Google’s Gemini Enterprise Agent Platform is shipping “Agent Identity” — unique cryptographic IDs mapped to auditable policies — at the exact moment Cisco is reportedly negotiating to buy a non-human identity startup. That’s not a coincidence. It’s the market admitting what agents really are: privileged accounts with personality.
The next big ‘agent’ feature isn’t a new tool. It’s a name tag, an audit log, and a policy engine that says what your bot is allowed to break.
What happened
At Google Cloud Next 26, Google introduced Gemini Enterprise Agent Platform, a hub to build and manage agentic workflows — including governance features like Agent Identity, Agent Registry, and Agent Gateway (Google Cloud blog; Infosecurity Magazine).
Infosecurity Magazine reports that the platform can assign each agent a unique cryptographic ID tied to “traceable and auditable” authorization policies, with Google framing it as bringing “zero trust verification” to orchestration steps (Infosecurity Magazine).
In parallel, BankInfoSecurity reports that Cisco is in talks to acquire Astrix Security, a non-human identity startup, for $250–$350 million, citing The Information. The same write-up notes a wider funding/M&A wave in non-human identity and access orchestration (BankInfoSecurity).
The non-obvious angle: the ‘agent boom’ is actually an identity boom
“Agentic AI” marketing wants you staring at capability demos. Security and procurement teams are staring at a simpler truth: an agent is a new kind of identity.
Not a human user. Not a deterministic service account. Something fuzzier: a system that can take actions across applications and then explain itself in fluent English while doing it.
So the battleground shifts. The winners won’t be decided by who has the most charming bot persona. They’ll be decided by who can ship the most credible answers to five boring questions:
- Who is this agent? (cryptographic identity, not “the intern named Claude”)
- What is it allowed to touch? (least privilege that survives reality)
- How do we watch it? (audit trails that don’t melt your budget)
- How do we stop it? (kill switches that actually work)
- Who is liable when it goes feral? (vendors will try to make this ‘you’)
Google shipping Agent Identity as a first-class platform primitive is an admission: governance is now part of the product. Cisco chasing Astrix is a second admission: governance is now worth real acquisition money.
Stakes map (who wins, who gets haunted)
- Security teams (win tools, lose sleep): “agent registry” sounds great until you realize half your org will run shadow agents anyway.
- IAM vendors (win a new market): non-human identity stops being a niche certificate problem and becomes the agent adoption gate.
- Platform clouds (win lock-in leverage): if identity + policy + observability live in the cloud control plane, switching costs quietly explode.
- Everyone else (pays): because the invoice for governance always arrives after the demo.
The Singularity Soup Take
The “agent” story keeps getting told as magic. The enterprise reality is paperwork: identities, policies, registries, gateways. The funniest part is that this is what every serious automation wave turns into. The scary part is that agents can now generate plausible lies about what the paperwork says.
What to Watch
- Procurement checkboxes: “agent identity + audit + policy enforcement” becomes a standard RFP requirement, not a nice-to-have.
- M&A acceleration: if Cisco buys Astrix, expect copycats — the fastest way to ‘ship’ agent governance is to buy it.
- Protocol consolidation: Google name-checks agent protocols like MCP and A2A as part of the gateway story; watch which ones become de-facto standards (Infosecurity Magazine).
Sources
Google Cloud Blog — “Introducing Gemini Enterprise Agent Platform”
Infosecurity Magazine — “Google Introduces Unique AI Agent Identities in New Gemini Enterprise Platform”
BankInfoSecurity — “Why Cisco Is Eyeing Buy of Non-Human Identity Startup Astrix”