Cisco’s reported Astrix bid highlights why identity is becoming the control layer for AI security
If the talks progress, they could reshape how the company approaches agent governance, and how enterprises secure non‑human identities at scale.
The report first appeared in The Information on April 10 and was subsequently corroborated by Israeli financial publications Globes and Calcalist. Neither Cisco nor Astrix has confirmed the discussions.
If the deal materialises, the strategic value is likely less about adding another security SKU and more about acquiring Astrix’s visibility into non‑human identities and agent behaviour across enterprise environments, an area Cisco itself is now publicly emphasising.
What Astrix actually built
Modern enterprises are no longer defined only by human users. Bots, API keys, OAuth tokens, service accounts and, increasingly, AI agents authenticate into systems, access data and execute workflows autonomously.
Across enterprise environments, non‑human identities already outnumber human identities, and that gap is widening as agentic AI moves from experimentation into operations.
These identities rarely follow the discipline applied to people. They are often created dynamically, lack clear ownership, accumulate privileges over time and operate continuously at machine speed. When compromised, their activity is difficult to distinguish from legitimate system behaviour.
Astrix has been building for this problem since 2021. The company emerged publicly in 2023 as an RSA Innovation Sandbox finalist, focused squarely on securing what are now broadly referred to as non‑human identities (NHIs).
Its platform focuses on discovering and inventorying NHIs across cloud, SaaS and on‑premise environments, surfacing access risks and enabling controls around their use.
What makes Astrix difficult to replicate is not the promise of the product, but it is the data behind it. Its behavioural engine has been trained on years of real-world API traffic. This depth that became evident in 2022 when Astrix discovered GhostToken, a zero-day vulnerability in Google Cloud Platform that allowed malicious OAuth applications to become permanently hidden and unremovable from Google accounts. Google patched the flaw in April 2023.
That kind of capability typically builds over time and is difficult to replicate quickly, which makes acquisition a more practical route.
Where Cisco’s security stack still leaves a gap
Cisco has been actively positioning itself as a core platform for enterprise AI security, with a strong focus on user and access layers.
At Cisco Live EMEA in February, it expanded AI Defense. At RSA 2026 in March, it launched DefenseClaw, an open‑source framework for AI agent security, and extended Zero Trust Access principles to AI agents. It has also signalled its intent to add AI observability into the mix through Galileo’s integration with Splunk.
Cisco secures networks, secures endpoints, and, through Cisco Duo, it handles human identity at a global scale.
What remains fundamentally harder is managing the identity layer underneath AI agents — the machine credentials, service accounts, API keys and tokens that agents rely on to authenticate and act across enterprise systems.
Cisco’s Zero Trust for Agentic AI white paper, published in March 2026 around the time of its RSA 2026 announcements, is explicit on this point. It describes AI agents as a rapidly growing class of non‑human identities that must be discovered, governed and mapped to accountable owners.
Without continuous discovery, visibility and lifecycle governance, from creation through operation and retirement, agents become unmanaged digital actors, operating with unclear ownership and limited auditability.
This shifts the problem from monitoring to identity and access control, which is where Astrix operates. The two capabilities are complementary rather than overlapping. If the deal materialises, Cisco’s Security Cloud could be better positioned to address a growing enterprise concern: understanding what entities exist within systems and whether they should have access.
Why this matters in India
India's cybersecurity market is among the fastest-growing in Asia. According to Mordor Intelligence, it was valued at $5.56 billion in 2025 and is projected to reach $15.06 billion by 2031, growing at a CAGR of just over 18 percent. Demand is strong. Readiness is uneven.
A study by TrendAI and Sapio Research, covering 200 Indian decision-makers, found that nearly 80 percent of respondents felt pressured to approve AI projects despite unresolved security concerns. Only 42 percent of Indian IT managers said they felt even moderately prepared for the pace of AI adoption, while 81 percent said AI is advancing faster than their organisations can secure it.
At the same time, Indian CISOs are gradually shifting how they buy, with a preference for platforms that integrate detection, identity, policy, and response.
A Cisco stack that combines network security, human identity, AI observability and non‑human identity lifecycle management speaks directly to that shift.
For Indian channel partners, including system integrators, MSSPs and value‑added resellers, a completed deal would open new services conversations, sharper differentiation and fresh competitive positioning against Palo Alto Networks, CrowdStrike and Microsoft, all racing toward the same problem from different angles.
What to watch next
Neither Cisco nor Astrix has confirmed the discussions. In the absence of an official announcement, this remains credible but unverified reporting, and it should be read as such.
Astrix was last valued at roughly $200 million, which means any deal in the reported $250 to $350 million range would be driven less by near-term revenue and more by strategic relevance - consistent with how Cisco has historically approached capability acquisitions.
There is also the question of execution bandwidth. Cisco is also still completing the integration of Splunk, its $28 billion acquisition closed in March 2024, with several key platform capabilities between the two companies still rolling out through 2026. Absorbing another security platform, particularly one that sits deep in the identity and control plane, won’t be trivial.
The competitive pressure is not theoretical.
Palo Alto Networks announced a $25 billion deal to acquire CyberArk, one of the strong players in identity security, in July 2025, a transaction that closed in February 2026. CrowdStrike followed in January 2026 with a $740 million deal for SGNL, explicitly targeting non-human and AI agent identities.
The race to own identity security for the agentic enterprise is already underway. A confirmed Cisco move into NHI security would intensify it further, with direct implications for how Indian channel partners position themselves to their customers.
Irrespective of whether this specific deal closes, Cisco’s reported interest reflects a broader industry realisation: in the age of agentic AI, identity, not models or networks, is emerging as the real control layer in security.