What happened: CRN Asia reports Cisco is in talks to acquire Astrix Security for an estimated $250 million to $350 million, citing reporting that originated with The Information and was corroborated by Israeli financial publications. Neither company has confirmed the discussions.
Why it matters: If you believe ‘agents are the future,’ you also have to believe in the boring part: non-human identities. Bots, tokens, service accounts, and agent credentials already outnumber humans, and the security problem is less ‘AI goes rogue’ and more ‘keys go missing.’
Wider context: The piece frames Astrix as a non-human identity (NHI) discovery and governance layer across cloud and SaaS, and positions it as complementary to Cisco’s security stack. It also points to competitive pressure as major security vendors race to own identity security for agentic enterprises.
Background: The article notes Astrix has focused on NHIs since 2021, and highlights its earlier discovery of a Google Cloud OAuth vulnerability (‘GhostToken’) that Google patched in 2023. It also cites market context and adoption pressure in India.
Cisco’s reported Astrix bid highlights why identity is becoming the control layer for AI security — CRN Asia
Singularity Soup Take: Agentic AI has everyone dreaming about digital coworkers. Security teams are stuck parenting the actual reality: a daycare full of API keys with no owner. If Cisco is shopping for Astrix, it is basically admitting the control plane is identity, not ‘better prompts.’
Key Takeaways:
- Deal Framing: Cisco is reportedly in acquisition talks for Astrix Security in a $250M to $350M range, though neither company has confirmed it, so the story remains unverified reporting.
- Non-Human Identity Problem: The article argues the growth in bots, tokens, service accounts, and AI agents makes discovery, inventory, and lifecycle governance of non-human identities a first-order security requirement.
- Competitive Signal: The piece points to an industry race toward identity-centric agent governance, with major vendors positioning around Zero Trust and agent access control rather than treating AI security as a standalone feature add-on.