Between April 22 and May 4, 2026, three of the largest enterprise security vendors in the world stacked acquisitions onto the agent-era control plane.
April 22: ServiceNow announced acquisition of Armis for $7.75 billion.
April 30: Palo Alto Networks announced intent to acquire Portkey.
May 4: Cisco completed acquisition of Astrix Security for $400 million.
Three deals. Thirteen days. Three different layers of the same architectural stack.
This is not a coincidence. The pattern is the incumbents recognizing that the agent-era control plane will divide into specific layers and choosing which layer to own before competitors do. Read the pattern carefully and the procurement implications for the next eighteen months become clear.
What each deal actually buys
ServiceNow plus Armis: the agent inventory and posture layer.
Armis is the dominant pure-play in connected device visibility. Their architecture catalogs every device on a network, assesses each one’s security posture, and tracks drift over time. Originally built for OT, IoT, medical devices, and unmanaged endpoints. The architecture extends directly to AI agents as another category of entity that needs registry, posture, and lifecycle tracking.
ServiceNow already operates the AI Control Tower product and the Action Fabric workflow runtime. Combining Armis registry data with ServiceNow’s workflow stack produces a unified inventory of every agent in the enterprise, mapped to the human principal who deployed it, the workflows it touches, and the posture of its security configuration.
The $7.75 billion price reflects what this layer is worth at enterprise scale. ServiceNow is betting the agent inventory layer will become a workflow primitive on par with what configuration management database was to IT operations a decade ago.
Palo Alto plus Portkey: the AI gateway layer.
Portkey is an AI gateway company. The product routes traffic across foundation models, applies policy, manages keys, and provides analytics on AI infrastructure spend. The category has emerged as enterprises moved past direct OpenAI integration into multi-model deployments and needed something that looked like an API gateway purpose-built for AI traffic.
Palo Alto buying Portkey signals that Palo Alto views AI gateway as a network security primitive. The network security incumbent does not buy an AI traffic routing product unless it views AI traffic as the next thing the perimeter inspects.
This deal is the closest existing acquisition to the runtime layer. It is also incomplete. Portkey’s product is primarily an SDK and cloud gateway, not an on-premises inline policy engine for regulated enterprises. Palo Alto’s deployment muscle and enterprise channel will accelerate Portkey’s product roadmap, but the architectural gap between an SDK that wraps an API call and an inline runtime governance engine that sits on the call path is significant.
Cisco plus Astrix: the non-human identity layer.
Astrix is a non-human identity security company. The product addresses the proliferation of service accounts, API keys, OAuth tokens, and machine identities that already existed in enterprise environments before agents and now multiply faster as agents enter production. The architecture catalogs every non-human identity, scopes its permissions, monitors usage, and flags compromise.
Cisco buying Astrix at $400 million reflects the secondary tier of the identity layer. The primary tier is human identity (Okta, Microsoft Entra). The secondary tier is non-human and now agent identity. Cisco’s existing enterprise networking footprint provides the deployment surface; Astrix provides the identity-of-things product.
The architectural pattern
Three deals, three layers. The pattern that emerges:
| Layer | Question | Incumbent Move | Investment |
|---|---|---|---|
| Workflow plane | Which agent runs, doing what work? | Microsoft Agent 365 (May 1 GA), ServiceNow Action Fabric (May 5 GA) | Multi-billion product launches |
| Agent inventory and posture | What agents do we have and are they behaving? | ServiceNow + Armis | $7.75B |
| Agent and non-human identity | Who is this agent, really? | Cisco + Astrix | $400M |
| AI gateway / traffic routing | Where is the agent’s traffic going? | Palo Alto + Portkey | Disclosed in Q2 |
| Runtime data path inspection | What is in the agent’s actual call to the model? | Open. APERION builds at this layer. | Pre-acquisition |
| Audit and evidence | Can we prove what happened to a regulator? | Adjacent vendors entering. APERION builds at this layer. | Pre-acquisition |
Read this table as a procurement map. Each row is a layer the CISO or CIO will eventually buy from a different vendor. The vendors will integrate but they will not consolidate.
This is the cloud-era pattern. Most regulated enterprises bought identity from Okta, network access from Netskope, network security from Zscaler, endpoint security from CrowdStrike, and SIEM from Splunk. No single vendor owned all five layers. The vendors that tried to consolidate ended up with weakness in multiple layers.
The agent era will follow the same pattern.
Why incumbents are moving now
Three convergent pressures pushed these deals into the same two-week window.
The regulatory baseline shifted. The Five Eyes joint advisory on agentic AI published April 30 made the runtime controls explicit. Six national cyber agencies named what regulated enterprises need to govern. Every incumbent CISO buyer is now expected to know the advisory exists and to procure controls aligned to it. The vendors that can sell those controls have a procurement window opening fast.
The workflow plane consolidated faster than expected. Microsoft and ServiceNow both went GA with workflow agent governance in the first week of May. The workflow layer is no longer the open question; it is settled between two incumbents. That settlement forces the question of what sits parallel to workflow governance into the foreground. The next layers down become the next acquisitions.
The first reportable incidents are happening.PocketOS, the agentic AI startup that lost a production database to an autonomous coding agent. The LiteLLM supply chain attack in March that exfiltrated credentials across 36% of cloud environments. The increasing pattern of agent operations producing financial loss or data exposure. The board-level conversations about AI risk are now real conversations with concrete loss numbers attached.
Boards are not asking the CISO whether AI governance is necessary anymore. Boards are asking what the CISO bought to address it. The vendors that can answer that question are getting acquired.
What sits between the deals
Look at the table again. The rows that have acquisitions are workflow plane, agent inventory, non-human identity, and AI gateway. The rows that do not have acquisitions are runtime data path inspection and audit and evidence.
The first four layers describe what an agent is, where it operates, and how its traffic is shaped at the edge. The two layers without acquisitions describe what happens inside the call path and what evidence the enterprise can produce afterward.
This is the architectural gap. The incumbents have bought what they could see. They have not yet bought the layers that require pure-play product depth in runtime inspection and tamper-evident audit.
The runtime layer is hard because it requires inline policy enforcement at sub-five-millisecond latency. The architecture is Rust, not Python. The deployment is Kubernetes-native, not SDK. The integration is to the enterprise IdP, not to a cloud control plane. The audit layer is hard because it requires cryptographic provenance that holds up in a regulatory examination. The architecture is HMAC-chained tamper evidence with RFC 3161 trusted timestamps, not best-effort log aggregation.
These are different engineering investments than what AI gateway companies have built. They are also the layers regulators will examine first.
The procurement window
If you are a senior security or technology leader at a regulated enterprise, the deals above are a procurement timing signal.
The vendors that win each layer will become the categorical incumbents. The procurement decisions you make in the next twelve months will set what you support for the next decade. The decisions made in panic during an audit will be different from the decisions made deliberately with the full layer map in front of you.
The runtime layer is the layer with the most regulatory urgency and the least incumbent consolidation. That combination produces the rare procurement situation where the right answer in 2026 will probably also be the right answer in 2030, because the pure-play vendor you pick is the vendor your eventual acquirer will ask you to support.
We are at the inflection point of the next major enterprise security stack. The deals above are the first chapter. The runtime layer will be chapter two.
Technical companion: SmartFlow Platform Overview. The runtime layer architecture and capabilities.
The Trust Fabric four-layer model: Trust Fabric page. How runtime governance composes with the other layers.
The Five Eyes advisory: Careful Adoption of Agentic AI Services.
Ready to govern your AI infrastructure?
See how SmartFlow gives regulated industries complete AI sovereignty.
Request a Demo View Documentation