Cisco brings agentic ops platform and security overhaul to Cisco Live

Cisco built the networking infrastructure that underpins the internet and the cloud. At Cisco Live this week, the company is making its case to hold that same position as enterprises shift from AI chatbots to autonomous agents. Where chatbots answer questions, agents take actions: They execute tasks, call tools, make changes, and operate continuously at machine speed. That changes the requirements for networking, security, and observability, and it is the frame for a series of announcements. Among the key announcements from the Las Vegas event are: Cisco Cloud Control: A unified management platform spanning Meraki, Nexus, Intersight, Splunk, and Collaboration. Agentic Actions for networking: Closed-loop autonomous remediation for campus and branch networks. Cisco Multicloud Fabric: A cloud-delivered service connecting branches, data centers, and cloud workloads across AWS, Azure, Google Cloud, and neoclouds. Live Protect expansion: Runtime vulnerability shielding without reboots or maintenance windows, expanding to campus and branch Smart Switches. Agentic IAM: Ephemeral, task-scoped access controls for AI agents delivered through Cisco Secure Access. Cisco Data Fabric powered by Splunk: Federated Search, a Turnkey Machine Data Lake, an AI Toolkit, and an Agentic SOC with six purpose-built security agents. New hardware: C9550 Core switch, 8100/8200/8300/8600 Secure Routers, outdoor Wi-Fi 7, the IR1000 industrial router, and the Cisco Board Pro G3. “It’s no longer about humans clicking through dashboards, in a multitude of dashboards, trying to keep up with what the agents are doing,” DJ Sampath , senior vice president and general manager for AI software and platform, said during a press briefing. “A true collaborative operating model starts when agents are doing the heavy lifting and humans are constantly staying in control of what matters.” Cisco Cloud Control Managing enterprise infrastructure today means logging into separate dashboards for networking, security, compute, observability, and collaboration. Cloud Control replaces that with a single environment where humans and agents work from the same data and the same interface. “With Cloud Control, what you’re getting is a secureness that allows you to be able to manage your infrastructure really, you know, effectively,” Sampath said. “It provides you with observability controls, it provides you with, you know, a safe AI gateway, guardrails for these agents. All of these come bundled along with Cloud Control.” Core capabilities in Cloud Control include: Cross-domain telemetry : Cloud Control aggregates data across networking, security, observability, AI infrastructure and collaboration into a shared data fabric that both operators and agents draw from simultaneously. Purpose-built models : Incoming tasks are routed to the most appropriate model rather than sent through a single large language model. Cisco’s own models include the Deep Network Model, trained on four decades of operational networking data, a Foundation Security Model, and a time-series model for telemetry analysis. Frontier models are available for broad reasoning tasks. Trusted agents : Agents are grounded in live telemetry, governed with enterprise guardrails and action-ready to execute at machine speed. The Cisco AI Canvas is the multiplayer workspace where operators and agents investigate and resolve incidents from shared live data. An Actions queue surfaces recommendations, root cause analyses and confidence scores for human review before any change is deployed. Cloud Control Studio : Targeted for late 2026, Studio adds an Agent Builder for creating custom agents with connectivity to more than 50 third-party platforms via native connectors or the Model Context Protocol, and an App Builder that embeds OpenAI’s Codex into the platform. Anything built inside Cloud Control inherits its observability and security controls automatically. Cloud Control Marketplace: Launches with integrations across IT service management (ServiceNow, Atlassian, BMC), identity (Okta, Ping Identity, Microsoft Entra ID, Jamf), network monitoring (LiveAction, Panduit), infrastructure knowledge (NetBox Labs, Device42, Vertiv) and AI-native platforms (Anthropic, OpenAI, NVIDIA, Collibra), among others. Agentic networking and Multicloud Fabric Network operations teams still rely on manual processes to detect problems and push fixes, while enterprise AI applications are increasingly split across multiple clouds. Cisco is addressing both with announcements this week. First up is Agentic Actions for networking. Entering beta in June 2026 via Meraki, the feature follows a five-stage loop: sense, diagnose, remediate, validate, deploy. Experience Metrics converts raw device telemetry into user-experience measurements in real time. Deep Reasoning applies Cisco’s purpose-built models to multi-step root cause analysis. Digital Twin runs an emulated replica of the production network using actual software images rather than a mathematical model, allowing agents to test changes before deployment. Digital Twin enters alpha in July 2026. The second announcement in this area is Cisco Multicloud Fabric. It connects branches, data centers, and cloud workloads across AWS, Azure, Google Cloud, and neocloud providers through a managed overlay with no customer-side hardware required. The fabric includes zero trust routing, cloud firewall service chaining and built-in ThousandEyes and Splunk observability. “This is a cloud-delivered service that Cisco builds and operates, so there’s nothing for the customer to install or deploy,” said Anurag Dhingra , senior vice president and general manager for enterprise connectivity and collaboration. “It’s instantly available, configured seamlessly with one button in Cisco Cloud Control, and it stitches all of this connectivity in minutes.” Security: Live Protect and Agentic IAM Frontier AI models have compressed the window between vulnerability discovery and exploitation from months to minutes. Cisco is responding with runtime defenses that operate at the infrastructure layer and a new access control model built specifically for AI agents. Live Protect: Applies runtime compensating controls to network devices without reboots or maintenance windows, precise enough to target a specific process-to-file interaction on a running device. Agentic IAM : Rather than standing role-based access, agents receive ephemeral permissions scoped to a specific task, delivered through Cisco Secure Access via multi-turn LLM, API and MCP policy enforcement. “So instead of access control, we start to move to action control,” said Tom Gillis , senior vice president and general manager for infrastructure and security. “It’s just in time, it’s just enough access, and it’s just long enough, meaning it’s ephemeral. So you don’t get six months or a year’s worth of access, you get the access that you need to be able to do and perform a task and no more.” Non-human identity and agent protection : Cisco is building on technology it gained via the acquisition of Astrix Security to improve agentic AI security. The technology uses process-level inspection to distinguish agent activity from human activity. DefenseClaw, Cisco’s open-source runtime security framework for AI agents, is being embedded into Cisco Secure Client. With Secure Client deployed on more than 200 million enterprise devices, that means endpoint-level agent protections can be applied across the enterprise without requiring developers to instrument each agent individually. Cisco Data Fabric and the Agentic SOC Cisco Data Fabric , which debuted in September 2025, is getting a big update at Cisco Live. Powered by Splunk, it consolidates telemetry across network, application, security and third-party sources into a common layer that both human analysts and automated agents draw from, and serves as the data foundation for Cloud Control and the Agentic SOC. Among the enhancements is an improved federated search capability. “Instead of having to move data into Splunk, we bring Splunk to the data and we can query this data across different environments without copying, without moving it,” Kamal Hathi , sernior vice president and general manager for Splunk, said. There is also an AI Toolkit Agent Builder that provides domain-specific models for machine data operations as well as what Cisco is calling a Turnkey Machine Data Lake which automates schema management for raw machine data using AI. On top of the data fabric, Cisco is deploying an Agentic SOC with purpose-built agents covering the full detection and response lifecycle. “We’re reducing the time and sophistication required for security operations,” Hathi said. “We’re driving down from what used to take maybe days and hours down to minutes and seconds.” Going a step further Cisco is integrating an AI SRE capability that performs autonomous root cause analysis for application and infrastructure performance issues. Technology gained by the acquisition of Galileo earlier this year, adds trace-level observability into agent execution covering tool calls, LLM interactions and prompt injection detection. “Splunk then provides us full visibility into all aspects of the use of AI and agentic solutions and really makes all of this possible at scale in a trusted manner,” Hathi said.