Cisco has introduced Duo Agentic Identity, a new service that extends Cisco’s authentication and authorization platform to manage AI agents as a distinct identity class. The service recognizes that agents require fundamentally different access controls than both human users and traditional service accounts, combining cryptographic identity with behavior-driven access policies.
Beyond Service Accounts
Service accounts—static credentials used by applications—have long been the blunt instrument for granting non-human access. Agents, however, operate with far greater autonomy. A service account might call a single API in a predictable pattern. An AI agent might discover APIs, chain operations, and escalate permissions. Duo Agentic Identity moves beyond static credentials to cryptographic identity tokens that can be revoked in real-time and bound to specific agent instances.
Key Features of Duo Agentic Identity
- Agent Attestation: Cryptographic proof that an AI agent is running approved code from an approved runtime
- Behavior-Driven Authorization: Access policies that adapt based on the agent’s observed behavior patterns
- Real-Time Revocation: Administrators can instantly revoke an agent’s access if suspicious activity is detected
- Audit Integration: Full integration with Cisco’s security information and event management ecosystem
The Industry Inflection Point
Cisco’s entry into agentic identity management signals that this space has moved from niche research to mainstream enterprise priority. Agents are no longer theoretical—they’re in production across Fortune 500 companies. Security vendors that ignore this shift risk leaving customers exposed to an entirely new class of insider threat: the unconstrained AI agent with legitimate but excessive access.
Source: Cisco Duo