Chuck Robbins, CEO of Cisco, addressing customers at the 2026 Cisco Live conference.
Maribel Lopez
At Cisco Live in Las Vegas this week, the company delivered a sobering security message for enterprise buyers. AI helps the bad actors move faster, and the window to get ahead of it is closing quickly.
“AI changes the speed of defense. The bad corollary to that is it’s empowering our adversaries at a pace that we’ve never seen in our careers. …These models are as bad today as they’re ever going to be,” Cisco CEO Chuck Robbins told the packed keynote audience — a line that landed with more weight than a typical tech conference applause line. He wasn’t talking about AI being ineffective. He was talking about it being weaponized.
A New Kind of Threat
The cybersecurity industry has spent years warning about AI-powered attacks. What’s changed in 2026 is that frontier AI models — particularly Anthropic’s Claude Mythos have made those warnings concrete.
What sets Mythos apart from prior AI models is not general intelligence but what it can do in a cybersecurity context. According to Anthropic, it can autonomously identify and exploit software vulnerabilities at a level that outpaces almost all human security experts. In controlled testing, the model has been shown to identify thousands of zero-day vulnerabilities over several weeks — a pace no human security researcher or team could match.
The dual-use nature of that capability is what makes Mythos a defining moment for enterprise security. The same model that can find and patch vulnerabilities at unprecedented speed can, in the wrong hands, find and exploit them. CrowdStrike’s 2026 Global Threat Report found an 89% increase in attacks by adversaries using AI — and Mythos-class capability represents a meaningful step change in what those adversaries can bring to bear.
Anthropic has acknowledged that “models of this capability level require stronger cyber safeguards before they can be generally released,” which is why public access has been withheld while safety work continues. But what this tells us is that enterprises must prepare for a post-Mythos threat environment where any number of increasingly capable open and commercial models can and will help bad actors exploit vulnerabilities in legacy or unpatched systems. We can also see that patching isn’t enough.
Robbins warned that the capability floor for AI-assisted attacks had just risen significantly and will not come back down. The most alarming shift is speed. Where it once took days or weeks for bad actors to move from a disclosed vulnerability to a working exploit, that timeline has compressed to minutes. Cisco’s own security team demonstrated the flip side of that same capability. Robbins said in the past eight weeks, Cisco used AI to scan 1.8 billion lines of code across 25 programming languages. Before these models existed, Robbins said, that would have taken approximately eight years.
The implication is uncomfortable but unavoidable. The same technology accelerating legitimate security work is accelerating attacks at the same pace. Neither side has an obvious advantage, and the defender’s job — protecting a complex, distributed enterprise — is structurally harder than the attacker’s.
Agents Make Everything Harder
If AI-powered threats were the only problem, that would be manageable. But Cisco’s President and Chief Product Officer, Jeetu Patel, outlined a second, compounding challenge: the rapid proliferation of AI agents is creating an attack surface that enterprises are almost entirely unprepared for.
The AI industry evolved from chatbots that respond to questions to AI agents that can act autonomously. Patel said Cisco’s research found that a single AI agent generates roughly 450% more network traffic than a human performing the same task. Multiply that by thousands of agents running across an enterprise, and the infrastructure and security implications are significant.
More importantly, agents have access to tools. Agents call APIs, query databases, submit code, and interact with external services. The goal of an agentic AI system is to perform tasks without a human in the loop. Patel’s framing was blunt: “Agents are like teenagers. They’re supremely intelligent, but they have no fear of consequence.”
Agentic AI creates new attack vectors that aren’t easy to manage with existing solutions. For example, prompt injection attacks can manipulate an agent’s behavior. Data poisoning can corrupt its decision-making. Meanwhile, bad actors can perform tasks at high speed with a compromised agent before anyone notices anything is wrong.
While agentic AI has great potential, most enterprises lack the proper visibility, security and management to handle agents. Companies need a systematic way to know how many agents are running in their environment, what those agents are authorized to do, or whether they are behaving as intended. This is one security gap Cisco is racing to close alongside other security companies, hyperscalers, and startups.
The Identity Problem Nobody Has Solved
Businesses are just waking up to the problem of non-human identity posed by AI agents. Every person accessing a corporate system has an identity with a role, credentials, and permissions. Machines, services, and AI agents largely do not, at least not in any consistent or governed way.
In May, Cisco acquired Astrix Security, an AI company focused on the non-human identity category. Before enterprises can enforce meaningful controls on agent behavior, they need a reliable way to know which agents exist, what they have access to, and what they should be allowed to do. The platform helps organizations discover, govern, and protect machine identities, preventing unauthorized access and securing AI agents from malicious attacks. Cisco can integrate this technology into its Cisco Identity Intelligence and zero-trust products, such as Duo and Secure Access, to safely manage the proliferation of AI agents.
This is not a theoretical future problem. Enterprises are deploying agents today, and most are doing so without the right identity infrastructure to govern them. If they deploy agents within a specific SaaS stack, permissions and governance are typically handled by that software. Once we start discussing multi-agent workflows that cross applications, the challenge becomes more complex. Astrix gives Cisco more capabilities to support identity for an agentic future.
Cisco’s Response In Three Moves
Beyond the Asterix acquisition, Cisco announced a set of products and capabilities aimed directly at the threat landscape it described.
- AI Defense, extended for agents. Cisco launched AI Defense roughly 18 months ago to provide visibility and guardrails for AI models and applications. The updated version adds capabilities specifically for agentic deployments: adaptive testing, behavioral guardrails, security for agentic supply chains, and support for all major agent platforms, including Claude, Codex, and OpenAI.
- Zero trust that gets an update for AI agents. The traditional zero trust model is built around access control: verify identity, grant minimum necessary permissions, and monitor behavior. Cisco correctly argues that today’s access control is insufficient for agents. What enterprises need is action control — the ability to intercept and verify every action an agent takes, not just whether it was authorized to log in. This is a meaningful architectural shift, and one that Cisco is embedding into its platform rather than offering as a standalone product.
- An agentic SOC. The cybersecurity talent shortage is severe. Approximately 4 million positions go unfilled annually in the US alone, according to Cisco. The volume of security alerts already exceeds human capacity to investigate. Cisco’s answer is an AI-powered Security Operations Center where agents autonomously triage alerts, identify anomalies, and, in time, predict and prevent breaches. The foundation is Cisco Data Fabric, a Splunk-powered platform that ingests petabyte-scale telemetry from network, security, application, and third-party sources.
The Galileo Acquisition: Watching the Watchers
Governing AI agents requires knowing what they are doing — not just whether they are authorized to act, but whether they are producing the outcomes they were designed for. This is the observability problem, and it is harder than it sounds.
To address it, Cisco acquired Galileo, an AI observability company founded by researchers who previously worked with Google and DeepMind. Galileo’s technology powers what Cisco calls full-stack agent observability. This is visibility into infrastructure performance, model behavior, application runtime, and agent output quality. It also includes whether agents consume tokens at a sensible rate.
That last point surfaced repeatedly during the keynote and reflects a real operational concern. A runaway agent that has been misconfigured or has drifted from its intended behavior can consume an entire organization’s annual AI budget in a matter of days. Token cost management is not a glamorous feature, but it is required for this new era of AI infrastructure.
Cisco Cloud Control: The Platform Beneath All of It
One of the more surprising announcements was the newly launched Cisco Cloud Control. For anyone who’s followed networking and Cisco for years, the concept of a true unified management console has been discussed for many years, and it’s devilishly difficult to execute. Every part of the portfolio had its own management tools that were loosely coupled at best, if at all. Cisco Cloud Control aims to be a new unified management platform that consolidates the company’s entire product portfolio under a single interface with single sign-on. Cloud Control is the operational layer through which Cisco intends to deliver its AI security and observability strategy.
The security-specific capabilities embedded in Cloud Control, such as agent security monitoring, cross-domain threat correlation, and policy enforcement in natural language, represent a meaningful shift from how enterprise security tools have historically operated. Rather than logging into separate dashboards for networking, security, and operations, administrators can query their entire infrastructure environment in natural language and receive correlated, actionable insights across domains.
The demos made it look like Cisco had finally cracked the code. Whether that vision holds up at enterprise scale remains to be tested. But the architecture Cisco described — silicon to semantics, from custom networking chips to AI agents operating on top of them — reflects a deliberate bet that the company’s control of the full infrastructure stack is a genuine competitive advantage in an AI-defined security landscape.
Enterprise AI Threats Are Real and Increasing
Cisco’s keynote was, of course, a product announcement. But stripped of the stage production, the underlying argument is sound and worth taking seriously.
AI is compressing attack timelines. Agents are expanding the attack surface in ways that existing security architectures can’t handle. The cybersecurity workforce is not growing fast enough to compensate. And most enterprises are deploying agents today without the governance infrastructure to know what those agents are doing, let alone control them.
The organizations that will navigate this well are not necessarily the ones that move fastest. They are the ones that treat agent governance — identity, authorization, behavioral monitoring, and action control — as a first-class infrastructure concern rather than an afterthought. Enterprise technology leaders want and need their existing technology stack providers to evolve their security and management stacks to support AI threats. Cisco is making a significant bet that enterprises will pay for that infrastructure. Given the threat landscape it described, the bet seems rational.
