At Cisco Live EMEA, Cisco made one thing clear: the era of agentic AI is no longer theoretical—and enterprise security isn’t ready unless it evolves fast.
Today, Cisco (NASDAQ: CSCO) announced a broad expansion of its security portfolio designed to help organizations adopt autonomous AI agents with confidence. The update spans agent protection, interaction governance, and resilient connectivity, addressing a fast-emerging reality: AI systems are no longer just assistants responding to prompts. They’re becoming autonomous actors that use tools, access data, and make decisions across hybrid and multi-cloud environments.
For CISOs and CIOs, that shift introduces a fundamentally new threat model—one where the “user” could be an AI agent, and the blast radius of a mistake or compromise can extend across the entire enterprise stack.
Why Agentic AI Changes the Security Equation
Most enterprise AI security to date has focused on models: data leakage, hallucinations, prompt injection, or misuse by humans. Agentic AI introduces a different problem. These systems can chain actions, call tools, interact with SaaS platforms, and make decisions without human-in-the-loop approval.
That autonomy dramatically expands the attack surface. A compromised agent can be manipulated through poisoned tools, malicious prompts, or tainted dependencies. Worse, traditional security tools struggle to interpret the intent behind AI-driven interactions, making it harder to distinguish legitimate automation from malicious behavior.
“In the age of AI, safety and security are pre-requisites for adoption, and AI agents bring a whole new set of challenges,” said Jeetu Patel, Cisco’s President and Chief Product Officer. “As agents take on critical enterprise roles, we’re developing protections that work both ways: preventing agents from being compromised and controlling what they can access and do on our behalf.”
Cisco’s response is not a single product, but a coordinated expansion across AI Defense, SASE, and enterprise networking—all tuned specifically for agentic workflows.
Securing the AI Supply Chain and Runtime
The most significant updates land in Cisco AI Defense, which has seen its largest expansion since launching in January 2025. The goal: secure AI agents across their entire lifecycle, from development and deployment to real-time operation.
A cornerstone of the update is AI BOM (Bill of Materials). Much like software SBOMs, AI BOM provides centralized visibility into AI assets—models, MCP servers, and third-party dependencies—helping enterprises understand what AI components they’re running, where they came from, and how they’re governed. In an ecosystem increasingly reliant on open-source tooling and external services, provenance has become a first-order security concern.
Complementing this is the new MCP Catalog, which discovers and inventories Model Context Protocol servers across public and private environments. By surfacing risk across registries and endpoints, Cisco is targeting a blind spot that many AI governance programs still struggle with: tool sprawl.
On the testing side, Cisco is expanding its algorithmic red teaming capabilities. The new approach supports adaptive, multi-turn testing across multiple languages—better reflecting how real-world agents behave in production. This matters because single-prompt testing often fails to catch vulnerabilities that only emerge after chained reasoning or repeated interactions.
Perhaps the most operationally impactful addition is real-time agentic guardrails. These runtime protections continuously inspect agent interactions to detect manipulation, unsafe behavior, or unauthorized tool use—such as poisoned tools or prompts engineered to trigger unintended actions. Instead of relying solely on pre-deployment controls, Cisco is pushing enforcement into production environments where agents actually operate.
Together, these capabilities aim to surface vulnerabilities earlier, reduce compromise risk, and give security teams continuous visibility into how agents behave once deployed.
Aligning With Standards—and NVIDIA
Since its launch, Cisco AI Defense has mapped to established frameworks from NIST, OWASP, and MITRE. The latest update adds alignment with Cisco’s own Integrated AI Security and Safety Framework, designed to help organizations understand adversary objectives and quantify risk exposure in agentic systems.
Cisco is also deepening its ecosystem strategy. AI Defense now features a developer-ready integration with NVIDIA NeMo Guardrails, providing a modular, interoperable way to enforce safety policies at runtime. This integration is a key part of the Cisco Secure AI Factory with NVIDIA, a validated reference architecture for securely running AI workloads in enterprise environments.
“AI security teams are now being asked three questions at once: what AI assets do we have, where did they come from, and how will they behave in production as agents interact with tools and third-party services,” said Chirag Mehta, Vice President and Principal Analyst at Constellation Research. “With AI BOM and MCP governance plus multi-turn red teaming and real-time guardrails, Cisco AI Defense is targeting the full risk path from the AI supply chain to agentic runtime.”
Governing AI Interactions at Network Scale
Protecting agents is only half the challenge. AI agents are chatty by design—constantly interacting with LLMs, APIs, SaaS applications, and data stores that may sit across regions and clouds. When those interactions slow down or fail, both humans and machines are forced to wait, disrupting workflows and decisions.
From a security standpoint, the traffic itself is problematic. Agentic interactions are semantically rich and context-dependent, making them difficult for traditional network security tools to inspect or classify.
To address this, Cisco is rolling out new Cisco SASE capabilities tailored for AI-driven workflows.
One key addition is AI traffic optimization, which detects AI-related traffic and applies techniques such as packet duplication to maintain low-latency, predictable performance during traffic surges. As agent adoption scales, these bursts are expected to become common—especially during peak decision-making windows.
Cisco is also extending MCP visibility, logging, and policy control into the network layer. By discovering and governing MCP communications in-path, organizations gain more control over how agents connect to tools and services.
Another major shift is intent-aware inspection. Rather than simply scanning packets, Cisco combines rapid detection with cloud-based analysis to evaluate the intent behind agent messages and actions. This allows security teams to detect threats that would otherwise look benign at the protocol level.
All of this is tied together through unified policy enforcement across SD-WAN and SSE, simplifying governance as regulatory expectations around AI accountability continue to evolve.
“For today’s CIOs and CISOs, the explosive growth of AI-driven workloads creates both opportunity and risk,” said Mauricio Sanchez, Senior Director at Dell’Oro Group. “As enterprises adapt SASE architectures to support AI-driven workflows, Cisco has steadily increased its market share—up roughly 20% since 2023.”
Preparing Networks for Post-Quantum AI Traffic
Agentic AI doesn’t just stress security tooling—it stresses networks. As autonomous workflows expand into campuses and branch offices, enterprises need connectivity that’s fast, resilient, and future-proof.
Cisco used the event to announce IOS XE 26, the latest version of the operating system powering millions of enterprise networks. IOS XE 26 underpins the recently announced Cisco 8000 Series Secure Routers, C9000 Series Smart Switches, and new variants of the 8100 Series Secure Routers for SMBs.
The headline feature: industry-first full-stack post-quantum cryptography (PQC) protections for enterprise networking. These capabilities are designed to defend against device tampering and long-term data compromise, aligning with evolving European and global regulatory guidance.
For organizations deploying AI agents today, this matters more than it might seem. Agentic workflows often involve sensitive data and long-lived communications that must remain confidential well into the future. PQC readiness ensures that AI-driven traffic remains protected—even as cryptographic threats evolve.
The Bigger Picture: Security for Autonomous Systems
Cisco’s announcements reflect a broader shift in enterprise IT. As AI systems move from advisory roles to autonomous execution, security can no longer be bolted on at the edges. It has to span supply chain visibility, runtime behavior, interaction governance, and network integrity—all at once.
What differentiates Cisco’s approach is its attempt to treat agentic AI as a system-wide concern, not a niche use case. By aligning AI security, SASE, and networking under a unified strategy, Cisco is positioning itself as a foundational platform for enterprises that expect AI agents to become first-class digital workers.
For enterprises wrestling with how to adopt agentic AI safely, the message from Cisco Live EMEA is clear: autonomy without governance is risk. But autonomy with the right controls could be the next competitive advantage.
Power Tomorrow’s Intelligence — Build It with TechEdgeAI









