Cisco Bets On WideField Security Acquisition To Tackle Agentic AI Security Gap

“There was a gap that Cisco had there, and they’re obviously looking to close it,” one executive at a Cisco partner tells CRN.

Digital background depicting innovative technologies in security systems, data protection Internet technologies

Networking giant Cisco last week unveiled plans to acquire WideField Security, the latest in a string of acquisitions aimed at bolstering the company’s agentic AI and security capabilities.

Kamal Hathi, Cisco’s senior vice president and general manager of its Splunk business, last Thursday wrote in a blog post that Cisco plans to integrate WideField Security into Splunk to boost Cisco’s agentic AI SOC (security operations center) capabilities.

“[The acquisition will help] normalize and correlate identity, session, and activity telemetry from a variety of sources,” Hathi wrote. “This will enable Splunk to assemble context across human, non-human, and AI-agent activity, including signals from Cisco Identity Intelligence.”

[Related: Cisco Execs To Partners: Cloud Control, AI Security Push Create New Monetization Openings]

No dollar value was given for the acquisition. However, Sunnyvale, Calif.-based WideField Security in October reported raising $11.3 million in a Series A round of funding let by Crosspoint Capital.

Cisco Investments in March of this year participated in an expansion of that Series A funding round. Jeetu Patel, Cisco’s president and chief product officer, serves on WideField Security’s board of directors.

Cisco declined to provide further information about its planned WideField Security acquisition beyond Hathi’s blog post.

WideField Security was founded in 2023 by two ex-Netskope executives to provide comprehensive visibility, rapid risk reduction, and real-time detection and response across all human and non-human identities to reduce attack surface, improve posture, and support resilient teams.

WideField Security is the third in a recent string of Cisco acquisitions aimed at making the company a leader in the increasingly interconnected fields of networking, security, and AI.

Cisco in May unveiled plans to acquire identity protection startup Astrix Security in a bid to bolster the tech giant’s offerings for securing AI agents.

A month earlier, Cisco unveiled plans to acquire AI observability specialist Galileo Technologies to power up its Cisco’s Splunk Observability portfolio.

Hathi, in his blog post, wrote that the rapid deployment of AI agents, autonomous workloads, and non-human identities, all of which are operating at machine speed, has introduced a new class of security risk.

“Beyond unauthorized access, the challenge also includes authorized entities taking unsafe actions in the wrong context, which can cause significant damage before any human team has a chance to respond,” he wrote. “Enterprises just weren’t prepared for the security problem that the rise of agentic AI created. Addressing this requires a new approach to security that can detect suspicious behavior even from authenticated users and approved AI agents.”

Hathi wrote that this new approach includes three prongs: protect agents from the world with clear operational guardrails, protect the world from agents by ensuring that AI agents operate within their environments, and detect and respond to threats at machine speed and scale.

“Identity, in today’s agentic AI era, is not just focused on who logged in but who, or what, took action and under which authority, which session, and with what blast radius,” he wrote. “Identity is now foundational to how organizations govern, secure, and respond to human activity and non-human, such as AI agents, service accounts, workloads, automation identities, etc. Detections must translate into evidence-based decisions that help security teams triage faster, investigate with confidence and respond safely, with human approval where required.”

With WideField Security, Cisco will have the ability to use deterministic data pipelines that correlate telemetry from endpoints, identity systems, networks, and cloud in a format optimized for AI consumption to improve agentic security operations, Hathi wrote.

“WideField’s technology enables this telemetry to be utilized as part of AI-driven security workflows and reasoning at scale,” he wrote. “Utilizing identity telemetry and intelligence from a wide variety of sources, including Cisco Identity Intelligence, Splunk’s Agentic SOC will be able to assemble session-level signals necessary for deeper analysis buy security analysts, allowing these agents to infer whether an action belongs to a legitimate active session or a potentially malicious one. Furthermore, WideField’s technology will strengthen the Cisco Data Fabric by helping incorporate deeper identity and session intelligence, giving customers the context they need to operate AI safely and at scale, even beyond security operations.”

Cisco’s planned acquisition of WideField Security lines up with the strategy the company outlined at this month’s Cisco Live 2026 conference, said Lane Irvine, alliance leader at Long View Systems, a Calgary, Alberta-based solution provider and long-time Cisco channel partner.

“Cisco talked about how to do identity beyond authentication and specifically identity of AI agents,” Irvine told CRN. “They talked about what we can do about identity. So I guess we could have maybe seen this in the cards, not necessarily who they would purchase. There was a gap that Cisco had there, and they’re obviously looking to close it.”

Deep identity review is an interesting and developing area, and different from traditional identity services that customers might get from other solutions like Microsoft and whatnot, Irvine said.

“It goes a little deeper into behavior identity, and how we are actually tracking,” he said. “As Cisco integrates it into the Splunk SOC offering, I think it’ll give a lot more access to information about what’s happening with agents. And it goes into where the industry is going as we look at beyond check identity at the front door to checking identity throughout an action, throughout an engagement.”

Identity gets really fuzzy with agentic or AI agent identity because of questions around what the agents are doing, what should they have access to, and where are they going, Irvine said.

“That could be a real risk for customers,” he said. “This will become more important over time. There’s value now, and opportunities to develop into something a lot more important in the future.”

For customers, agentic AI is still in the early days, Irvine said.

“There are some high-security customers that probably do see the opportunities and have the demand,” he said. “I’m not seeing a lot of it yet, but it is something that will grow further. The opportunity will expand. Right now, it is light, but customers are preparing for what’s coming, and I think that’s important.”