Cisco Aims to Build and Secure the Network for the Agentic Era

The Dawn of the Networking Super-Cycle

The industry is standing at a precipice, moving beyond the "Chatbot Era" into the "Agentic Era."

At CiscoLive last week, CEO Chuck Robbins and Chief Product Officer Jeetu Patel leaned heavily on what they call the transition from human-led, "spiky" AI interactions

(chatbots) to a world where AI agents act as autonomous digital co-workers. Cisco’s argument is that this shift is not merely a cyclical trend. It is a “Networking Super-Cycle,” a secular, multi-year re-architecting of global infrastructure driven by a multi-trillion-dollar data center buildout.

It is not just a good story. It is a very good bet.

But the more important point for Cisco is this: the agentic era is not only an infrastructure story. It is a security story. Once agents begin to act, transact, authenticate, consume resources, write code, query data, and make decisions at machine speed, the network becomes more than a transport layer. It becomes the control plane for trust.

Building out the story

Agentic AI changes the shape of infrastructure demand. Cisco’s research suggests that agents can generate approximately 450% more network traffic than humans performing the same task. That increase comes from a new kind of machine behavior: persistent, coordinated, high-frequency exchanges among agents, models, tools, data sources, and applications.

In practical terms, this means the enterprise is preparing for a swarm of digital workers.

The surge is propelled by several forces:

• Constant memory and skills refreshes: Agents must continuously exchange high-volume files, context, instructions, and tool definitions to refresh their memory, task state, and skillsets.

• Persistent signal: Unlike humans, agents operate continuously. They replace “spiky” traffic patterns with sustained, machine-speed demand.

• Token velocity: Every autonomous decision requires a high-frequency exchange of tokens between the agent, the model, the application, and the data source. This places new strain on throughput, latency, cost controls, and policy enforcement.

This is where the security implications become impossible to separate from the infrastructure story. Agentic systems do not simply create more traffic. They create more privileged activity, more non-human identities, more API calls, more data movement, more lateral paths, and more chances for small failures to compound quickly.

In the chatbot era, the main concern was whether a human entered sensitive data into a prompt. In the agentic era, the concern is whether an autonomous system can access the wrong tool, retrieve the wrong data, call the wrong API, exceed its intended authority, or continue to act after its behavior drifts from the user’s intent.

Why This Is a Good Bet

From a purely systemic standpoint, agentic AI looks inefficient. Each additional agent adds compute load, network activity, storage demand, observability needs, and operational complexity. Yet the agentic shift is hard to dismiss because the value proposition is equally clear: coordinated agents could produce the productivity gains enterprises are now counting on.

This combination of inefficiency and productivity creates a timely opening for Cisco. The inefficiency drives demand for the very architectures Cisco is building: networking, security, observability, orchestration, and policy control. AI gives Cisco the opportunity to become essential to how enterprises build, secure, and manage the next generation of distributed compute. The company's stock performance agrees.

Cisco’s prospect is not simply tied to carrying more AI traffic. The company is betting not only on the growth of AI-driven infrastructure demand, but also on the need for a trusted control plane to govern, secure, and manage that demand.

Strategic Foundation: Security Built from Silicon to Agents

Cisco has inverted the traditional R&D model, moving “outcome-back” from the CISO’s most pressing fears to the silicon foundation. As Chief Strategy Officer Ammar Maraqa explained, Cisco identifies the desired business outcome, such as an AI-ready data center, and works backward through organic development, venture investment through its $1 billion AI fund, and strategic M&A, including Splunk, Galileo and acquisition target Astrix.

Cisco’s AI infrastructure strategy builds on its existing Silicon One architecture. Vertical integration from the physics layer, including silicon and optics, to the semantics layer, including agent behavior, creates what Ammar and Jeetu call a co-designed full stack.

Cisco argues that AI infrastructure cannot be optimized one layer at a time. The silicon, optics, networking, security, telemetry, data layer, and operations model need to be designed synchronously so the system performs better, is easier to manage, and has security and observability built in from the start.

That matters because agentic AI will stress the seams between layers. A model may appear to be the source of an issue, but the root cause could sit in identity, policy, packet flow, API access, latency, data quality, or tool permissions. Security teams will not be able to manage agentic systems through isolated controls alone. They will need telemetry, least privilege access, policy, and response stitched across the full operating environment.

According to Cisco’s strategy, controlling the underlying hardware, the telemetry fabric, and the agent guardrails gives Cisco a path to manage AI workloads with machine-speed precision. Cisco is not alone in claiming a full-stack AI infrastructure story, but it has a more credible claim than most because it can connect silicon, networking, security, observability, telemetry, and services into one operational architecture. The opportunity for Cisco is to prove that tighter engineering across those layers can reduce operational friction, improve performance, and make AI infrastructure safer to run at enterprise scale.

This is again a big bet for the network behemoth, but one in which it has already invested billions of dollars.

The Mythos Moment: Re-Engineering the Economics of Vulnerability

The emergence of frontier models like Mythos represents a step change in the industry. The “Post-Mythos World” collapses the time between vulnerability announcement and exploit development from weeks to minutes.

That changes the economics of defense. Human-led patch cycles cannot keep pace with AI-assisted exploit development. In this world, the question becomes less about whether an organization can patch everything immediately and more about whether it can reduce exposure fast enough to keep the business operating.

Cisco’s answer is a shift from patching alone to shielding.

Humans cannot patch at the speed of AI, but Cisco believes it can re-engineer the economics of defense through controls that buy time, reduce exploitability, and preserve uptime.

• CodeGuard: Cisco describes CodeGuard as part of its AI-assisted secure coding and validation framework. Cisco said it used AI-powered code analysis and testing workflows to examine more than 1.8 billion lines of code, achieving a 3% false-positive rate, allowing engineering teams to identify and fix potential vulnerabilities before they could be exploited.

• Live Protect: Powered by technology from Cisco’s acquisition of Isovalent, including eBPF and Tetragon technology, Live Protect uses kernel-level enforcement to deploy targeted protection against known exploit paths. These runtime controls can block malicious activity without requiring an immediate patch or system reboot, helping organizations reduce risk while preserving operational continuity.

Cisco states that together these controls provide immediate defense without requiring a device reboot, maintaining mission-critical uptime while buying time for traditional patch windows. This is not a replacement for patching. It is a recognition that patching alone is no longer a sufficient operating model.

Securing the Non-Human Identity: Duo and the Intended Astrix Acquisition

As digital co-workers proliferate, Cisco is evolving from traditional access control, which verifies entry, to what it calls “action control,” which verifies every move. This shift is critical because agents possess intelligence but do not always have full context.

Astrix, when acquired, will help manage the explosion of agentic non-human identities. It will give Cisco a stronger foundation for discovery and lifecycle management across machines, services, applications, integrations, and agents.

This is one of the most critical security problems in the agentic era. Agents will need access to tools, APIs, data repositories, SaaS applications, and cloud services. But giving autonomous systems standing credentials, broad permissions, or reusable secrets creates obvious risk. If an agent can be manipulated, its credentials can become the attacker’s credentials.

Cisco’s Duo Agent Security, introduced earlier this year, reimagines trust through what the company says is a vault-injected credential model. In this model:

• Agents never touch or hold long-lived tokens or API keys. Credentials remain in a secure Cisco vault and are injected server-side only at the moment of an authorized action.

• Permission is separated from possession. An agent may be authorized to act, but it does not receive a reusable key or token. That limits what an attacker can steal if the agent is manipulated.

• Least privilege is enforced at the action level. Credentials are injected only for approved resources, methods, or paths, rather than giving the agent broad standing access.

• Agent trust is tied to identity, authorization, and real-time risk. Cisco’s approach treats AI agents as autonomous non-human identities, but ties them to human accountability, lifecycle governance, and behavior-based controls.

This is where Cisco’s agentic security story becomes particularly salient. Identity security has historically focused on humans, devices, service accounts, and privileged users. Agentic AI expands that problem by introducing autonomous actors that can reason, call tools, and move across systems. The enterprise will need to know not only who or what an agent is, but whether each action is appropriate in context.

Data Fabric and Observability: Solving the “Tokenomics” Problem

To defend at machine speed, the SOC requires a data fabric that can correlate signals from across the enterprise at scale. Cisco’s answer is the Cisco Data Fabric, powered by Splunk.

While traditional observability focuses on CPUs, packets, logs, and application performance, Cisco’s acquisition of Galileo extends the story into agent behavior. That includes detecting drift, hallucinations, misalignment with user intent, and abnormal consumption patterns.

This observability hopes to be the cure for the “tokenomics” nightmare. An agent drifting from its guardrails can consume an entire year’s token budget in a single week, turning a $50 task into a $40,000 liability. Cisco provides the tooling to monitor these consumption patterns and intercept rogue agents before financial damage occurs.

The security point is broader than cost control. Token consumption is a signal. Tool calls are signals. API activity is a signal. Agent drift is a signal. Excessive data retrieval is a signal. Unusual privilege use is a signal.

In an agentic environment, the SOC will need to correlate security, identity, infrastructure, and economic signals in near real time. That is why Splunk matters to the Cisco story. Without a data layer capable of making sense of high-volume telemetry, machine-speed defense becomes more aspiration than architecture.

Operations Reimagined: Cisco Cloud Control

To bring this all together, Cisco is unifying its portfolio under Cisco Cloud Control, a management platform that provides “simplicity without losing sophistication.” For the first time — at least within Cisco, if not more broadly — networking, security, compute, observability and collaboration are managed from a single interface, representing the culmination of years of platform integration.

Key features of this unified platform include:

• Cross-domain telemetry: Correlating network configuration issues with security events automatically.

• Trusted agents: Built-in Cisco agents to assist with troubleshooting and core-to-edge fabric configuration.

• Open marketplace: Cisco has launched with 52 partners building integrated applications, positioning Cloud Control as an ecosystem rather than a walled garden.

This matters because agentic AI will increase operational complexity faster than most teams can add staff. Enterprises will need centralized policy, distributed enforcement, trusted automation, and a way to see across domains without forcing every workflow into a single product silo.

Cisco Cloud Control is the operational expression of Cisco’s larger thesis: AI-era infrastructure must be managed as a system. Networking, security, compute, observability, and identity cannot remain separate operational lanes if agents are moving across all of them.

The New Cisco

Cisco is much closer to a unified platform company than it was several years ago, but the transformation is still a work in progress. The combination of Silicon One, Splunk, Duo, Isovalent, Galileo, Astrix (when and if it closes), and its broader networking and security portfolio gives Cisco a credible foundation for the AI infrastructure and security era. The question now is execution: whether Cisco can integrate these assets into an operating model that is simple enough for customers to adopt, differentiated enough to matter, and secure enough for the agentic workloads Cisco believes are coming.

That is the bet. If agentic AI drives more traffic, more non-human identities, and increases autonomous actions, token consumption, and drives greater operational complexity, Cisco is well positioned on paper. It has the assets across the layers that matter: silicon, networking, identity, security, observability, data, and agent governance.

If Cisco can turn those assets into a coherent customer experience, the bet can be realized.