AppViewX, a machine identity management company backed by Haveli Investments, just acquired Eos — an AI-native identity control plane built specifically for AI agents and autonomous workloads.
This is not a feature announcement. This is M&A. Someone wrote a check because they believe agent identity is a category, not a nice-to-have.
The timing is not accidental. This dropped the same week as RSAC 2026, where Microsoft announced Agent 365 GA on May 1, and where virtually every security vendor is talking about agentic AI.
What Eos Built
Eos describes itself as an AI-native Identity Control Plane. The CEO, Archit Lohokare, comes from CyberArk where he was SVP/GM of workforce and endpoint security. His framing:
AI agents are increasingly acting with autonomy inside the enterprise, with privileged access to data, applications, infrastructure, and cloud environments. Identity is the control plane for this new era.
The acquisition combines AppViewX's PKI and certificate lifecycle management with Eos's agentic governance and privileged access control.
What This Signals
Three things are happening simultaneously:
1. Agent identity is an acquisition target. If you build identity infrastructure for AI agents, established security companies will buy you. Eos was founded by a CyberArk veteran who saw the gap from inside enterprise security. AppViewX saw it from the machine identity side. They met in the middle.
2. The enterprise framing is solidifying. Every announcement this week — Microsoft Agent 365, AppViewX/Eos, 1Password Unified Access — frames agent identity as an enterprise governance problem. Visibility, policy, enforcement, audit. The language is consistent because the buyer is consistent: CISOs.
3. Nobody is solving portability. AppViewX/Eos secures agents within the enterprise. Microsoft Agent 365 secures agents within Microsoft's ecosystem. 1Password secures credential access within their vault. None of these solve the cross-boundary problem: what happens when your agent needs to prove identity to a system you do not control?
The Gap That Remains
John Barrow, CISO at JB Poindexter, said it clearly in the announcement:
These agents often behave non-deterministically. To reduce risk, we must monitor, audit, and control their privileged access.
He is right about the problem. But monitoring and controlling agents within your enterprise boundary is necessary and insufficient. The harder problem is agent identity that works across organizational boundaries — where you cannot install a control plane, where you cannot mandate a specific IAM provider, where the only thing two parties share is a protocol.
This is where cryptographic identity comes in. An agent that can prove who it is with a private key does not need a centralized control plane at every boundary. The identity is portable because it is self-sovereign.
AIP was built for exactly this gap: Ed25519 keypair identity, signed vouches, verifiable credentials, cross-protocol resolution. No central authority required. The trust graph travels with the agent.
Where We Are
The convergence from this week:
- Microsoft: Agent 365 control plane (GA May 1)
- AppViewX/Eos: Machine + agent identity governance (acquisition)
- 1Password: Unified Access for agent credentials
- Meta: Agent data leak incident (The Guardian, Mar 20)
- AIP: Cryptographic agent identity, W3C DID method, behavioral trust scoring
Every vendor is solving the intra-enterprise problem. The inter-enterprise problem — agents from different organizations establishing trust — remains open.
That is where the real market is.
AIP is open source: github.com/The-Nexus-Guard/aip — pip install aip-identity
Top comments (0)