Quest Software acquires Anetac to secure non-human AI identities

Quest Software, the Clearlake Capital-backed data management and cybersecurity vendor, has acquired Anetac, a startup focused on identity security for human, non-human and agentic identities. Financial terms were not disclosed. The deal adds continuous discovery and lifecycle management for machine identities, including service accounts, APIs, bots and AI agents, to Quest's existing identity and access management portfolio, which is heavily oriented around Microsoft ecosystems.

The acquisition comes as agentic AI deployments are rapidly multiplying the number of non-human identities that operate inside enterprise networks. Quest cited an industry figure suggesting machine identities now outnumber human users by up to 82 to 1, a ratio that legacy directory-based tools were not designed to handle. Anetac's platform extends identity discovery beyond conventional directories, mapping access chains and privilege inheritance across hybrid and AI-driven environments in real time.

The deal

Tim Page, chief executive of Quest Software, said that identity security in the agentic AI era represents "one of the biggest risks enterprises face" and that Anetac's approach gives customers "full visibility and control over all identities across their environments." Clearlake partners Prashant Mehrotra and Paul Huber pointed to the growing need for real-time behavioural intelligence and governance as AI adoption accelerates, describing Quest as "uniquely positioned" to address the challenge. The combined platform is intended to cover discovery, classification, governance and remediation across the full identity surface.

Quest did not name any Anetac customers, disclose Anetac's annual recurring revenue, or specify the size of the engineering team it is absorbing. The company said its own customer base includes more than 45,000 organisations globally, with penetration across more than 90 per cent of the Fortune 500.

Market context

The non-human identity security segment has attracted significant investor and acquirer interest over the past two years. Vendors such as Silverfort, Saviynt and CyberArk have each extended their platforms to address machine identity and service-account sprawl, while purpose-built startups including Astrix Security and Clutch Security have raised growth rounds on similar theses. Microsoft's own Entra suite has expanded its machine-identity coverage, making the Microsoft-ecosystem angle both Quest's competitive strength and a potential constraint, as enterprises increasingly centralise identity governance inside the hyperscaler's native tooling.

The broader identity security market is under pressure from two converging forces. First, the growth of agentic AI means that autonomous software agents require scoped, auditable credentials that can be granted, revoked and monitored independently of human user accounts. Second, regulators are tightening expectations: the EU's NIS2 Directive and DORA both require financial-sector firms to demonstrate continuous visibility into privileged access, and the US Cybersecurity and Infrastructure Security Agency has repeatedly cited credential abuse and service-account compromise as leading vectors in major incidents.

Compliance and standards read-across

For enterprise buyers, the acquisition raises integration questions. Quest's existing Active Directory management tools are mature and widely deployed, but adding Anetac's continuous behavioural monitoring will require customers to assess data-residency implications for telemetry flows, particularly under GDPR and emerging EU AI Act obligations around automated decision-making systems. Organisations running FedRAMP-authorised environments will also want clarity on whether the combined platform maintains its authorisation boundary.

The market will watch for Quest's first joint product release and any customer case study demonstrating measurable reduction in identity-related blast radius. Given the pace of agentic AI adoption, the window for differentiation ahead of hyperscaler-native tooling is narrow.