Cisco, a global networking and cybersecurity technology company, has announced its intention to acquire WideField Security, a move that will embed identity and session intelligence directly into Splunk's agentic security operations centre (SOC) capabilities.
WideField's technology will be integrated into Splunk to enable the normalisation and correlation of identity, session, and activity telemetry drawn from multiple sources. The result will allow Splunk to build a consolidated picture of activity across human users, non-human entities, and AI agents, drawing on signals from Cisco Identity Intelligence.
The growing deployment of AI agents, autonomous workloads, and non-human identities operating at machine speed has given rise to a new category of security risk. Beyond unauthorised access, the problem extends to authorised entities taking unsafe actions in unsuitable contexts, with the potential to cause serious damage before security teams can intervene. Cisco has identified three core challenges that must be addressed simultaneously: shielding agents from manipulation by malicious actors; ensuring AI agents operating within enterprise environments are known, accountable, and restricted to only necessary access and actions; and enabling threat detection and response at the speed and scale that machine-driven environments demand.
WideField's technology underpins this capability by enabling identity telemetry to be fed into AI-driven security workflows at scale. Drawing on intelligence from a range of sources, including Cisco Identity Intelligence, Splunk's agentic SOC will be able to assemble session-level signals to support deeper analysis by security analysts. This allows agents to determine whether a given action is part of a legitimate active session or a potentially malicious one. The technology will also strengthen the Cisco Data Fabric by incorporating richer identity and session intelligence, giving customers the context required to deploy AI safely at scale, including in contexts outside of security operations.
WideField Security is a modern identity lifecycle security company. Its platform delivers comprehensive visibility across human, machine, and AI identities, with continuous monitoring and analytics designed to improve identity posture and identify both external and insider threats across cloud, software-as-a-service, and on-premises environments. Its technology addresses the core challenge of what happens after login, where human and non-human identities are frequently managed in silos and overprivileged access can go undetected until an attacker has already gained a foothold.
The planned acquisition is the third cybersecurity-related transaction Cisco has pursued in 2026, following the additions of Astrix Security and Galileo. Together, these deals are intended to build an integrated trust layer for the agentic AI era, spanning identity, runtime behaviour, visibility, and enforcement.