Cisco has unveiled a complete replace to its safety portfolio geared toward serving to enterprises confidently undertake agentic AI, the subsequent evolution past easy AI assistants.
Introduced at Cisco Reside, the updates embody three core pillars: defending AI brokers from compromise, governing their interactions with enterprise techniques, and making certain resilient connectivity for AI-driven workflows.
“Within the age of AI, security and safety are conditions for adoption, and AI brokers carry a complete new set of challenges,”
mentioned Jeetu Patel, Cisco’s President and Chief Product Officer, in the course of the announcement.
“As brokers tackle vital enterprise roles, we’re growing protections that work each methods: stopping brokers from being compromised and controlling what they’ll entry and do on our behalf.”
The scope of those updates is substantial, with Cisco AI Protection receiving its greatest enlargement since launching in January 2025. The enhancements span your entire AI lifecycle, from provide chain safety to runtime monitoring.
Deep Dive: New Capabilities Throughout the AI Safety Stack
On the coronary heart of Cisco’s announcement is an expanded AI Protection platform that tackles the distinctive assault floor created by agentic AI. The platform now consists of an AI Invoice of Supplies (BOM) function, offering centralized visibility into AI software program belongings, together with mannequin context protocol (MCP) servers and third-party dependencies. Complementing that is an MCP Catalog that discovers and inventories MCP servers throughout private and non-private platforms.
The platform’s superior algorithmic purple teaming capabilities now embody adaptive testing for fashions and brokers in a number of languages. Actual-time agentic guardrails repeatedly monitor interactions to detect manipulation or unsafe conduct, akin to poisoned instruments or prompts designed to set off unauthorized software use. Since launch, AI Protection has been mapped to main frameworks from NIST, OWASP, and MITRE.
AI Protection additionally now options developer-ready runtime integration with NVIDIA NeMo Guardrails’ open-source framework, offering organizations with a modular and interoperable strategy to safeguard AI techniques working in manufacturing. It additionally serves as a core ingredient of the Cisco Safe AI Manufacturing facility with NVIDIA, a validated reference structure constructed to securely energy AI workloads throughout buyer environments.
On the networking aspect, Cisco’s SASE platform introduces AI site visitors optimization that detects AI communications and applies strategies akin to packet duplication to take care of dependable interactions throughout site visitors surges. The platform now provides MCP visibility and intent-aware inspection that evaluates the reasoning behind agentic messages and actions.
Addressing AI Safety Issues
The urgency behind Cisco’s announcement displays deeper anxiousness inside enterprise boardrooms about AI adoption. The elemental concern isn’t AI’s capabilities or job displacement; it’s about management and safety.
These considerations had been entrance and middle on the World Financial Discussion board in Davos final month, the place enterprise leaders targeted closely on AI safety.
Raj Sharma, EY’s World Managing Accomplice of Progress and Innovation, famous that there wasn’t sufficient dialogue about AI safety, notably across the administration of AI brokers and their lifecycles.
“It has entry to your knowledge. It has no title, so there isn’t a identification or something related to that,” Sharma mentioned.
This maybe explains why Cisco is positioning governance and safety because the cornerstone of its AI Protection updates. The corporate’s superior algorithmic purple teaming capabilities permit organizations to stress-test their AI techniques earlier than deployment, working adaptive, multi-turn assaults in a number of languages to establish vulnerabilities that could possibly be exploited as soon as brokers go stay.
Many enterprises additionally depend on third-party AI suppliers, creating unease about relying on vital expertise with out full oversight. Cisco’s AI Invoice of Supplies straight addresses this visibility hole by offering a centralized stock of each AI software program asset a company makes use of, together with mannequin context protocol servers and third-party dependencies, so safety groups know which AI parts are working and the place they originated.
When organizations deploy autonomous brokers that may independently entry techniques, manipulate knowledge, and execute actions throughout workflows, they’re handing management to entities that, if compromised, may trigger widespread injury. Not like conventional software program, the place compromises are sometimes localized, a hacked AI agent with broad permissions may set off cascading failures or breaches throughout a whole operation. That is why Cisco’s real-time agentic guardrails repeatedly monitor agent conduct in manufacturing, detecting when an agent receives poisoned instruments or malicious prompts designed to set off unauthorized actions.
The MCP Catalog extends this safety by discovering and managing dangers throughout all MCP servers brokers depend on, whether or not public or non-public, giving enterprises higher governance over the exterior providers their autonomous brokers work together with.
Safety because the Basis for AI Adoption
Cisco’s announcement reveals a basic guess: enterprises gained’t scale AI adoption and not using a full safety posture that addresses each layer the place AI intersects with their operations.
“For right this moment’s CIOs and CISOs, the explosive development of AI-driven workloads creates each alternative and danger,” mentioned Mauricio Sanchez, senior director at Dell’Oro Group, following the announcement.
Past the core AI Protection platform, Cisco is fortifying its broader infrastructure, from legacy identification techniques with Energetic Listing Protection, to autonomous safety operations by way of AgenticOps, to future-proofing community {hardware} with post-quantum cryptography in IOS XE 26. This complete method acknowledges that AI safety isn’t a single-product downside. A compromised identification system can hand an agent unauthorized entry; a weak community can expose agent communications.
As AI deployments speed up from pilots to manufacturing techniques, the questions raised at Davos about agent identification, lifecycle administration, and management will solely intensify. Cisco’s guess is that aggressive benefit in enterprise AI gained’t belong to whoever builds essentially the most succesful brokers, however to whoever permits the most secure deployment at scale.
