\n<\/p>\n
Chuck Robbins, CEO of Cisco, addressing customers at the 2026 Cisco Live conference.<\/span><\/p>\n Maribel Lopez<\/small><\/div>\n<\/div>\n<\/figure>\n At Cisco Live<\/a> in Las Vegas this week, the company delivered a sobering security message for enterprise buyers. AI helps the bad actors move faster, and the window to get ahead of it is closing quickly.<\/p>\n “AI changes the speed of defense. The bad corollary to that is it’s empowering our adversaries at a pace that we’ve never seen in our careers. \u2026These models are as bad today as they’re ever going to be,” Cisco CEO Chuck Robbins told the packed keynote audience \u2014 a line that landed with more weight than a typical tech conference applause line. He wasn’t talking about AI being ineffective. He was talking about it being weaponized.<\/p>\n The cybersecurity industry has spent years warning about AI-powered attacks. What’s changed in 2026 is that frontier AI models \u2014 particularly Anthropic’s Claude Mythos have made those warnings concrete.<\/p>\n What sets Mythos apart from prior AI models is not general intelligence but what it can do in a cybersecurity context. According to Anthropic, it can autonomously identify and exploit software vulnerabilities at a level that outpaces almost all human security experts. In controlled testing, the model has been shown to identify thousands of zero-day vulnerabilities over several weeks \u2014 a pace no human security researcher or team could match.<\/p>\n The dual-use nature of that capability is what makes Mythos a defining moment for enterprise security. The same model that can find and patch vulnerabilities at unprecedented speed can, in the wrong hands, find and exploit them. CrowdStrike’s 2026 Global Threat Report found an 89% increase in attack<\/a>s by adversaries using AI \u2014 and Mythos-class capability represents a meaningful step change in what those adversaries can bring to bear.<\/p>\n Anthropic has acknowledged that “models of this capability level require stronger cyber safeguards before they can be generally released,” which is why public access has been withheld while safety work continues. But what this tells us is that enterprises must prepare for a post-Mythos threat environment where any number of increasingly capable open and commercial models can and will help bad actors exploit vulnerabilities in legacy or unpatched systems. We can also see that patching isn\u2019t enough. <\/p>\n Robbins warned that the capability floor for AI-assisted attacks had just risen significantly and will not come back down. The most alarming shift is speed. Where it once took days or weeks for bad actors to move from a disclosed vulnerability to a working exploit, that timeline has compressed to minutes. Cisco\u2019s own security team demonstrated the flip side of that same capability. Robbins said in the past eight weeks, Cisco used AI to scan 1.8 billion lines of code across 25 programming languages. Before these models existed, Robbins said, that would have taken approximately eight years.<\/p>\n The implication is uncomfortable but unavoidable. The same technology accelerating legitimate security work is accelerating attacks at the same pace. Neither side has an obvious advantage, and the defender’s job \u2014 protecting a complex, distributed enterprise \u2014 is structurally harder than the attacker’s.<\/p>\n<\/section>\n If AI-powered threats were the only problem, that would be manageable. But Cisco’s President and Chief Product Officer, Jeetu Patel, outlined a second, compounding challenge: the rapid proliferation of AI agents is creating an attack surface that enterprises are almost entirely unprepared for.<\/p>\n The AI industry evolved from chatbots that respond to questions to AI agents that can act autonomously. Patel said Cisco’s research found that a single AI agent generates roughly 450% more network traffic than a human performing the same task. Multiply that by thousands of agents running across an enterprise, and the infrastructure and security implications are significant.<\/p>\n More importantly, agents have access to tools. Agents call APIs, query databases, submit code, and interact with external services. The goal of an agentic AI system is to perform tasks without a human in the loop. Patel’s framing was blunt: “Agents are like teenagers. They’re supremely intelligent, but they have no fear of consequence.”<\/p>\n Agentic AI creates new attack vectors that aren\u2019t easy to manage with existing solutions. For example, prompt injection attacks can manipulate an agent’s behavior. Data poisoning can corrupt its decision-making. Meanwhile, bad actors can perform tasks at high speed with a compromised agent before anyone notices anything is wrong.<\/p>\n While agentic AI has great potential, most enterprises lack the proper visibility, security and management to handle agents. Companies need a systematic way to know how many agents are running in their environment, what those agents are authorized to do, or whether they are behaving as intended. This is one security gap Cisco is racing to close alongside other security companies, hyperscalers, and startups. <\/p>\n<\/section>\n Businesses are just waking up to the problem of non-human identity posed by AI agents. Every person accessing a corporate system has an identity with a role, credentials, and permissions. Machines, services, and AI agents largely do not, at least not in any consistent or governed way. <\/p>\n In May, Cisco acquired<\/a> Astrix Security<\/a>, an AI company focused on the non-human identity category. Before enterprises can enforce meaningful controls on agent behavior, they need a reliable way to know which agents exist, what they have access to, and what they should be allowed to do. The platform helps organizations discover, govern, and protect machine identities, preventing unauthorized access and securing AI agents from malicious attacks. Cisco can integrate this technology into its Cisco Identity Intelligence and zero-trust products, such as Duo and Secure Access, to safely manage the proliferation of AI agents.<\/p>\n This is not a theoretical future problem. Enterprises are deploying agents today, and most are doing so without the right identity infrastructure to govern them. If they deploy agents within a specific SaaS stack, permissions and governance are typically handled by that software. Once we start discussing multi-agent workflows that cross applications, the challenge becomes more complex. Astrix gives Cisco more capabilities to support identity for an agentic future. <\/p>\n<\/section>\n Beyond the Asterix acquisition, Cisco announced a set of products and capabilities aimed directly at the threat landscape it described.<\/p>\n Governing AI agents requires knowing what they are doing \u2014 not just whether they are authorized to act, but whether they are producing the outcomes they were designed for. This is the observability problem, and it is harder than it sounds.<\/p>\nA New Kind of Threat<\/h2>\n
Agents Make Everything Harder<\/h2>\n
The Identity Problem Nobody Has Solved<\/h2>\n
Cisco\u2019s Response In Three Moves<\/h2>\n
\n
The Galileo Acquisition: Watching the Watchers<\/h2>\n