Cisco has unveiled a comprehensive update to its security portfolio aimed at helping enterprises confidently adopt agentic AI, the next evolution beyond simple AI assistants.
Announced at Cisco Live, the updates encompass three core pillars: protecting AI agents from compromise, governing their interactions with enterprise systems, and ensuring resilient connectivity for AI-driven workflows.
“In the age of AI, safety and security are prerequisites for adoption, and AI agents bring a whole new set of challenges,”
said Jeetu Patel, Cisco’s President and Chief Product Officer, during the announcement.
“As agents take on critical enterprise roles, we’re developing protections that work both ways: preventing agents from being compromised and controlling what they can access and do on our behalf.”
The scope of these updates is substantial, with Cisco AI Defense receiving its biggest expansion since launching in January 2025. The enhancements span the entire AI lifecycle, from supply chain security to runtime monitoring.
Deep Dive: New Capabilities Across the AI Security Stack
At the heart of Cisco’s announcement is an expanded AI Defense platform that tackles the unique attack surface created by agentic AI. The platform now includes an AI Bill of Materials (BOM) feature, providing centralized visibility into AI software assets, including model context protocol (MCP) servers and third-party dependencies. Complementing this is an MCP Catalog that discovers and inventories MCP servers across public and private platforms.
The platform’s advanced algorithmic red teaming capabilities now include adaptive testing for models and agents in multiple languages. Real-time agentic guardrails continuously monitor interactions to detect manipulation or unsafe behavior, such as poisoned tools or prompts designed to trigger unauthorized tool use. Since launch, AI Defense has been mapped to leading frameworks from NIST, OWASP, and MITRE.
AI Defense also now features developer-ready runtime integration with NVIDIA NeMo Guardrails’ open-source framework, providing organizations with a modular and interoperable way to safeguard AI systems running in production. It also serves as a core element of the Cisco Secure AI Factory with NVIDIA, a validated reference architecture built to securely power AI workloads across customer environments.
On the networking side, Cisco’s SASE platform introduces AI traffic optimization that detects AI communications and applies techniques such as packet duplication to maintain reliable interactions during traffic surges. The platform now offers MCP visibility and intent-aware inspection that evaluates the reasoning behind agentic messages and actions.
Addressing AI Security Concerns
The urgency behind Cisco’s announcement reflects deeper anxiety within enterprise boardrooms about AI adoption. The fundamental concern isn’t AI’s capabilities or job displacement; it is about control and security.
These concerns were front and center at the World Economic Forum in Davos last month, where business leaders focused heavily on AI security.
Raj Sharma, EY’s Global Managing Partner of Growth and Innovation, noted that there wasn’t enough discussion about AI security, particularly around the management of AI agents and their lifecycles.
“It has access to your data. It has no name, so there is no identity or anything associated with that,” Sharma said.
This perhaps explains why Cisco is positioning governance and security as the cornerstone of its AI Defense updates. The company’s advanced algorithmic red teaming capabilities allow organizations to stress-test their AI systems before deployment, running adaptive, multi-turn attacks in multiple languages to identify vulnerabilities that could be exploited once agents go live.
Many enterprises also rely on third-party AI providers, creating unease about depending on critical technology without complete oversight. Cisco’s AI Bill of Materials directly addresses this visibility gap by providing a centralized inventory of every AI software asset an organization uses, including model context protocol servers and third-party dependencies, so security teams know which AI components are running and where they originated.
When organizations deploy autonomous agents that can independently access systems, manipulate data, and execute actions across workflows, they’re handing control to entities that, if compromised, could cause widespread damage. Unlike traditional software, where compromises are often localized, a hacked AI agent with broad permissions could trigger cascading failures or breaches across an entire operation. This is why Cisco’s real-time agentic guardrails continuously monitor agent behavior in production, detecting when an agent receives poisoned tools or malicious prompts designed to trigger unauthorized actions.
The MCP Catalog extends this protection by discovering and managing risks across all MCP servers agents rely on, whether public or private, giving enterprises better governance over the external services their autonomous agents interact with.
Security as the Foundation for AI Adoption
Cisco’s announcement reveals a fundamental bet: enterprises won’t scale AI adoption without a complete security posture that addresses every layer where AI intersects with their operations.
“For today’s CIOs and CISOs, the explosive growth of AI-driven workloads creates both opportunity and risk,” said Mauricio Sanchez, senior director at Dell’Oro Group, following the announcement.
Beyond the core AI Defense platform, Cisco is fortifying its broader infrastructure, from legacy identity systems with Active Directory Defense, to autonomous security operations via AgenticOps, to future-proofing network hardware with post-quantum cryptography in IOS XE 26. This comprehensive approach acknowledges that AI security isn’t a single-product problem. A compromised identity system can hand an agent unauthorized access; a vulnerable network can expose agent communications.
As AI deployments accelerate from pilots to production systems, the questions raised at Davos about agent identity, lifecycle management, and control will only intensify. Cisco’s bet is that competitive advantage in enterprise AI won’t belong to whoever builds the most capable agents, but to whoever enables the safest deployment at scale.
