Notifications
Clear all
Topic starter
14/05/2026 12:17 pm
TL;DR: Cisco's intent to acquire Astrix Security signals that non-human identity governance is moving into broader platform security, with the vendor saying its capabilities will fold into Cisco Identity Intelligence, Secure Access, Duo, and Splunk as AI agents expand the credential surface. The consolidation validates NHI as an enterprise control problem, not a niche add-on.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps , 38% have no or low visibility, and a further 47% have only partial visibility.
Questions worth separating out
Q: What does the Cisco acquisition of Astrix Security mean for NHI tooling?
A: It means NHI security is being absorbed into broader identity and security platforms, which changes how buyers evaluate control coverage.
Q: Should IAM teams re-evaluate their NHI tooling choices after a major acquisition?
A: Yes. A major acquisition can change product roadmaps, integration priorities, and support models, so IAM teams should re-check dependency risk and data portability. The decision point is not brand preference. It is whether the platform can still deliver measurable control over discovery, rotation, review, and decommissioning across service accounts and agentic workloads.
Q: What is the difference between visibility and governance for non-human identities?
A: Visibility tells you that a machine identity exists.
Practitioner guidance
- Re-map every machine identity to an accountable owner Create a single inventory that ties service accounts, API keys, OAuth grants, certificates, and AI agent credentials to business owners and technical stewards.
- Automate rotation and revocation for stale credentials Connect detection findings to ticketing or workflow automation so exposed or unused credentials are rotated or revoked quickly.
- Review delegated access chains for agentic workloads Trace each agent's tool access back to the underlying OAuth grant, secret, or service principal, then verify scope, expiration, and fallback paths.
With 85% of organisations lacking full visibility into third-party vendors connected via OAuth apps, the governance gap is already larger than most roadmaps assume?
👉 Read Cisco's acquisition statement on Astrix Security and NHI security →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 12:18 pm
A few things worth adding from our research at NHI Mgmt Group.
NHI security is now a platform consolidation problem, not a category experiment. When platform vendors absorb specialist NHI capabilities, the market stops debating whether the problem is real and starts competing on how broadly it can be operationalised. That shifts procurement conversations from feature checklists to control coverage, telemetry depth, and lifecycle integration. Practitioners should treat this as a signal to evaluate whether their current stack can still support end-to-end NHI governance.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared with nearly 1 in 4 for securing human identities, which shows the category remains operationally immature.
A question worth separating out:
Q: Why do AI agents increase the risk of NHI sprawl?
A: AI agents increase NHI sprawl because every agent often needs multiple credentials, tool connections, and delegated permissions to operate. That multiplies the number of identities, tokens, and review points without creating human-style accountability. Teams should expect sprawl to rise unless agent creation, scope, and retirement are governed as tightly as production workloads.
👉 Read our full editorial: Cisco acquires Astrix Security: what it means for NHI governance
