Cisco Doubles Down on Non-Human Identity Security
Cisco has announced the acquisition of Astrix Security and WideField to expand its identity security portfolio into the rapidly growing non-human identity (NHI) market. The move signals Cisco's bet that as AI agents, microservices, and automated workloads proliferate, securing machine and service identities will become as critical as securing human user accounts.
What Is Non-Human Identity (NHI)?
Non-human identities represent the accounts, tokens, credentials, and API keys used by software systems rather than human users. As organizations deploy more automation and AI agents, NHIs have exploded in volume — often outnumbering human identities by orders of magnitude.
Common NHI Types
| Identity Type | Description |
|---|---|
| Service Accounts | Accounts used by applications and services to authenticate |
| API Keys & Tokens | Credentials used by integrations, third-party services, and scripts |
| OAuth Applications | Authorized third-party apps with delegated access to organizational data |
| CI/CD Pipeline Identities | Credentials used by build and deployment automation |
| AI Agents | Autonomous AI systems that require access to tools, APIs, and data |
| Cloud Workload Identities | IAM roles and managed identities in cloud environments |
The security challenge with NHIs is significant: they often have excessive privileges, no expiration dates, no MFA, and poor visibility into what they access and why.
The Acquisitions: Astrix & WideField
Astrix Security
Astrix specializes in third-party NHI security, providing visibility into OAuth applications and API integrations connected to enterprise SaaS environments. Astrix's platform discovers shadow integrations — often unknown to IT and security teams — and continuously monitors them for risky permissions, unusual behavior, and policy violations.
Key capabilities:
- Automated discovery of all third-party app integrations and API connections
- Risk scoring based on permissions, usage patterns, and vendor security posture
- Revocation workflows for unused or risky integrations
- Continuous monitoring for anomalous access behavior
WideField
WideField focuses on service account and machine identity governance, helping organizations discover, classify, and secure the internal non-human identities that proliferate across on-premise and cloud environments. WideField addresses the challenge of "identity sprawl" — the accumulation of thousands of service accounts with unclear ownership and excessive privileges.
Key capabilities:
- Complete inventory of service accounts across AD, cloud IAM, and Kubernetes
- Automated detection of over-privileged and stale machine identities
- Just-in-time access recommendations for service accounts
- Policy enforcement for machine identity lifecycle management
Why NHI Now?
The push into NHI security is driven by several converging trends:
The Agentic AI Surge
The rapid deployment of AI agents in enterprise environments has dramatically expanded the NHI attack surface. Unlike traditional service accounts with relatively predictable behavior, AI agents:
- Require broad access to tools, APIs, and data sources
- Take autonomous actions that are difficult to audit in real time
- May be granted excessive permissions to avoid operational friction
- Are a relatively new paradigm with immature governance tooling
Supply Chain Risk
Third-party integrations represent a significant supply chain risk vector. When attackers compromise a SaaS vendor or steal API tokens, they can pivot into connected enterprise environments. High-profile breaches in recent years have demonstrated that a single compromised OAuth application can expose entire organizational data estates.
Regulatory Pressure
Emerging regulations and frameworks — including updated NIST CSF guidance and SEC cybersecurity disclosure rules — increasingly require organizations to account for all identities, including non-human ones, in their risk management programs.
Cisco's Broader Identity Strategy
The Astrix and WideField acquisitions expand Cisco's identity security portfolio, which already includes:
- Cisco Duo — MFA and zero-trust access for human users
- Cisco Identity Intelligence — unified identity analytics layer
- Cisco Security Cloud — integrated security platform
By adding NHI capabilities, Cisco is positioning identity as the primary control plane for securing both human and machine access across hybrid environments — a strategic alignment with the broader industry shift away from perimeter-based security.
Market Context
Cisco joins a growing list of security vendors investing in NHI:
| Vendor | NHI Approach |
|---|---|
| CyberArk | Secrets management & machine identity security |
| HashiCorp Vault | Secrets engine for machine credentials |
| Entrust | Machine identity management |
| Venafi (acquired by CyberArk) | Certificate & machine identity lifecycle |
| Cisco (Astrix + WideField) | Third-party OAuth & service account governance |
The NHI market is projected to grow significantly as AI deployment accelerates and regulatory scrutiny of non-human access increases.
Key Takeaways
- Cisco acquires Astrix and WideField to build comprehensive NHI protection capabilities
- NHI security is the emerging frontier — machine identities increasingly outnumber human accounts
- AI agents are the key driver — autonomous systems require broad access that is difficult to govern with legacy IAM tools
- Third-party OAuth and API integrations are high-risk vectors that Astrix specifically addresses
- Identity becomes the control plane for both human and non-human access in modern enterprise security architectures