Securing the Agentic Workforce: Cisco Announces Intent to Acquire Astrix Security - by Peter Bailey

Today, I’m thrilled to announce our intent to acquire Astrix Security Ltd., a pioneer in Non-Human Identity (NHI) Security.

We’re seeing an explosion of AI agents that are already reshaping the digital enterprise. Soon, every person in an organization will be supported by a network of AI agents working continuously at machine speed, accessing data, making decisions, and taking action on their behalf.

These agents represent an entirely new class of coworker: capable of incredible productivity, but also capable of unintended harm or malicious behavior if left unsecured. This is the new attack surface, and it is growing faster than most organizations realize.

As organizations race to adopt agentic technologies, security teams are under real pressure to enable their teams while securing the use of agents. But agent capabilities are advancing faster than most security models, creating a widening gap in visibility, governance, and response. According to Cisco’s AI Readiness Index, only 24% of organizations can control agent actions with proper guardrails and live monitoring, and just 31% feel fully capable of securing their agent AI systems.

That gap between agentic capability and organizational readiness continues to widen. With the emergence of AI models, like Mythos, we’re seeing threat actors reshape the risk landscape in ways that are impossible to ignore. Security teams are now confronting a new class of high-impact, AI-accelerated risks.

At Cisco, we are deeply focused on helping customers address this gap. This is the work that drives us every day.

Meeting the Moment: Our Commitment to AI Security 

Cisco has been moving quickly to enable the safe and secure use of AI.

AI Defense helps organizations safely build AI applications by protecting the models and agents built internally. We’ve also extended our Zero Trust Access architecture with Cisco Secure Access and Duo Agentic Identity capabilities to discover and authorize every agent and every action.

Beyond this, we continue to build the broader foundation for secure AI: open source models, tools to scan and make models safer, guidance for secure AI development, MCP gateways, and new capabilities across our firewall portfolio to recognize and inspect AI traffic.

We’ve also been deeply engaged in Project Glasswing, using it to harden our products against increasingly capable threat actors. We’ve doubled down on Resilient Infrastructure and introduced Live Protect to close critical gaps in vulnerability defense.

And through Splunk, we are automating the SOC so organizations can respond at machine speed, while expanding observability to discover AI, including the recent acquisition of Galileo.

But we are nowhere near finished.

Enter Astrix Security 

Since its founding five years ago, Astrix Security has focused on securing the identities and credentials that power modern systems — API keys, service accounts, and OAuth tokens — the very credentials that AI Agents are now using (and abusing) to gain access and execute work at scale.

The addition of Astrix Security brings deep capability to discover and secure every AI agent and non-human identity (NHI), including excessive privileges and real-time threats, enabling organizations to adopt AI securely and at scale.

Astrix Security’s capabilities include:

• Discovery & Governance for AI Agents: Provide a map of the org’s agentic activity, vet policy to resolve hygiene issues, reduce attack surfaces and prevent compliance violations.

• Agentic Access & Lifecycle Management: Manage AI agents and their NHIs from provisioning to decommissioning.

• Agentic Threat Detection & Response: Detect and respond to threats such as compromised credentials and out-of-scope agent actions.

• Secrets Management: Centralized secret management across vaults & cloud.

  
  

Equally as important, Astrix Security brings a world-class team of security experts who have been focused on this problem space from the beginning. We’re excited to welcome the team to Cisco Security!

How it all Fits Together:  Zero Trust for Agents and Context for Your AI

At RSA, we extended Zero Trust for the agentic workforce, combining identity discovery and management, access enforcement, and runtime behavioral protection to govern how agents operate across enterprise systems.

We plan to integrate Astrix Security’s capabilities into Cisco Identity Intelligence, strengthening visibility and context across identities within the Cisco Security platform.

We also intend to extend these capabilities into our zero trust access solutions, including Cisco Secure Access and Duo Identity and Access Management, helping organizations secure AI agents and non-human identities across a broad range of use cases. Customers will be able to discover, authenticate, and authorize agentic identities, as well as detect and respond when they use Cisco Secure Access as well as Duo.

What makes this so powerful is Cisco’s visibility across identity, network, application, and infrastructure layers. We don’t just know what an agent is, we understand how it behaves. This visibility and intelligence also feeds into Splunk (or any SIEM), giving security teams a unified view of agent activity with the context needed to investigate and respond at machine speed.

Cisco: Your Partner for Agentic AI

Across the enterprise, Cisco is powering, connecting, and securing AI through the infrastructure and software our customers rely on. Our position across the full stack allows us to provide visibility and enforcement beyond traditional boundaries.

Our commitment to open standards ensures we can integrate across environments and meet customers where they are.

Securing AI agents and non-human identities has never been more important. We’re excited to help customers close this gap, and to welcome the Astrix Security team to Cisco Security.

Forward-Looking Statements   

This blog post may be deemed to contain forward-looking statements, which are subject to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements containing the words “transform”, “will,” “plans,” “expects,” “intends,” “may,” or “continues,” or the negative of these terms or other comparable terminology, as well as similar expressions, or regarding the acquisition building leading edge protection, the expected benefits to Cisco and its customers from completing the acquisition, and plans regarding Astrix Security personnel. Readers should not place undue reliance on these forward-looking statements, as these statements are management’s beliefs and assumptions, many of which, by their nature, are inherently uncertain, and outside of management’s control. Additionally, readers are cautioned that these forward-looking statements are only predictions and may differ materially from actual future events or results due a variety of factors, including, among other things, the potential impact on the business of Astrix Security due to the uncertainty about the acquisition, the retention of employees of Astrix Security and the ability of Cisco to successfully integrate Astrix Security and to achieve expected benefits, business and economic conditions and growth trends, customer markets and various geographic regions, global economic conditions and uncertainties in the geopolitical environment and other risk factors set forth in Cisco’s most recent reports on Form 10-K and Form 10-Q. Any forward-looking statements in this blog post are based on limited information currently available to Cisco, which is subject to change, and Cisco will not necessarily update the information.