Venafi→CyberArk
CLOSED
Announced 2024-05-20·Closed 2024-10-01·$1.54B disclosed
What it did
Venafi (founded 1999) was the incumbent leader in certificate-based machine identity, built around Trust Protection Platform / TLS Protect: discovery and lifecycle automation for TLS/SSL certificates across on-prem, hybrid, and multi-cloud infrastructure, pulling inventory from cloud CA services and load balancers and automating the full request-issue-deploy-renew loop. Companion product SSH Protect extended the same policy engine to SSH key governance, and a code-signing module secured build pipelines. Later extensions (Firefly, cert-manager integration) pushed the model into Kubernetes and cloud-native workload identity, issuing short-lived certs to ephemeral workloads. This was genuine remediation infrastructure — automation was Venafi's core differentiator, not a read-only inventory dashboard.
What it didn't cover
Its scope was deliberately narrow to cryptographic machine identities — certificates, SSH keys, code-signing artifacts — not the broader NHI surface of API keys, service accounts, OAuth tokens, and secrets that vendors like Entro or Astrix govern. Ownership mapping (which human or team a given certificate belonged to) was historically weak — consistent with CyberArk shipping dedicated machine-identity "discovery and context" capabilities as late as October 2025, a year after close. Governance and certification workflows were not native to Venafi at all; CyberArk plugged that gap separately by acquiring Zilla Security in February 2025. Its identity model also predates agentic AI: Firefly addressed ephemeral workload identity but not session-based, intent-driven agent authorization the way SGNL or Oasis do. Deployments were enterprise-only, with no mid-market or SMB tier.
Why it happened, and after
CyberArk, a human-privileged-access (PAM) incumbent, needed machine-identity depth as NHI volume outpaced human identity counts; Venafi added roughly $150M ARR and was reportedly included in nine of CyberArk's top ten deals in Q1 FY2025. Integration has been staged, not instant — combining certificate lifecycle with CyberArk's Conjur secrets management was slated for 2025, with a fully unified human-and-machine platform targeted for 2026 and, per analysts, still underway. Palo Alto Networks then announced its own roughly $25B acquisition of CyberArk in 2025, meaning Venafi is set to be absorbed into a second, larger platform before its first integration is complete.
Otterize→Cyera
CLOSED
Announced ~2026-06 (2025-06-26)·Price undisclosed · ~$20M reported
What it did
Otterize (founded 2022, ~$11.5M raised, open-source-rooted) automated workload-to-workload IAM inside Kubernetes and cloud-native environments using Intent-Based Access Control: each workload declares the calls it intends to make, and a Kubernetes operator translates that into enforcement — network policies, cloud IAM policies, Istio authorization, Kafka ACLs. To bootstrap intents without hand-authoring them, its network mapper passively sniffed pod-to-pod traffic (DNS, TCP, eBPF-based observation) to build a real who-calls-whom map. A credentials operator integrated with SPIFFE/SPIRE to issue short-lived, attested workload identities in place of static secrets, with automatic rotation — converting observed runtime behavior into enforced least-privilege policy, with credential issuance built in rather than bolted on.
What it didn't cover
Otterize was narrow by design: no ownership mapping back to the accountable human or team; solid create/rotate coverage for Kubernetes-native workload identity but no story for the far larger population of NHIs living outside a cluster — long-lived API keys, SaaS OAuth grants, CI/CD tokens; and no certification, attestation, or compliance-reporting layer at all. Where it stood out from most of the NHI cohort was remediation — it actually enforced least privilege rather than just surfacing a risk score, though scoped to what a Kubernetes/cloud-native operator could translate into policy. It predates the 2025-26 agentic-AI wave and wasn't built for autonomous agents, and its Kubernetes-centric surface skewed adoption toward technically sophisticated, infrastructure-fluent teams.
Why it happened, and after
Cyera, a data security posture management (DSPM) vendor whose core asset is knowing where sensitive data lives, used Otterize to extend that into which workloads can reach it and how — closing the loop from data discovery to runtime access control. The team joined Cyera's engineering org, following a similar pattern to Cyera's other 2025 Israeli tuck-ins. Otterize was Cyera's first NHI-specific acquisition; by mid-2026 Cyera was reportedly in advanced, unconfirmed talks to acquire Oasis Security for over $1B — suggesting Otterize was an opening move in a deliberate strategy to assemble NHI/agentic-access capability internally.
SGNL→CrowdStrike
CLOSED
Announced 2026-01-08·Closed 2026-02-20·~$740M disclosed
What it did
SGNL was a runtime access-enforcement layer sitting between identity providers (Okta, Entra ID) and the resources they front. Three parts: an "Identity Data Fabric" ingesting identity, security, and business context in near real time; a policy engine letting admins write human-readable, attribute-based rules evaluated at the moment of each access request rather than at provisioning time; and a "CAEP Hub" implementing the OpenID Foundation's Continuous Access Evaluation Profile, an open standard for pushing security-event tokens between systems so access could be revoked or re-scoped within seconds. It eliminated standing privilege for human, non-human, and AI-agent identities alike — genuinely differentiated at the decide-right-now layer, and built on an actual open standard rather than a proprietary event bus.
What it didn't cover
SGNL enforced access to existing identities but did not create, rotate, or decommission them — no joiner-mover-leaver lifecycle. It had no discovery or inventory of NHIs and no certification or attestation workflow of its own; it assumed identities and context were already known and fed in by other systems. Its remediation was genuinely runtime-native (automatic access revocation, not a dashboard) but only for authorization — it did nothing for secrets hygiene, vaulting, or rotation. Its integrations (AWS, Entra ID, PAM tooling) presumed an existing complex identity stack, not a self-serve SMB product.
Why it happened, and after
CrowdStrike framed the deal around extending Falcon Next-Gen Identity Security's just-in-time access — previously scoped to Active Directory/Entra ID — to AWS IAM, Okta, and other cloud/SaaS systems, and wiring CAEP-driven enforcement into Falcon Fusion SOAR so revocation extends past the IdP into downstream apps. CrowdStrike's FY2026 Q1 10-Q (quarter ended 2026-04-30) reported total consideration of $627.9M cash net of acquired cash plus $9.2M in replacement equity awards, and confirmed the deal complete on its Q1 FY27 earnings call, where it described SGNL as "the identity control plane" paired with AI detection/response — integration proceeding as a Falcon-platform feature rather than a standalone product line.
Natoma→Snowflake
SIGNED — PENDING CLOSE
Signed 2026-05-24·Announced 2026-05-27·~$110M disclosed
What it did
Natoma (founded 2024, ~$7M seed, ~20-27 employees) built an enterprise Model Context Protocol (MCP) gateway — a centralized control point mediating how AI agents and copilots connect to enterprise tools and data. It enforced identity verification, fine-grained authorization, and audit logging at the individual tool-call level: each time an agent invoked a tool, Natoma evaluated who or what was calling, what permissions it held, and whether that specific action was allowed. It shipped a library of 100+ prebuilt, verified MCP servers spanning SaaS, cloud, VPC, and on-prem systems, treating each agent-to-tool connection as a distinct non-human identity subject to policy — a purpose-built policy and enforcement plane for the MCP layer specifically, not a general NHI platform.
What it didn't cover
No public evidence of tying each MCP connection back to an accountable human owner in a broader identity graph. It enforced authorization at call time but showed no public capability for credential rotation, vaulting, or systematic decommissioning — a runtime gateway, not a credential lifecycle manager. No periodic access-certification workflows; materials describe real-time enforcement and audit trails, not attestation campaigns. Its scope was MCP-mediated traffic only, not agents calling non-MCP APIs directly or classic service accounts/API keys/certs. Market reach was minimal — a pre-scale, single-digit-million-raised startup with no evidence of enterprise-scale deployment beyond early design partners.
Why it happened, and after
Snowflake framed this as extending its "agentic control plane" — as Cortex Agents, Snowflake Intelligence, and Cortex Code move from analytics into autonomous action on systems like Slack, email, CRM, and Jira, it needed a governance choke point for what those agents can touch, and buying MCP-native identity/policy tooling was faster than building it. Unlike the PAM/IGA/security-platform buyers elsewhere in this wave, Snowflake's core business is data, not identity, making it the most adjacent buyer in the cohort. The deal's total consideration (mostly Snowflake stock, roughly 30% subject to post-combination vesting, remainder cash) appeared in Snowflake's Q1 FY2027 10-Q, which guided to a June 2026 close — but as of 2026-07-17 no closing has been publicly confirmed by a press release, 8-K, or trade coverage, and Natoma's own site still describes a signed "definitive agreement" rather than a completed transaction. The accurate status is signed and awaiting confirmed close.
Astrix Security→Cisco
CLOSED
Announced 2026-05-04·Closed shortly after·~$400M reported
What it did
Astrix (founded 2021, ~$85M raised) ran an agentless, API-based discovery engine connecting to cloud (AWS, GCP, Azure), SaaS (Slack, Salesforce, Jira, M365, Google Workspace, Okta), CI/CD, secret vaults, and increasingly AI platforms (OpenAI, Claude, Databricks, Cursor) to build a continuous inventory of service accounts, OAuth apps, API keys, SSH keys, IAM roles, and AI-agent/MCP-server credentials. On top of that it layered risk scoring — over-privilege, staleness, weak auth, anomalous behavior — threat/IOC detection for compromised NHI credentials, and an "Agent Control Plane" aimed specifically at scoping and monitoring autonomous AI-agent access. It was genuinely strong at fast, low-friction discovery of a blind spot legacy IAM/PAM tools never modeled, with early, credible coverage of agentic-AI identities specifically.
What it didn't cover
Astrix's marketing describes governance and "provisioning to decommissioning" lifecycle management, but independent signal was thin — Gartner Peer Insights showed only four verified reviews three years into the market, too small a sample to validate depth claims. Structurally: Astrix sits on top of identity providers, cloud IAM, and secret vaults rather than issuing or owning NHI credentials itself, so rotation/decommission automation is as fragmented as the app-by-app secret formats it touches — there's no SCIM-equivalent standard for machine credential lifecycle. It has no native human-identity/IGA engine of its own, so joint human-and-non-human governance under one policy and certification workflow doesn't exist inside Astrix — precisely why Cisco is wiring it into Identity Intelligence and Duo rather than treating it as already unified. Go-to-market points to an enterprise-only motion, with no self-serve or mid-market/SMB tier.
Why it happened, and after
Cisco's stated rationale was extending Zero Trust to agentic identities — a category "most enterprise security programs have not yet addressed" — by folding Astrix into Cisco Identity Intelligence, Secure Access, and Duo, with NHI/agent telemetry feeding Splunk and compatible SIEMs for unified human-and-machine detection and response. This mirrors the CrowdStrike/SGNL and Snowflake/Natoma pattern: an infrastructure/security incumbent buying discovery-and-context for AI-agent identities rather than building it, using an existing SIEM/XDR asset — Splunk, in Cisco's case — as the analytics backbone the acquired company itself lacked.
Entro Security→SailPoint
CLOSED
Intent announced 2026-06-15·Closed 2026-06-29·~$200M reported
What it did
Entro's core product, marketed as NHIDR (Non-Human Identity Detection & Response), discovered and contextualized secrets, tokens, service accounts, and certificates across roughly 70 enterprise sources — CI/CD pipelines, codebases, container registries, cloud, SaaS, and vaults — recognizing over 1,200 distinct credential and secret types via regex matching plus AI-powered detection. On top of discovery it built a behavioral baseline for each NHI and AI agent, flagged deviations, and used LLM-driven analysis to add context (ownership, purpose, recent activity) and cut false positives. Its most current-edge capability was real-time interception of AI-agent tool calls — a runtime guardrail against malicious or anomalous agent actions, not just a static inventory — and it tied each NHI/agent to a human owner while automating rotation and decommissioning triggers.
What it didn't cover
Entro's human-owner attribution was an inference layer bolted onto whatever HR/IdP data it could pull in, not a native, bidirectional system of record. It automated rotation and decommission triggers but didn't provision or create NHIs in the first place, and had no native machine-JML workflow tied to change management. Most notably, Entro shipped an agentic governance and administration policy layer but not the enterprise IGA machinery — recurring access-certification campaigns, separation-of-duties analysis, audit-ready compliance reporting — spanning the full human-plus-non-human estate. Market reach was the plainest gap: a ~$24M-raised, 2022-founded startup with a narrow enterprise install base next to SailPoint's large existing IGA customer footprint.
Why it happened, and after
SailPoint (re-IPO'd in 2025 at $11.5B+) needed developer/SDLC-layer secrets and NHI depth to close what it calls an "AI governance gap" and unify human and non-human identity under its "Agentic Fabric." The logic is explicit: an IGA vendor buying an NHI-detection vendor to feed Entro's raw credential and lineage telemetry into SailPoint's existing certification and identity-graph engine — closing SailPoint's own governance gap rather than Entro's. At close, SailPoint said Entro's NHI/credentials tools were available to customers "as standalone offerings," with native platform integration explicitly ongoing — the deep fusion into IdentityNow's certification workflows was not finished at close. Entro's co-founders joined SailPoint's technology organization to lead that integration work.
Oasis Security→Cyera (reported)
RUMORED — UNCONFIRMED
Talks reported early July 2026·No deal signed as of 2026-07-17·$1B+ reported
What it does
Oasis builds what it calls "Non-Human Identity Management" evolving into "Agentic Access Management" — arguably the most complete NHI point solution on the market, covering the full identity-type surface (service accounts, service principals, managed/workload identities, OAuth apps, API keys, RPA credentials, and AI agents) across hybrid cloud and SaaS. It auto-discovers NHIs across cloud/IdP/vault integrations, uses AI and heuristics to infer and assign a human owner and escalation path to each one, and runs a full lifecycle — provision, certify, rotate, monitor, decommission. Its ITDR module ("Scout," with "AuthPrint" behavioral fingerprinting) does runtime anomaly detection for credential misuse. For agentic AI specifically, its "Agentic Access Management" issues just-in-time, ephemeral session credentials per agent action with no standing secrets, infers intent from the agent's actions, and enforces deterministic policy with human-in-the-loop escalation — a materially more built-out AI-agent story than most of this cohort.
What it doesn't cover
Oasis is NHI-only: it maps non-human identities to human owners but doesn't manage human identity lifecycle, SSO, or directory itself, so it sits alongside an IdP/IGA stack rather than unifying human and non-human identity into one governed graph. Its creation-time governance is weaker than its runtime governance — it doesn't sit in the developer/IaC pipeline (Terraform, CI/CD, code) the way SDLC-native players like Entro or GitGuardian do, so it's better at cataloging sprawl than preventing it at the point of creation. Notably, unlike most of this cohort, Oasis does cover access reviews and certification (attestation workflows, compliance dashboards for PCI DSS/SOC 2/GDPR) and does go beyond visibility into automated remediation — lumping it in with "discovery-only" NHI vendors understates it. Its clearest real limitation is market reach: reported AWS Marketplace pricing (entry around $50K/year, enterprise deals $150K-$1M+) points to an exclusively large-enterprise, Fortune-500-weighted customer base with no mid-market or SMB motion.
Why a buyer might want it
Cyera is a data security posture management (DSPM) company whose core value is knowing where sensitive data lives and how exposed it is. Oasis would be Cyera's second NHI-focused acquisition after Otterize (2025) and by far its largest, extending Cyera from "where is sensitive data" to "which non-human and agentic identities can reach it and under what policy." At a reported $1B+ for a company that raised $195M total, the figure — if a deal materializes — would signal that acquirers are pricing NHI/agentic-identity governance as full platform infrastructure rather than a bolt-on feature. As of 2026-07-17, Israeli business press (Calcalist, Globes, Ynet) describes "advanced talks" valuing a potential deal at over $1B, funded partly by Cyera's recent $600M Series G, but neither company has issued a formal announcement — treat the acquirer's identity, valuation, and even the deal's existence as unconfirmed until a press release or filing lands.