• Product

    Product Overview

    Discover, secure and manage AI agents & NHIs

    Learn more

    CAPABILITIES

    Discover

    Maintain real-time inventory of all AI agents, MCP servers, and NHIs, with context to understand risk and business usage.
    Secure

    Identify and remediate AI agents and NHIs with excessive privileges, vulnerable configurations, abnormal activity, and policy violations.
    Deploy — powered by ACP (Agent Control Plane)

    Provision secure-by-design AI agents with short-lived credentials, just-in-time, precisely scoped access, and policy at creation.

    Supported environments

    Astrix logo: five black and white interlocking loops, symbolizing secure non-human identity and NHI Management leadership.
    A vibrant, ribbon-loop logo in blue, green, yellow, orange, and pink. Astrix: the leader in NHI security and service account protection.
    Astrix, the leading NHI Security platform, expertly manages the security of non-human identities. Alt text: Black silhouette of a featureless cat inside a circle, resembling the GitHub logo.
    Astrix, the leading NHI security platform, ensures robust protection and management for non-human identities.
    Astrix is the leading platform in NHI Management and Service Account Security. *Alt Text: A white ship's wheel symbol inside a blue hexagonal shape, representing leadership in non-human identity security.*.
    A geometric logo with interlocking shapes in red, green, blue, and yellow on a transparent background representing Astrix. Astrix: The leading platform for NHI Management and service account security solutions.
    Astrix, the leading NHI security platform, showcases a blue gradient abstract shape akin to a stylized mountain on white background.
    Blue circular icon with antennae, stylized non-human face; Astrix: the leading NHI Management and service account security platform.
    Astrix is the leading NHI Security platform, providing top-tier service account and non-human identity management solutions.
    Astrix: the leading NHI security platform, safeguarding non-human identities and service account integrity.
    Astrix: Leading platform for NHI Management and service account security.
    Astrix: The leading NHI Security platform, ensuring robust service account and non-human identity protection. Alt text: Blue Windows logo with four rectangles forming a window shape on a transparent background.
    more
  • Use Cases

    AI AGENTS

    Discovery and Governance for AI Agents
    Discovery & Governance for AI Agents

    Set policy to resolve hygiene issues, reduce attack surfaces and prevent compliance violations.

     Agentic Threat Detection & Response (ATDR)
    Access & Lifecycle Management for AI Agents

    Manage AI agents and their NHIs from provisioning to decommissioning.

     Agentic Access & Lifecycle Mgmt
    Agentic Threat Detection & Response (ADR™)

    Detect and respond to threats such as compromised credentials and out-of-scope agent actions.

    non-human identities

    NHI Discovery & Governance

    Control and enforce policies across your NHI attack surface.
    NHI Lifecycle Management

    Manage NHIs from provisioning to decommissioning.
    Non-Human ITDR

    Detect and respond to suspicious NHI activity & 3rd party breaches.
    Secret Management

    Centralized secret management across vaults & cloud.
    Third-Party Risk Management

    Discover and assess third-party apps & vendors accessing your environment.
  • Company

    COMPANY

    About Us

    The industry leader in AI Agent and Non-Human Identity security
    Careers

    The latest job opportunities

    Partners

    Explore partnership opportunities
    News

    Company announcements and press
    Contact Us

    Ask us anything
    The NHI Security Conference

    Watch the sessions on-demand

    Customer Stories

    Astrix is the leading NHI Security platform, safeguarding non-human identities in service account environments. Alt text: Astrix logo with a focus on securing non-human identities and service accounts.
    Workday

    HRTech

     A red sphere with white bands, symbolizing secure NHI Management by Astrix, the leader in NHI and service account security.
    Xerox

    Technology

     Orange HubSpot logo on a light background. Astrix is the leading platform for NHI Management and service account security.
    HubSpot

    Tech - CRM

     Astrix: The leading platform for NHI Management, securing non-human identities and service accounts efficiently. Alt Text: A stylized lowercase blue letter "b" with an orange dot above the upper right curve on a transparent background, representing Astrix, the leading NHI Security platform.
    Boomi

    Technology

     Astrix is the leading platform in NHI Management and service account security, safeguarding your non-human identity assets.
    BigID

    Cybersecurity

     Astrix: Leading NHI Security Platform with Advanced Non-Human Identity Management.
    Workato

    Technology

     Astrix is the leading platform for NHI Management and service account security. Alt text: A black Celtic knot design, showcasing a circular pattern with interconnected loops and swirls.
    Mercury

    Digital Banking

     Astrix's logo: A blue-striped triangular play button with overlapping shapes, embodying our leadership in NHI security. Alt text: Blue-striped triangular play button logo with overlapping shapes, symbolizing three-dimensionality and Astrix's NHI security expertise.
    Pagaya

    Fintech

     Astrix's blue geometric house icon symbolizes excellence as the leading NHI Security platform.
    Guesty

    Tech - Real Estate
    More customer stories
  • Learn

    Resources

    AI agent & NHI glossary

    Academy

    Resources

    Blog

    The latest on AI agent & NHI threats, products stories and more
    Events

    Meet Astrix at industry leading events
    Videos

    Watch on-demand sessions and expert insights

    News

    The latest company announcements and press
    Customer Stories

    How our customers secure their NHIs with Astrix
    Whitepapers

    Latest reports and whitepapers about NHI security
    Explore all

    AI agent & NHI glossary

    Agentic AI

    What is Agentic AI and related NHI risks
    Model Context Protocol

    Core concepts, functional components, and technical capabilities
    Service Accounts

    What are they & common vulnerabilities

    Machine Credentials

    How attackers exploit them & how to prevent it

    OAuth Tokens

    The risks they pose & how to secure them
    Non-human identities

    Definition, common use, and why they're important to secure
    Explore all

    Academy

    AI Agent Security Academy

    Become Certified Agentic Security Professional (CASP)

    WHAT’S NEW

    Meet Astrix’s AI Agent Control Plane (ACP)
    Astrix’s Agent Control Plane (ACP): Secure AI Agents from Day One
    NHI Governance for AI Agent Security in the Age of ChatGPT-5
    How a Major Enterprise Implemented a Control Plane Layer for AI Agents Using NHI Security
Book a demo
Results

DPF Certification Notice

Effective: May 02, 2026

This DPF notice (“Notice”) governs Astrix Security Inc. (“Astrix”, “We” or “Our”) participation in the EU-U.S. DPF programs with respect to the Processing of Personal Data as further explained in Section 1 below. If there is any conflict between the terms in this Notice and the DPF principles, the DPF principles shall govern. To learn more about the DPF and its principles please visit https://www.dataprivacyframework.gov/s/ .

Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. “Process”, “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1. SCOPE

Astrix’s participation in the DPF applies to Personal Data that is subject to the EU data protection laws. Astrix is a security platform.

2. PURPOSES OF DATA PROCESSING

Astrix complies with the principles of the EU-U.S. DPF regarding the collection, use, and retention of Personal Data transferred to the United States from the European Union. Our DPF program covers transfers of Personal Data in the following cases: (i) to provide and improve (including without limitation by generating statistics and analytics) Astrix’s Services; (ii) to send marketing\advertisement communications; (iii) to contact users in connection with the Services and certain programs or offering registered for; and (iv) to identify and authenticate users access to the parts of the Services that they are authorized to access, as well as for security and fraud detection purposes (the “Services”). The categories of Personal Data collected and Processed by Astrix include, without limitation: Customers’ employees’ full name, work email address, and IP address.  

Astrix has certified to the DoC that it adheres to the DPF Principles and Our DPF certification is available here .

3. ONWARD TRANSFERS OF PERSONAL DATA

3.1 We will not transfer Personal Data originating in the EU to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of protection to the Personal Data as required by the Principles of the EU-U.S. DPF. We transfer Personal Data to processors, service providers, vendors, contractors, partners and agents (collectively “Processors“) who need the information in order to provide services to or perform activities on Our behalf. We are responsible for such onward transfers to third pursuant to the EU-U.S. DPF.

The abovementioned Processors and the description of the services that they provide and/or the activities that they perform are set out in the table below:

Processing Activity
Cloud Hosting
Raw Data Storage
Big Data Processing over AWS
Managed authentication solution to login to our portal
Managed GraphQL service to provide auto generated API for our frontend while ensuring scalability and security
Send notifications from Astrix platform to Slack to inform end users and security admins on relevant events
Monitoring errors
Log management. Log errors
Artificial intelligence cyber security tools

1.2. To the extent necessary, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other public or governmental agencies, or if required to do so by court order (including to meet national security or law enforcement requirement);

1.3. If, in the future, we sell or transfer, or we consider selling or transferring, some or all of our business, shares or assets to a third party, we will disclose your Personal Data to such third party (whether actual or potential) in connection with the foregoing events;

1.4. In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your Personal Data in connection with the foregoing events, including, in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or to another company; and/or

1.5. Where you have provided your consent to us sharing or transferring your Personal Data.

To the extent necessary, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other public or governmental agencies, or if required to do so by court order (including to meet national security or law enforcement requirement); 

If, in the future, we sell or transfer, or we consider selling or transferring, some or all of our business, shares or assets to a third party, we will disclose your Personal Data to such third party (whether actual or potential) in connection with the foregoing events;

In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your Personal Data in connection with the foregoing events, including, in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or to another company; and/or 

Where you have provided your consent to us sharing or transferring your Personal Data.

4. DATA SUBJECT RIGHTS

You have the right to access Personal Data about you, and in some cases you are also allowed to correct, amend, or delete that Personal Data where it is inaccurate, or has been processed in violation of the DPF principles. In addition, you have the right to limit the use and disclosure of your Personal Data. If you would like to request access to the Personal Data We process about you, or to request that We limit Our use or disclosure of your Personal Data, please contact Us at [email protected] and provide your name, contact information, and any information required to process your request in accordance with applicable law

Please be aware that in specific situations where fulfilling access or other requests might impose a disproportionate burden or expense, or potentially infringe upon the rights of others, we may be required to carefully review and, if permissible under applicable law, respectfully decline your request.

5. INDEPENDENT RECOURSE MECHANISM. ARBITRATION.

5.1. In compliance with the DPF principles, We are committed to resolve complaints about Our collection or use of your Personal Data. EU individuals with inquiries or complaints regarding Our DPF policy should first contact Astrix at: [email protected] or by postal mail sent to:

Astrix, Inc.
Attn: DPF Inquiry
33 Arch Street Boston, MA 02110, USA

5.2. In compliance with the EU-U.S. DPF, Astrix commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF.

6. ARBITRATION

Under certain conditions, more fully described on the DPF website (available here), you may also be able to invoke binding arbitration to determine whether a participating organization has violated its obligations under the DPF principles as to that individual and whether any such violation remains fully or partially unremedied (“residual claims”) after you approached us and you used the independent recourse mechanism. The International Centre for Dispute Resolution-American Arbitration Association (“ICDR-AAA”) was selected by the U.S. Department of Commerce to administer arbitrations pursuant to and manage the arbitral fund.  Please visit ICDR-AAA’s website for more information.

7. U.S. FEDERAL TRADE COMMISSION ENFORCEMENT

Astrix is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”) to ensure compliance with the EU-US DPF, outlined in this DPF Notice.

33 Arch Street Boston, MA 02110, USA

© 2026 Astrix Security. All rights reserved.