Cisco buys Astrix Security for $400M

Security for AI agents is suddenly becoming a real product category — not just a talking point. That’s the backdrop for Cisco’s move to buy Astrix Security, a startup focused on locking down the machine identities and credentials that AI agents use to do work. Cisco announced the deal on May 4, 2026, and while it didn’t name a price, multiple reports tied it to roughly $400 million. The bigger point is simpler: Cisco thinks the next identity mess in enterprises won’t come from people. It’ll come from software acting like people. ### What does Astrix actually secure? Astrix built tools for what security teams call non-human identities — API keys, OAuth tokens, service accounts, secrets, and machine credentials. Those things already mattered before the AI boom. But AI agents make the problem sharper, because an agent often needs broad access across SaaS apps, cloud systems, and internal tools to get anything useful done. If those credentials are over-permissioned, forgotten, or stolen, the blast radius gets big fast. (blogs.cisco.com) ### Why do AI agents make this harder? A human employee usually logs in, gets governed by HR and IAM policies, and leaves an audit trail people understand. An AI agent is weirder. It can spin through systems at machine speed, call APIs nonstop, chain actions together, and sometimes create or use more credentials along the way. Basically, the old identity model assumed the risky actor was a person. Cisco is betting the risky actor now also includes a fast, autonomous piece of software with real privileges. (astrix.security) ### Where does Cisco want to plug this in? Cisco said Astrix’s technology will feed into Cisco Identity Intelligence first, then extend into its Zero Trust access products, including Secure Access and Duo Identity and Access Management. That matters because Cisco isn’t buying a standalone dashboard just to leave it on the side. It wants Astrix to become part of the control plane that decides which identities exist, what they can touch, and when something starts behaving strangely. (blogs.cisco.com) ### Why buy instead of build? Because timing matters. Cisco has been pushing harder into AI security and “agentic” enterprise tooling, and this is one of the faster ways to fill a gap that customers are starting to notice right now. Astrix was founded in 2021 by Alon Jackson and Idan Gour, and it built its name around discovering and governing these machine identities across cloud and SaaS environments. Buying that capability is faster than stitching together a new product while rivals race at the same problem. (blogs.cisco.com) ### Is this just about AI hype? Not really — though the AI wave is clearly accelerating it. Non-human identity security was already becoming a serious issue because modern companies run on service accounts, tokens, and app-to-app connections. AI agents just pour fuel on that fire, because they increase the number of autonomous actors inside a company and the number of credentials those actors need. Think of it like giving more employees master keys — except these employees are software, they work nonstop, and they can copy the keys instantly. (astrix.security) ### What does the $400 million figure tell us? Mostly that Cisco sees this as strategic, not experimental. Cisco itself kept terms private, so the reported price comes from Calcalist. But even with that caveat, the number fits the pattern of a large company paying up for a tight, focused capability in a market that could get crowded quickly. The deal also gives Astrix a much bigger distribution engine inside enterprises that already buy Cisco security products. (securityweek.com) ### What’s the catch? The hard part starts after the acquisition announcement. Cisco still has to integrate Astrix cleanly, make the controls usable, and prove that customers can govern AI agents without slowing down the reason they adopted them in the first place. Security teams want visibility and policy enforcement. Business teams want agents to move fast. Those goals can fit together — but only if Cisco makes the guardrails feel built-in rather than bolted on. (calcalistech.com) ### Bottom line Cisco isn’t just buying a startup. It’s buying a missing layer for a world where more workers are software, more access is machine-to-machine, and identity security has to keep up. If that shift keeps going — and it probably will — this deal will look less like a niche cyber acquisition and more like basic infrastructure. (blogs.cisco.com)