control Plane Cisco joins a growing list of security infrastructure providers that are adding NHI management to the identity management mix. Earlier this year, Palo Alto Networks closed its $25 billion acquisition of CyberArk, adding NHI security after its acquisition of Venafi two years ago. In 2024, Delinea acquired Autonomize, and ServiceNow acquired NHI provider Veza late last year. Chris Steffan, an industry analyst with Enterprise Management Associates, says NHI security was noticeably absent in Cisco's Zero Trust architecture, which was designed around human identities. "The conspicuous gap in Cisco's agentic SOC narrative was identity governance for non-human identities," Steffen says. "Astrix extends that model to the API keys, OAuth tokens, and service accounts that AI agents use to operate at scale. It's a purpose-built capability Cisco couldn't credibly replicate organically, and the timing relative to enterprise agentic adoption is perfect: It is top-of-mind for enterprises and practitioners trying to secure agentic solutions." Cisco's moves acknowledge that AI agents represent a significant attack threat to enterprises, Forrester Research analyst Geoff Cairns adds. "For Cisco, the acquisition closes a targeted gap in its identity security portfolio while enabling a more strategic extension of its security ecosystem to support non-human identity threat detection and response," Cairns says. "This capability is foundational to advancing its agentic SOC vision, where identity context is critical to ensuring AI-driven automation operates securely at scale." Read more about: CISO Corner About the Author Jeffrey Schwartz Contributing Writer Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports The total economic impact™ of Snyk How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 Access More Research Webinars Building a Risk Based Vulnerability Management Program Threat Hunting That Gets Big Results Despite Small Budgets Say Yes to AI: Securing Innovation Without Compromise Zero Trust Identity: Beyond Traditional Authentication Advanced Persistent Threats: A Practical Guide to Detection and Response More Webinars You May Also Like IDENTITY & ACCESS MANAGEMENT SECURITY Microsoft Proposes Better Identity, Guardrails for AI Agents by Robert Lemos MAR 24, 2026 IDENTITY & ACCESS MANAGEMENT SECURITY Orgs Move to SSO, Passkeys to Solve Bad Password Habits by Nate Nelson, Contributing Writer NOV 13, 2025 IDENTITY & ACCESS MANAGEMENT SECURITY 1Password Addresses Critical AI Browser Agent Security Gap by Arielle Waldman OCT 10, 2025 IDENTITY & ACCESS MANAGEMENT SECURITY NIST Digital Identity Guidelines Evolve With Threat Landscape by Arielle Waldman AUG 14, 2025 Latest Articles in DR Technology APPLICATION SECURITY Robinhood Cuts Access Approval Time to Support High-Velocity Development JUN 25, 2026 CYBERSECURITY OPERATIONS Segmentation Works for OT If Operators Are Paying Attention JUN 11, 2026 CYBER RISK Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs JUN 4, 2026 APPLICATION SECURITY For Enterprises, Security Remains Agentic AI's Biggest Challenge MAY 26, 2026 Read More DR Technology