Cisco upgrades security portfolio for autonomous AI agents

Contents

At its in-house conference Cisco Live EMEA in Amsterdam, the network equipment manufacturer presented comprehensive innovations for its security portfolio. The focus is on securing so-called agentic AI systems, i.e., autonomous AI agents that can make decisions independently and interact with tools.

According to Cisco, the transition from AI assistants to autonomous agents marks a turning point for corporate security. Jeetu Patel, President and Chief Product Officer at Cisco, emphasized the dual nature of the challenge: "We are developing safeguards that work in both directions: they prevent agents from being compromised, and at the same time control what they can access and what they can do on our behalf."

According to a Gartner forecast, 40 percent of companies will be using AI agents productively by the end of 2026. Currently, it is less than 5 percent. The industry faces a gap between ambition and reality: according to Cisco's AI Readiness Index, only 24 percent of organizations feel equipped to adequately control agentic behavior when using AI.

Biggest update for Cisco AI Defense

The core of the announcements is the most comprehensive expansion of Cisco AI Defense since its launch in January 2025. The system is now intended to secure the entire AI supply chain and provide runtime protection for tool usage by agents.

New additions include, among others:

• AI BOM (Bill of Materials): Centralized overview and governance for AI software assets, including MCP servers (Model Context Protocol) and third-party dependencies
• MCP Catalog: Recording and risk management for MCP servers across public and private platforms
• Extended algorithmic Red Teaming: Adaptive tests for models and agents in multiple languages with single and multi-turn scenarios
• Real-time monitoring: Continuous monitoring of agentic interactions to detect manipulation or insecure behavior

The product integrates with Nvidia NeMo Guardrails and is part of the Cisco Secure AI Factory with Nvidia.

SASE becomes AI-aware

Cisco has also made improvements in the area of Secure Access Service Edge (SASE). The new version is designed to automatically detect and optimize AI traffic to ensure reliable, low-latency connections even during peak loads.

Intent analysis is also new: instead of just checking where a data packet is going, Cisco uses Natural Language Processing to understand why it is being sent. This is intended to detect threats such as prompt injection, cost harvesting, or unintentional automation in real-time.

The SASE platform also offers detection and control of MCP communication with in-path controls and coordinated controls across Software-Defined WAN (SD-WAN) and Security Service Edge (SSE).

Post-Quantum Cryptography for Routers and Switches

For scalable, cryptographically protected network connections, Cisco is announcing IOS XE 26. The version runs on the recently introduced Cisco 8000 Series Secure Routers and Cisco C9000 Series Smart Switches, as well as on two new variants of the 8100 Series Secure Routers for small and medium-sized businesses.

According to the manufacturer, IOS XE 26 delivers the industry's first full-stack post-quantum cryptography (PQC) for businesses. It is designed to protect against device manipulation and data compromise and is based on European and global regulatory requirements.

With the new major release, Cisco is expanding traditional policy-based segmentation with direct security service insertion. This method allows traffic requiring deeper inspection to be selectively forwarded to specific security services such as firewalls or intrusion prevention systems (IPS), based on identity and context rather than general forwarding.

The advantage: Only relevant flows are inspected, while non-critical traffic does not need to be rerouted via central security systems via hairpinning, which increases efficiency while also increasing control over internal data streams. This granular control is becoming increasingly important, especially with the growing east-west traffic in modern networks, for example between robots in factories or between multiple AI agents at the edge.

In addition, Cisco has revised the update mechanism with Next-Gen Extended Fast Software Update (xFSU). In many cases, this is intended to enable switchover times in the upgrade process of less than one second, making maintenance interruptions for users and applications almost non-existent and allowing systems with high availability requirements to be updated with virtually no noticeable downtime. However, the extent of this effect in actual operation depends on the platform, the software version, and the activated features.

Duo protects Active Directory

With Duo Active Directory Defense, Cisco is also extending protection to older on-premises identity infrastructures. According to Cisco Talos, almost half of all identity-based attacks target Active Directory. The functions are intended to address security vulnerabilities that arise because modern controls and MFA are only partially effective in classic AD environments.

In partnership with SpecterOps BloodHound Enterprise, Cisco helps teams visualize attack paths in Active Directory and integrate them into a central security strategy.

AgenticOps for automated security operations

With AgenticOps, Cisco is expanding its Security Cloud with agent-based functions. These analyze firewall telemetry, capacity, status, and configuration data to provide prioritized recommendations and automatically resolve selected issues. Through integration with Splunk and the Cisco Data Fabric, network and security telemetry data are to be consolidated and anomalies detected more quickly.

With the new offerings, Cisco is addressing the growing security requirements of a corporate landscape in which autonomous AI agents are increasingly taking on critical roles. The combination of supply chain monitoring, intent-based analysis, and post-quantum encryption is intended to enable companies to use agentic AI with confidence while maintaining control over the systems' actions.

(afl)