Cisco is in advanced discussions to acquire Israeli cybersecurity startup Astrix Security, in a deal that could further expand the US networking giant’s push into identity and access security, according to a report published by Globes. The report, titled “Cisco in talks to buy Astrix Security – report,” said the talks point to a potential transaction that would add specialized capabilities designed to prevent unauthorized access by non-human identities, such as application programming interfaces, service accounts and automated credentials used by software and AI agents.
Astrix Security operates in a fast-growing segment of the cybersecurity market focused on threats that emerge when machines, applications and automated processes are granted access privileges that are often poorly monitored and rarely rotated. As enterprises increasingly integrate cloud services, automation and AI-driven tools, the number of such identities can multiply quickly, creating new pathways for attackers to move laterally or extract sensitive data without triggering traditional user-focused security controls.
For Cisco, the discussions come as the company continues to reshape its portfolio around security and software subscriptions, seeking growth beyond its core networking business. In recent years Cisco has emphasized that network infrastructure and security are converging, and that customers want integrated platforms rather than a patchwork of point solutions. An acquisition of Astrix would align with that strategy by complementing Cisco’s broader security stack with tooling aimed at discovering, classifying and controlling privileged access held by machines and automated agents.
Industry analysts say non-human identity governance has become more urgent as organizations deploy AI-enabled applications and connect external tools to internal systems using tokens and keys that can persist for long periods. These credentials are frequently embedded in code repositories, configuration files or third-party integrations, and may be shared across environments. When compromised, they can provide direct access to sensitive databases or production systems, often with fewer behavioral signals than a stolen employee password.
The Globes report reflects a broader wave of consolidation in cybersecurity, as large vendors seek to buy niche capabilities rather than build them from scratch, and as startups look for exits in a market where enterprise budgets are scrutinized and sales cycles can be long. Israel, in particular, has remained a significant pipeline for security innovation, producing companies that specialize in emerging attack surfaces like cloud infrastructure, identity and AI-driven threats.
Neither Cisco nor Astrix has publicly confirmed details of the talks. Any deal would likely be evaluated in the context of Cisco’s existing security investments and its goal of delivering more unified security management across networks, endpoints and cloud environments. If the discussions progress, the acquisition would signal that controlling machine and AI-agent access is moving from an emerging concern to a mainstream priority for the world’s largest enterprise technology providers.
