Cisco’s recent announcement of Duo Agentic Identity signals a major industry pivot: enterprise security vendors are now building products explicitly designed for non-human identity management. Duo Agentic Identity extends Cisco’s Zero Trust Network Access (formerly Duo Network Gateway) to authenticate and enforce policies for AI agents and automated systems, not just human users.
The significance lies in acknowledgment. For years, security frameworks pretended AI agents were just “service accounts” or “API consumers”—edge cases handled by existing IAM and PAM solutions. Introducing a product explicitly named for “agentic identity” signals that agents are now first-class citizens in the security architecture. Organizations must design for them, protect them, and audit them with the same rigor applied to human access.
Duo Agentic Identity operates through several core mechanisms. First, cryptographic identity verification—agents prove their identity not through static credentials but through possession of cryptographic keys or certificates. Second, continuous compliance verification—the platform confirms agents are running in expected contexts (specific containers, cloud regions, or network segments) before granting access. Third, real-time policy enforcement—policies can be specific to agentic operations rather than applying the same rules to agents and humans.
Integration with zero-trust frameworks makes this practical. Traditional perimeter-based security (trust everything inside the network, block external traffic) fails for agents because they operate everywhere—cloud instances, on-premises systems, edge computing environments, embedded AI models. Zero-trust assumes everything is untrusted by default and requires continuous verification. This naturally fits agentic identity: an agent must continuously prove it deserves access, not just once during authentication.
The broader implication is that non-human identity governance has reached enterprise maturity. Products like Duo Agentic Identity, industry frameworks like OASIS and the NHI specification, and widespread adoption across vendors (Okta, Delinea, Strata, others) all point to the same conclusion: machine identity management is no longer a niche concern for crypto-obsessed security teams. It’s table stakes for enterprises deploying AI, automation, and cloud-native workloads. Organizations without robust agentic identity frameworks are exposed.
Source: Cisco Duo