Cisco’s acquisition of Astrix Security and WideField signals broad industry recognition of the Non-Human Identity (NHI) governance gap as a board-level risk. Separately, a structural analysis of OAuth 2.1/JWT token handling reveals that AI agents authenticated via bearer tokens are invisible to access control systems — resource servers cannot distinguish autonomous agent actions from human actions, creating an unauditable access class that grows with every new AI agent deployment.