Cisco expands AgenticOps with AI for network and security

Contents

At Cisco Live in Amsterdam, the network equipment manufacturer unveiled the next expansion stage of its AgenticOps model on Tuesday. The concept, introduced last year, relies on AI agents that continuously monitor IT infrastructure, independently diagnose problems, and initiate measures after confirmation. The new functions now extend across campus, data center, service provider, and security environments.

From Dashboard to Autonomous Troubleshooting

In a press briefing, DJ Sampath, SVP AI Software and Platform at Cisco, described the fundamental scaling problem: “You cannot manage systems running at agent speed with operational models at human speed.” Until now, IT teams mostly worked in an alarm-driven manner with static dashboards. In a world where AI agents as novel customer workloads place high infrastructure demands, this model is no longer scalable, according to Sampath.

For campus, branch, and industrial networks, three new core functions are intended to provide a solution. In autonomous troubleshooting, agents validate multiple hypotheses simultaneously in case of disruptions and execute deterministic corrections. Cisco advertises CCIE-level precision here to reduce the mean repair time to minutes. In parallel, continuous optimization monitors experience metrics such as connection time, capacity, and roaming to independently adjust parameters like Wi-Fi frequencies or QoS even before users notice any impairments. Additionally, Trusted Validation automatically checks planned network changes against live topologies and telemetry data, with deep reasoning techniques also handling complex tasks such as compliance checks.

Furthermore, via the Cisco AI Assistant, administrators can create their own workflows to link repeatable automations to specific conditions. The introduction of these functions for campus and branch starts in February 2026.

For data center networks, Cisco is integrating AgenticOps into Nexus One. Strategically, Nexus One serves as a unifying element to bring together the various fabrics (Hyperfabric, VXLAN, ACI) and make them operational upwards. Early detection and intelligent event correlation are intended to provide prescriptive recommendations here. However, availability is only planned for June 2026. In the service provider area, Crosswork AI is intended to diagnose cross-vendor network problems; this feature is currently in a beta phase.

AI in the Firewall as a response to the AI Explosion

A significant driver for the use of agents in security, according to Cisco, is the massive increase in external AI activities. When services like OpenAI or autonomous agents from third-party providers generate unpredictable process chains and traffic patterns, a variable system emerges that is hardly manageable with static rules anymore. Technically, Cisco counters this with AI agents in the Security Cloud Control. They analyze traffic, capacity, and configurations.

The agents are intended to proactively identify Zero Trust gaps in sensitive applications and directly provide one-click solution proposals. For troubleshooting, the manufacturer promises that the AI will independently detect performance bottlenecks such as so-called Elephant Flows, including context analysis. Additionally, the Continuous Compliance function continuously checks the firewall's rule set for deviations from standards like PCI-DSS. Raj Chopra, SVP & Chief Product Officer, Security, emphasized in the press briefing that the goal is to guide security teams from reactive firefighting to continuous optimization. General availability of these functions is planned for May 2026.

The approach at the observability subsidiary Splunk is exciting: The new AI Agent Monitoring (available from February 25) visualizes and monitors the AI agents themselves. It controls the performance, costs, and behavior of the autonomous helpers. In the future, this is to be coupled with Cisco AI Defense to detect AI-specific risks such as hallucinations, data leaks, or prompt injection in the agents.

Telemetry as a Moat

The technical foundation is Cisco's cross-domain telemetry. Signals from networking, ThousandEyes, firewalls, and Splunk flow together. DJ Sampath named three pillars for the system: real system data instead of summaries as the basis for AI logic (reasoning), an ensemble of specialized models with embedded runbooks, and agents that mutually validate each other across domains.

Humans explicitly remain “in the loop.” Governance is built in “by design,” according to Cisco. The agents are only supposed to escalate when human judgment is required – a paradigm shift from “getting the job done” to “supervising the results.”

Further information on the updates can be found at Cisco.

(afl)