Cisco’s Astrix deal shows NHI governance is moving mainstream

At a glance

What this is: Cisco’s planned acquisition of Astrix Security highlights how NHI governance is becoming part of mainstream identity security strategy, especially as AI agents inherit machine credentials.

Why it matters: For IAM teams, the signal is that identity programmes must cover human users, service accounts, and AI agents together, or they will miss the access paths attackers and autonomous systems actually use.

👉 Read Silverfort’s analysis of Cisco’s Astrix acquisition and NHI governance

Context

Non-human identity governance is the discipline of discovering, managing, and controlling service accounts, API keys, OAuth tokens, certificates, and similar machine credentials across the enterprise. In this case, the primary issue is not the acquisition itself, but the fact that NHI security has moved from a niche concern into a core identity security capability.

That matters because the same credentials used by workloads and integrations are increasingly used by AI agents acting inside enterprise environments. Once those identities become part of daily access decisions, they can no longer sit outside IAM, PAM, lifecycle management, or runtime enforcement.

Key questions

Q: How should security teams govern AI agents that use non-human credentials?

A: Treat the agent and its credential as one governed identity path. Define ownership, allowed tools, approved data sources, and revocation triggers together, then enforce those rules at access time. If the agent can act independently, standard machine-account controls are necessary but not sufficient, because the identity is also making runtime decisions that can expand its own reach.

Q: Why do service accounts and API keys need stronger lifecycle control than most teams apply?

A: Because they often outlive the system, application, or vendor relationship that created them. Without offboarding, rotation, and periodic recertification, valid credentials remain available long after the original business need has changed. That creates persistent access paths that attackers can abuse and that normal change management does not reliably catch.

Q: What breaks when identity visibility is strong but runtime enforcement is weak?

A: Teams can see the identity and still fail to stop the access. That means compromised or over-privileged credentials remain usable until after the damage is done. Visibility supports investigation, but it does not change the outcome if the control point is still after the session or outside the access decision path.

Q: Who should be accountable when an AI agent or service account causes unauthorized access?

A: Accountability should sit with the team that owns the business process, the identity lifecycle, and the access policy, not with the tool that merely exposes the issue. For regulated environments, that means the control owner must be able to show who approved access, who can revoke it, and how the identity is monitored across its full lifecycle.

Technical breakdown

Why NHI discovery is no longer enough

Discovery tells you what exists, but it does not answer whether the credential is still valid, over-privileged, or actively used by an upstream workflow. NHI programmes often begin with visibility because blind spots are common, yet visibility alone cannot stop a compromised API key from being replayed or an OAuth token from being abused across systems. The technical problem is that machine identities are distributed across cloud platforms, code, pipelines, and third-party integrations, which means their security state changes faster than annual reviews or manual inventories can track.

Practical implication: build inventory, lifecycle, and enforcement as a single control plane rather than treating discovery as the end state.

Runtime enforcement at identity decision points

Runtime enforcement is the point where identity policy is applied before access is granted or elevated, rather than after suspicious behaviour is detected. In NHI environments this matters because service accounts and tokens often operate without user prompts, making post-event response too late for meaningful containment. The architectural shift is toward controls that can block, step up, or constrain access based on context, trust posture, and privilege boundaries at the moment of authentication or token use.

Practical implication: place control logic in the authentication and access path, not only in SIEM, detection, or incident review workflows.

How AI agents change the NHI threat model

AI agents often reuse the same credential classes as traditional machine identities, but they add independent action timing and tool selection inside the workflow. That creates a governance problem that is broader than classic NHI sprawl: the credential is not just a secret to protect, it is the identity boundary for a system that can initiate actions on its own. The result is a tighter connection between NHI governance and agentic AI risk, especially where the agent can combine access, context, and tools faster than human review cycles can respond.

Practical implication: treat AI agents as identity subjects that need explicit governance, not as generic automation wrapped around existing machine accounts.

NHI Mgmt Group analysis

NHI governance has crossed from niche tooling into core identity architecture. When a major platform investor places value on NHI capability, the market is acknowledging that machine identities are now central to the identity attack surface. The practical consequence is that IAM, PAM, and detection teams can no longer treat service accounts, API keys, and OAuth tokens as a separate operations problem.

Runtime enforcement is the control boundary that discovery-only programmes keep missing. Visibility helps teams enumerate identities, but it does not stop a valid credential from being used in an unsafe context. The discipline is shifting toward policy decisions made at the moment of access, which is where compromised machine identities create damage.

Identity fragmentation is the structural weakness this deal exposes. Human IAM, PAM, NHI, cloud entitlement management, and security analytics have too often been managed as separate estates with separate data models. Attackers and AI agents do not respect those seams, so the programme that only sees one slice of identity is already behind.

AI agent governance depends on the same NHI foundations, but the operating assumption is different. Machine identities were designed for bounded system-to-system access, not for entities that can select actions dynamically during execution. That makes NHI controls necessary but not sufficient for autonomous behaviour, and practitioners need to stop assuming that traditional credential governance alone can explain or contain agent-driven access.

Identity blast radius: the real risk is not how many identities exist, but how far one compromised credential can move across human, machine, and agentic domains. That concept is useful because it ties governance to containment rather than inventory size. The practitioner conclusion is to measure whether one credential can traverse multiple trust boundaries before any human can intervene.

From our research:

• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
• Only 5.7% of organisations have full visibility into their service accounts, which helps explain why many NHI programmes still miss high-risk credentials until late in the lifecycle.
• For the lifecycle side of the problem, Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs gives the operational context teams need next.

What this signals

Identity programmes should expect the boundary between machine identity and agent governance to blur further. As AI agents inherit the same credentials used by workloads and integrations, inventory-only programmes will struggle to keep up with access that changes faster than review cadences.

Runtime policy will become the differentiator. Teams that can enforce access decisions at authentication time will be better positioned than those relying on log review and post-incident response after the access path is already exploited.

The most resilient programmes will measure identity by blast radius, not just by count. That means tracking how far one credential can move across systems before it is blocked, rotated, or revoked.

For practitioners

• Unify identity inventory across all actor types Map human accounts, service accounts, API keys, OAuth tokens, and AI agent credentials into one inventory so ownership, usage, and privilege can be assessed together.
• Move from discovery to enforcement Place policy controls at authentication and token-use points so risky access can be blocked or stepped up before the session completes.
• Define lifecycle ownership for machine and agent identities Assign clear offboarding, rotation, and recertification responsibility for every non-human credential, including those used by AI agents and third-party integrations.
• Measure credential blast radius across silos Test how far a single credential can move across cloud, SaaS, code, and security tooling before detection or revocation interrupts it.

Key takeaways

• The deal signals that NHI governance is now part of mainstream identity security architecture, not a side topic for specialist teams.
• Visibility without runtime enforcement leaves a large gap, especially when machine credentials and AI agent access can be reused before review catches up.
• Enterprises should unify lifecycle, policy, and ownership across human, machine, and agent identities or accept a wider identity blast radius.

Key terms

• Non-human identity: A non-human identity is any credentialed digital entity used by software rather than a person. That includes service accounts, API keys, OAuth tokens, certificates, and AI agents. The governance challenge is that these identities often operate at machine speed with weak ownership and limited lifecycle control.
• Runtime enforcement: Runtime enforcement is the practice of applying identity policy at the point an access request is made or a token is used. It matters because discovery alone cannot stop valid credentials from being abused. In mature programmes, enforcement sits in the access path rather than only in monitoring tools.
• Identity blast radius: Identity blast radius is the amount of damage one compromised identity can cause across systems, data, and trust boundaries. It is a better measure than raw identity count because it shows how far credentials can move before they are detected, constrained, or revoked.
• Agentic identity: Agentic identity is the identity model used for AI systems that can choose actions, tools, or execution timing at runtime. It differs from ordinary automation because the system is not simply following a fixed script. That makes governance depend on both credential control and decision control.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or programme maturity, it is worth exploring.

This post draws on content published by Silverfort: Cisco's intent to acquire Astrix Security and its implications for identity security. Read the original.