Cisco's acquisition of Astrix Security signals a critical inflection point in enterprise AI governance. The deal centres on non-human identity (NHI) security—the discovery, monitoring and control of AI agents operating within organisations—and reflects a widening gap between agent capability advancement and security infrastructure. Cisco plans to integrate Astrix's capabilities into its Identity Intelligence platform and zero trust access solutions, giving security teams visibility into what AI agents are doing and the ability to enforce behavioural controls. This matters because organisations are rapidly deploying multiple AI agents per employee, each capable of accessing data, making autonomous decisions and executing actions at machine speed. Yet according to Cisco's own AI Readiness Index, only 24% of organisations can properly control agent actions with guardrails and live monitoring, and just 31% feel equipped to secure their agent systems at all.
The acquisition reflects a broader vendor consolidation around NHI security. ServiceNow has made similar moves, acquiring both Veza (for mapping access relationships across humans, machines and AI agents) and Armis (for real-time asset discovery). For CX teams already operating AI-driven support systems—whether through Salesforce Agentforce, Zendesk's automation capabilities or custom agent deployments—this raises an immediate question: do your current identity and access management frameworks account for the credentials and privileges your AI agents are consuming? The risk is material. AI agents typically operate using API keys, service accounts and OAuth tokens that, if compromised or misconfigured, can execute work at scale without human intervention. As shadow AI becomes an enterprise threat, teams without visibility into agent behaviour face exposure not just to security breaches but to uncontrolled agent actions that can damage customer relationships.
For CX professionals, the strategic implication is clear: agent governance is no longer optional infrastructure. Whether you're managing customer-facing AI or internal automation, you need discovery and control mechanisms embedded into your identity and access stack. Cisco's move suggests that major platform vendors will increasingly bundle NHI security into their core offerings rather than treating it as an afterthought. This creates both opportunity and urgency—organisations that establish agent governance frameworks now will avoid the costly retrofitting that typically follows security incidents.
By buying Astrix, Cisco plans to give enterprises tools to help them discover and control what their AI agents are doing.