We are excited to announce our intent to acquire WideField Security Inc. WideField will boost the capabilities of Splunk’s Agentic SOC, by extending machine-speed autonomous responses with identity and session intelligence for human, non-human, and AI-agent activity. To ensure trust, this is evidence-backed and policy-aware.

The rapid deployment of AI agents, autonomous workloads, and non-human identities – all operating at machine speed – introduced a new class of security risk. Beyond unauthorized access, the challenge also includes authorized entities taking unsafe actions in the wrong context, which can cause significant damage before any human team has a chance to respond. Enterprises just weren’t prepared for the security problem that the rise of agentic AI created.

Addressing this requires a new approach to security that can detect suspicious behavior even from authenticated users and approved AI agents. It calls for three interconnected challenges to be tackled:

• Protect agents from the world with clear operational guardrails to ensure agents cannot be manipulated or exploited by bad actors. WideField’s identity-centric capabilities enforce access controls, establish session-level guardrails, and maintain trust boundaries as AI agents interact with data, tools, and systems.
• Protect the world from agents, ensuring that the AI agents operating within their environments are known, accountable, and restricted to only the access and actions they need to perform their intended tasks.
• Detect and respond to threats at machine speed and scale, mitigating the operational and security impacts from misaligned or compromised agents.

Identity, in today’s agentic AI era, is not just focused on who logged in but who, or what, took action and under which authority, which session, and with what blast radius. Identity is now foundational to how organizations govern, secure, and respond to human activity and non-human, such as AI agents, service accounts, workloads, automation identities, etc. Detections must translate into evidence-based decisions that help security teams triage faster, investigate with confidence and respond safely, with human approval where required.

WideField turns identity telemetry into verified session evidence that AI-driven security workflows can safely reason over. For Agentic Security Operations that enable autonomous responses, it is imperative to have deterministic data pipelines that correlate telemetry from endpoints, identity systems, networks, and cloud in a format optimized for AI consumption. WideField sessionizes identity signals, which provides the session-level signals necessary for deeper analysis in Splunk’s Agentic SOC, allowing the SOC agents to infer whether an action belongs to a legitimate active session or a potentially malicious one.

WideField’s capabilities strengthen the Cisco Data Fabric by incorporating deep identity and session intelligence, giving customers the context they need to operate AI safely and at scale. This evidence can become a first-class signal for Spunk’s Agentic SOC, Cisco Cloud Control, and future AI governance workflows. Together with WideField we will expand the lens of threat investigation and response to include these critical factors, resulting in enhancements to Splunk’s Agentic SOC capabilities with greater precision and control.

With the acquisition of WideField, Cisco’s Splunk business is continuing to invest in developing and delivering differentiated, enterprise-grade agent and agentic security solutions that address the real-world challenges facing today’s organizations. Building on the recent additions of Astrix Security and Galileo, WideField reinforces Cisco’s commitment to delivering an integrated trust layer for the agentic AI era — one that spans identity, runtime behavior, visibility, and enforcement — distinguishing Cisco as a trusted partner for enterprises seeking to operationalize AI with confidence and control.

[Forward-Looking Statements]

This blog post may be deemed to contain forward-looking statements, which are subject to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including statements containing the words “transform”, “will,” “plans,” “expects,” “intends,” “may,” or “continues,” or the negative of these terms or other comparable terminology, as well as similar expressions, or regarding the expected benefits to Cisco and its customers from completing the acquisition, and plans regarding WideField personnel. Readers should not place undue reliance on these forward-looking statements, as these statements are management’s beliefs and assumptions, many of which, by their nature, are inherently uncertain, and outside of management’s control. Additionally, readers are cautioned that these forward-looking statements are only predictions and may differ materially from actual future events or results due a variety of factors, including, among other things, the potential impact on the business of WideField due to the uncertainty about the acquisition, the retention of employees of  WideField and the ability of Cisco to successfully integrate WideField and to achieve expected benefits, business and economic conditions and growth trends, customer markets and various geographic regions, global economic conditions and uncertainties in the geopolitical environment and other risk factors set forth in Cisco’s most recent reports on Form 10-K and Form 10-Q. Any forward-looking statements in this blog post are based on limited information currently available to Cisco, which is subject to change, and Cisco will not necessarily update the information.