Cisco Systems is in advanced negotiations to acquire Astrix Security, an Israeli cybersecurity startup that secures AI agents and non-human identities, in a deal valued between $250 million and $350 million. The acquisition, first reported by Calcalist Tech on April 10 and confirmed as active by Yahoo Finance this morning, would mark the first major M&A transaction targeting the AI agent security category specifically.
What Astrix Actually Does
Astrix’s platform addresses a problem that expands with every AI agent an enterprise deploys: non-human identity (NHI) sprawl. Every AI agent that authenticates into Salesforce, Workday, or an internal data warehouse uses service accounts, OAuth tokens, API keys, or MCP server credentials. Astrix inventories these NHIs, maps their permissions, detects toxic combinations, and remediates overprivileged access before it becomes an exploit vector.
According to SiliconANGLE, the platform specifically detects MCP servers and the non-human identities that agents use to log into external applications, scanning discovered assets for vulnerabilities. That MCP server detection capability is notable given this week’s CVE-2026-33032 “MCPwn” vulnerability, which demonstrated full server takeover via unauthenticated MCP tool invocation.
Cisco’s Strategic Play
Cisco already dominates enterprise network security through Secure Firewall, Umbrella, and Duo MFA. As enterprise AI agent deployments proliferate, each agent identity becomes a new attack vector that existing perimeter and human-identity tools were never designed to cover.
Network World framed the Astrix bid as one of “two moves to own the AI infrastructure stack,” positioning the acquisition alongside a second, unspecified strategic play in Cisco’s AI infrastructure portfolio.
CRN Asia offered the sharpest analysis: “identity is becoming the control layer for AI security.” The argument is that as agent-to-agent communication scales, the NHI layer becomes the enforcement point where enterprises can actually govern what their autonomous systems are authorized to do.
The $250-350M Valuation Signal
The price range tells the market something about how enterprise security incumbents value the AI agent security category. At $250-350M for an early-stage startup, Cisco is paying an acquisition premium that reflects urgency, not just capability. Three separate commercial bets on AI agent security landed in the same 24-hour window: Cisco’s Astrix bid, Capsule Security’s $7M stealth launch for runtime agent governance, and KnowBe4’s Agent Risk Manager product launch.
The NHI Problem at Scale
The underlying math is straightforward. An enterprise running 500 AI agents, each with 3-5 service account credentials across different SaaS platforms, creates 1,500 to 2,500 non-human identities that need continuous monitoring, permission auditing, and lifecycle management. Most enterprise security teams have no centralized inventory of these credentials, let alone governance policies for when agents authenticate into sensitive systems autonomously.
As CRN noted, Cisco is “looking to lock down AI agents” through a capability its existing portfolio lacks: identity governance purpose-built for non-human actors.
What This Prices In
If Cisco closes the Astrix deal, it establishes a reference valuation for the AI agent security market and signals to every enterprise CISO that NHI governance belongs in the security stack, not as a side project. For teams deploying AI agents in production, the question Astrix answers is no longer theoretical: who are your agents allowed to be, and what are they authorized to do? The acquisition confirms that enterprise security incumbents believe those questions are now worth nine figures to answer.