Cisco Makes Its Bid to Run the Agentic Enterprise at Cisco Live US 2026

June 09, 2026

Technology Note By: Mark Tauschek, Info-Tech Research Group

Cisco Live wrapped up in Las Vegas on June 4, and the theme was pretty consistent across announcements and sessions. Cisco wants to be the layer the agentic enterprise runs on, not a vendor of boxes that carry agent traffic. It aspires to be the operational foundation where humans and AI agents manage, secure, and defend infrastructure together.

It’s a theme that Google followed at Cloud Next in April and Amazon is developing with AWS Bedrock AgentCore. The difference in Cisco’s pitch is the direction of the traffic. Google and AWS push down (southbound) from the cloud, while Cisco is pushing traffic up (northbound) from the network. Cisco’s credibility comes from the security stack that it has bought and built, the massive installed base in enterprise and data centers globally, and 40 years of operational telemetry. Add to that Cisco’s record Q3 revenue leading up to Cisco Live of US$15.8 billion, up 12% year over year, and driven largely by demand tied to connecting and securing AI, and it starts to become clear that the annual conference is a lot more than a bunch of product announcements (although there was that, too).

How We Got Here

This week did not come out of nowhere. Cisco’s messaging has been consistent for the past four months, so there were no big surprises. At Cisco Live EMEA in Amsterdam in February, Cisco laid the foundation with Silicon One G300, the Nexus One management plane, and the first naming of AgenticOps as an operating model. At RSAC in March, Cisco reframed security around the agentic workforce. In May, it closed its acquisition of Astrix Security to handle nonhuman identity. Cisco Live US is where those puzzle pieces come together and give us a clear picture of the headline product, Cisco Cloud Control. Everything else announced either feeds it or rides on top of it.

The Headline Was Cisco Cloud Control

Managing enterprise infrastructure is still not done in the ever elusive “single pane of glass.” One console for networking, another for security, a third for compute, a fourth for observability, and a fifth for collaboration. Cloud Control collapses that into one login and one view, with a single data layer that people and agents both draw from. Humans stay in control of what matters while agents do most of the tedious heavy lifting. At least that’s the vision, but let’s be honest – we’ve heard that story before. So why is it different this time, Cisco?

Cisco said these three pieces make Cloud Control more than a unified dashboard:

Purpose-built models, not one big LLM. Incoming tasks route to the right model. Cisco’s Deep Network Model is trained on four decades of operational networking data and comes alongside a foundation security model and a time-series model for telemetry. Frontier models handle broad reasoning. The claim is that system intelligence scales with the complexity of the problem, not just the size of the model.
Trusted agents that follow a path. Agents move from signal to action through a structured loop where they will spot trouble, find cause, carry out a fix, test it before deployment, and confirm recovery. An actions queue surfaces root cause analyses and confidence scores for human review before any changes go live on the production network.
Build your own, in plain language. Cloud Control Studio (targeted for release late 2026) pairs an Agent Builder, wired to over 50 third-party platforms through native connectors or the open Model Context Protocol (MCP), with an App Builder that has OpenAI Codex embedded. Whatever you build inherits the platform’s security and observability automatically.

The partner ecosystem list tells you a lot about Cisco’s credibility as the largest, most established network infrastructure vendor in the world. Cloud Control Marketplace launches with ServiceNow, Atlassian, BMC, Okta, Microsoft Entra ID, NVIDIA, OpenAI, and Anthropic among the connectors. Cisco is not asking you to abandon your existing investment in your technology stack, it is asking to sit above it.

Cloud Control enters controlled availability in the US immediately, with global availability to follow. For planning purposes, this means that Cloud Control is real enough to pilot but not yet mature enough to bet the operating model on right away. Studio is the part that lets you build, and it’s what you’ll want to watch when it starts shipping in late 2026.

The Patch Cycle Just Broke

In our April 15 research note on Claude Mythos, we warned IT leaders to “prepare for massively accelerated and existential patch cycles,” and Cisco echoed that, saying that AI-enabled attacks have collapsed the window between vulnerability disclosure and working exploit from weeks to minutes. The traditional patch cycle, the one your change management process is built around, isn’t going to cut it anymore.

Cisco calls it the Mythos era, where we’re seeing a coming wave of advanced attacks at machine speed and high prevalence. Cisco is now a charter member of both Anthropic’s Project Glasswing and OpenAI’s Daybreak, putting its own products through the paces with frontier models to find weaknesses before adversaries do, and it has open-sourced the resulting Foundry Security Spec so other defenders can learn from Cisco’s experiences.

The product answer is Live Protect, a virtual shield that applies compensating controls to a device with no reboot, no upgrade, and no maintenance window and is precise enough to target a specific process-to-file interaction on a running box. It now ships in Nexus N9000 switches and is expanding to campus and branch smart switches, with secure routers later in the year. Think of it as a digital immune system that buys you time when patching at the speed of disclosure is not physically possible.

If you have been tracking the accelerated patching problem, this is that problem turned into a shipping feature. It definitely warrants consideration at your next risk review.

Identity Is the New Perimeter, and Agents Broke It

Agents are joining the workforce, and they do not behave like users or service accounts. They reason, call tools, and act autonomously and continuously. Standing role-based access, scoped for a human who logs in and out, doesn’t work for software that never sleeps and occasionally goes sideways.

Cisco’s framing is a shift from access control to action control. Through Agentic IAM, delivered via Cisco Secure Access, an agent gets ephemeral permissions scoped to a single task that gives them just enough access, just in time, just long enough. No six month static role-based access, it expires when the task does.

Underneath sits the recently acquired Astrix technology, using process-level inspection to tell agent activity apart from human activity, plus DefenseClaw, Cisco’s open-source runtime framework for agents, now embedded into Cisco Secure Client. Secure Client sits on more than 200 million enterprise devices, which is a flex by Cisco. It means agent protections can land at the endpoint across the enterprise without anyone having to grant access to each agent by hand.

The Network That Fixes Itself, Maybe

Network operations still rely on humans to notice a problem and push the fix. Cisco wants agents to find and fix the routine cases and keep humans in the loop for the more serious issues.

Agentic Actions for networking goes beta in June through Meraki and runs a five-stage loop: sense, diagnose, remediate, validate, deploy. Experience Metrics turns raw device telemetry into real user experience measurements. Deep Reasoning applies the purpose-built models to multistep root cause analysis. And Digital Twin, entering alpha in July, runs an emulated replica of your production network using actual software images rather than a math model, so an agent can test a change before it touches anything live.

Alongside these offerings, Cisco Multicloud Fabric is a cloud-delivered overlay connecting branches, data centers, and workloads across AWS, Azure, Google Cloud, and neoclouds, with zero trust routing and built-in ThousandEyes and Splunk observability. Nothing to install on the customer side. One button in Cloud Control that Cisco says will come together in minutes. Whether “minutes” survives contact with a real enterprise network is the question to ask your account team.

Splunk Becomes the Brain

The Cisco Data Fabric, powered by Splunk, is the data foundation under Cloud Control and the new agentic SOC. The important change is federated search, so rather than hauling data into Splunk, Cisco brings Splunk to the data and queries across environments without copying or moving it. A turnkey machine data lake (like Splunk Machine Data Lake) automates schema management for raw machine data, and an AI toolkit supplies domain-specific models.

On top of that data sits an agentic SOC with six purpose-built agents covering the detection and response lifecycle, plus AI site reliability engineering (SRE from the Galileo acquisition) that does autonomous root cause analysis and adds traceability and visibility into agent execution, including tool calls, LLM interactions, and prompt injection detection. Cisco says that work that took hours or days can now be compressed to minutes or seconds. The Splunk acquisition, which looked expensive in 2024, is starting to look like a prescient acquisition that makes the rest of this possible.

Quantum Crept in

Quantum is easy to overlook in all the agentic noise, but it shouldn’t be. Cisco committed to quantum-safe communications across the majority of its core portfolio by December 2026. Starting now, any newly introduced campus, branch, and data-center routers, switches, and firewalls ship with quantum-safe secure boot by default. New Quantum Ready Assessments, available through Cisco IQ in July, find the assets most exposed to “harvest now, decrypt later” attacks, which are already happening, and tell you where to start.

The practical point for IT leaders is that quantum-safe by default in new hardware means your refresh cycle is now also your postquantum migration path, which could be an unintended bonus.

Two More Worth a Glance

Cisco refreshed the CCNA (v2.0 goes live February 2027), folded AI tooling into the CCIE practical exam, and added Splunk certifications across networking, cloud, and cybersecurity. The upskilling comes at a time when the network engineer’s job description now assumes AI-augmented operations. Factor that into hiring and training plans.

Under the Webex CX banner, Cisco launched AI WEM, AI Concierge, and Agent 360, declaring the chatbot era over and the AI-native contact center underway, with human and AI agents managed from one platform. This is relevant if contact center sits in your portfolio but more of an FYI if it doesn’t.

Our Take

Strip away the branding and Cisco’s messaging is coalescing around the fact that when software acts on its own at machine speed, you can’t operate or defend it with tools built for humans clicking through dashboards. The control plane, the identity model, the patch model, and the SOC all have to be rebuilt for agents. Cisco is betting it can be the company that does the rebuilding because it already owns the network, the security client on 200 million endpoints, and the Splunk data layer. That vendor position is definitely unique in the market. The risk you are weighing in return is consolidation onto a single vendor for the layer that runs everything.

In the near-term, IT leaders should:

Treat Cloud Control as a platform decision, not a feature. Pilot it in controlled availability to learn the operating model but keep your data portable. The open MCP support and broad connector list are your insurance against lock-in. Don’t consolidate the agent control plane onto one vendor before the category settles – and recognize that might be a while.
Rewrite your patch assumptions now. A seconds- or minutes-long exploit window breaks weekly or monthly patch SLAs. Inventory what can accept runtime shielding like Live Protect and what can’t and deal with the latter as a top operational risk. This is the most actionable takeaway in the short term.
Start governing nonhuman identity. If agents are already calling tools in your environment, they need scoped, ephemeral, auditable access today, not after the next incident. Move toward action control and map where agents are issued standing identity credentials. This may be the most important takeaway that requires attention immediately.
Build postquantum into your refresh plan. Begin the “harvest now, decrypt later” inventory and align hardware refresh timing with quantum-safe availability. The cost of starting is mostly planning time, but the cost of waiting will start to compound quickly.
Redesign the NetOps and SecOps team, not just the tooling. Autonomous remediation and an agentic SOC change what your people do and what skills you hire for. Build the human-in-control review process before the agents arrive, and if they’re already here, act now before the agent ranks swell.

Keep in mind that a lot of what was announced is in beta, alpha, controlled availability, or coming between July and late 2026. The vision is coherent and the direction certainly seems right, but the timelines are loose, so ask your vendor to commit to dates in writing.