Overview
May 2026’s cybersecurity M&A landscape was defined by a strategic race to secure the agentic AI frontier. Among 26 deals announced, three stand out for their direct AI security implications: Cisco’s ~$400M acquisition of Astrix Security, Check Point’s acquisition of Deepchecks, and Akamai’s ~$205M acquisition of LayerX. Taken together, these moves reflect growing recognition across major vendors that the expansion of autonomous AI agents into enterprise infrastructure is outpacing existing identity, monitoring, and control frameworks.
Technical Analysis
Cisco + Astrix Security: Astrix specialises in non-human identity (NHI) management — the governance of API keys, OAuth tokens, service accounts, and now AI agents. As enterprises deploy agentic AI workflows, these autonomous actors accumulate permissions and credentials outside traditional IAM scope. Cisco plans to integrate Astrix directly into Cisco Identity Intelligence, Duo, and Splunk to provide discovery, authentication, and continuous governance of AI actors. The core risk being addressed is that autonomous agents with over-provisioned or unmonitored credentials represent a significant lateral movement and privilege escalation vector.
Check Point + Deepchecks: Deepchecks developed continuous monitoring and LLM evaluation tooling designed to assess model behaviour, output quality, and safety guardrails in production. Check Point’s integration into its Agentic Network Security Orchestration platform aims to create a validation layer for AI security agents — a critical gap where autonomous systems making security decisions could themselves be manipulated or produce harmful outputs without oversight.
Akamai + LayerX: LayerX provides real-time visibility into user and agentic activity at the browser level, including interactions with AI tools in browsers and IDEs. This targets a growing blind spot: employees and AI agents exfiltrating sensitive data through browser-based LLM interfaces (e.g., ChatGPT, Copilot plugins) without enterprise visibility or control.
Framework Mapping
- AML.T0047 (ML-Enabled Product or Service): All three acquisitions target security gaps in deployed ML/AI products within enterprise environments.
- AML.T0012 (Valid Accounts): Astrix directly addresses the abuse of legitimate non-human credentials by AI agents.
- AML.T0057 (LLM Data Leakage): LayerX’s browser-level controls target inadvertent or adversarial data leakage through AI interfaces.
- LLM08 (Excessive Agency): Unmonitored AI agents with broad permissions are the central threat model across all three deals.
- LLM05 (Supply Chain Vulnerabilities): Deepchecks’ evaluation tooling addresses risks from unvalidated LLM behaviour in security-critical pipelines.
Impact Assessment
Organisations deploying agentic AI workflows — particularly in security operations, development environments, and cloud infrastructure — face the highest exposure. The lack of mature NHI governance, LLM output validation, and browser-level AI controls creates compounding risk: agents can be manipulated, over-privileged, or used as data exfiltration vectors with little current visibility. These acquisitions signal the market is responding, but tooling will take time to mature and integrate.
Mitigation & Recommendations
- Inventory non-human identities including all AI agent service accounts, API keys, and OAuth grants; apply least-privilege principles immediately.
- Deploy LLM output monitoring in any pipeline where AI agents make autonomous decisions, particularly in security tooling.
- Enforce browser AI usage policies via DLP or emerging browser security platforms to prevent sensitive data from reaching external LLM APIs.
- Treat AI agents as privileged users within your Zero Trust architecture — require continuous authentication and behavioural monitoring.