Notifications
Clear all
Topic starter
22/06/2026 10:06 am
TL;DR: Cisco’s planned acquisition of Astrix Security for an estimated $400 million underscores how NHI security, AI agent identity, and runtime enforcement are converging into one identity security problem, according to Silverfort. The deal signals that visibility alone is no longer enough when service accounts, API keys, OAuth tokens, and agent-driven access all need governed action paths.
NHIMG editorial — based on content published by Silverfort: Cisco's intent to acquire Astrix Security and its implications for identity security
Questions worth separating out
Q: How should security teams govern AI agents that use non-human credentials?
A: Treat the agent and its credential as one governed identity path.
Q: Why do service accounts and API keys need stronger lifecycle control than most teams apply?
A: Because they often outlive the system, application, or vendor relationship that created them.
Q: What breaks when identity visibility is strong but runtime enforcement is weak?
A: Teams can see the identity and still fail to stop the access.
Practitioner guidance
- Unify identity inventory across all actor types Map human accounts, service accounts, API keys, OAuth tokens, and AI agent credentials into one inventory so ownership, usage, and privilege can be assessed together.
- Move from discovery to enforcement Place policy controls at authentication and token-use points so risky access can be blocked or stepped up before the session completes.
- Define lifecycle ownership for machine and agent identities Assign clear offboarding, rotation, and recertification responsibility for every non-human credential, including those used by AI agents and third-party integrations.
What's in the full analysis
Silverfort's full article covers the operational detail this post intentionally leaves for the source:
- The vendor’s breakdown of how Cisco’s broader identity strategy has evolved across Duo, Oort, Splunk, and Astrix.
- The article’s discussion of how NHI visibility, discovery, and runtime enforcement fit into a platform approach.
- The source’s commentary on AI agents, machine credentials, and why fragmented tooling leaves blind spots.
- The vendor’s own framing of why identity security is converging across human and non-human domains.
👉 Read Silverfort’s analysis of Cisco’s Astrix acquisition and NHI governance →
Cisco’s Astrix acquisition: what it means for NHI governance?
Explore further
22/06/2026 10:52 am
NHI governance has crossed from niche tooling into core identity architecture. When a major platform investor places value on NHI capability, the market is acknowledging that machine identities are now central to the identity attack surface. The practical consequence is that IAM, PAM, and detection teams can no longer treat service accounts, API keys, and OAuth tokens as a separate operations problem.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which helps explain why many NHI programmes still miss high-risk credentials until late in the lifecycle.
A question worth separating out:
Q: Who should be accountable when an AI agent or service account causes unauthorized access?
A: Accountability should sit with the team that owns the business process, the identity lifecycle, and the access policy, not with the tool that merely exposes the issue. For regulated environments, that means the control owner must be able to show who approved access, who can revoke it, and how the identity is monitored across its full lifecycle.
👉 Read our full editorial: Cisco’s Astrix deal shows NHI governance is moving mainstream
