Cisco and NVIDIA Redefine AI Security with BlueField DPUs and Hybrid Mesh Firewall

Cisco secures AI infrastructure with NVIDIA BlueField DPUs

AI is reshaping how we process data, solve complex problems, and deliver digital experiences. But your AI environment is only as secure as the infrastructure it runs on -- and attackers know exactly where to look for weaknesses. As you scale AI workloads closer to end users, agents, and machines, a critical challenge emerges: you must maximize GPU and CPU utilization while also defending against sophisticated, fast-moving threats. Traditional security models struggle in these environments. Centralized firewall appliances can become traffic choke points that don't scale to AI-level throughput. Host-based software agents can also tax CPU resources you need for AI processing -- and, in some cases, introduce operational risk in multi-tenant environments. To address this, Cisco and NVIDIA are partnering to redefine AI security. By extending Cisco Hybrid Mesh Firewall to NVIDIA BlueField data processing units (DPUs), Cisco brings stateful segmentation directly into AI servers connected to Cisco Nexus One AI front-end fabrics. The result is a robust, hardware-accelerated, server-level security architecture that helps stop threats before they reach your data -- maximizing protection with no performance tradeoff. With Cisco Hybrid Mesh Firewall, you can define policy once and enforce it everywhere. This unified security model spans physical and virtual firewalls, cloud environments, and now the DPUs inside your AI servers. In AI infrastructure, the most important security boundary is the front-end network, where users submit inference and training requests, storage systems exchange datasets and checkpoints, and multi-tenant workloads often share the same servers. Because external traffic enters here, it's the zone where inspection and isolation matter most. Front-end traffic typically falls into two primary flows: In AI environments, you can't assume only "some" traffic needs inspection. Nearly all of it does, and multi-tenancy demands strict segmentation. That requires segmentation that can operate at full line rate across the front-end fabric. Traditional centralized firewall appliances break this model. Hair-pinning traffic to an external firewall increases latency and creates bandwidth bottlenecks, effectively a choke point for the entire cluster. A better model is server-level enforcement using DPUs. By running the firewall on an NVIDIA BlueField DPU -- not the host CPU -- you reduce the risk of tenant tampering and preserve CPU/GPU cycles for AI workloads. Cisco is redefining AI workload protection by enforcing unified security policy using Hybrid Mesh Firewall on AI servers with NVIDIA BlueField DPUs. This enables: Cisco Nexus One simplifies how network policy is built, deployed, and kept aligned with workload identity and context. On each AI server, it discovers Kubernetes workload metadata and shares that context with Cisco Hybrid Mesh Firewall, which translates it into application-aware, stateful segmentation rules: -- Kevin Deierling, SVP of Networking, NVIDIA Cisco Nexus One takes these capabilities further by orchestrating complex network policies and maintaining end-to-end visibility with multisite implementations in AI front-end fabrics (as shown below). This simplifies operations, strengthens compliance enforcement, and provides a security framework that scales as AI environments grow. AI factories succeed when security keeps pace with AI-scale throughput. By running Cisco Hybrid Mesh Firewall on NVIDIA BlueField DPUs, we provide distributed, in-server enforcement with 400G line-rate stateful inspection and fine-grained, flow-level observability -- without consuming CPU and GPU resources. Paired with Cisco Nexus One for centralized network policy and visibility, organizations can scale multi-tenant AI infrastructure with confidence, secure from the inside out. Security is the first service delivered on the DPU. Next, we'll expand by adding more AI-centric network services running on DPUs. To try the solution during Controlled Availability in early Q3 CY26, please contact your Cisco account representative.

Accelerate enterprise AI with Cisco, Red Hat, and NVIDIA

On February 24, 2026, Red Hat announced a new collaboration with NVIDIA to provide a co-engineered software platform for AI factories. Building on this momentum, we are pleased to announce that Cisco Secure AI Factory with NVIDIA now has an expanded choice of tooling for AI practitioners to accelerate AI application delivery. This is enabled through the support for Red Hat AI Factory software. This combination of NVIDIA AI Enterprise and Red Hat AI Enterprise software helps simplify the development of next-generation agentic workloads by providing a single, integrated AI factory stack. Unlike other solutions that treat security as an afterthought, Cisco Secure AI Factory with NVIDIA provides a uniquely integrated, security-first foundation. By fusing security and observability directly into the network and every layer of the stack, we ensure that production-ready innovation is not just scalable but inherently protected from the core to the edge. Scaling these production-ready workloads from an initial pilot to a global enterprise rollout requires a foundation of high-performing, resilient infrastructure. Cisco Secure AI Factory with NVIDIA provides this essential platform, ensuring that every component (from Cisco accelerated compute and networking to security and observability, to the Red Hat and NVIDIA AI software) operates with the reliability and speed necessary for production-grade AI. By providing this industrial-scale solution, we enable organizations to move beyond experimentation and confidently scale their AI initiatives across the enterprise. So how do you transform from AI experimentation to becoming a genuinely "AI-fueled" enterprise? It starts with your infrastructure. Cisco brings the high-performance networking fabric, accelerated compute nodes, and integrated security architecture you need to handle the massive data throughput of modern AI clusters. Our leadership stems from deep, strategic engineering alignment with Red Hat and NVIDIA, ensuring that Cisco UCS and Nexus infrastructure work seamlessly with the Red Hat AI Factory with NVIDIA software stack. By supporting Red Hat AI Factory software as an option, we have expanded customer choice of AI software in our streamlined solution with a co-engineered software platform for AI factories. Cisco Secure AI Factory with NVIDIA infrastructure comes pre-validated to run the industry's leading enterprise Linux and MLOps software, allowing IT teams to deploy with confidence and AI practitioners to start working immediately. This engineering alignment between Red Hat and NVIDIA tackles the most persistent roadblock to enterprise AI adoption: production delivery friction. For AI practitioners, this means moving beyond experimental silos and into a unified, high-performance environment. Red Hat AI Enterprise and NVIDIA AI Enterprise provide the software tools to manage the AI/ML lifecycle at scale. The new Red Hat Enterprise Linux (RHEL) for NVIDIA offers a specialized, validated operating foundation, and the true value is realized by Cisco, Red Hat, and NVIDIA coming together to accelerate enterprise AI with Cisco Secure AI Factory with NVIDIA. By upstreaming proprietary drivers and GPU operators directly into the RHEL ecosystem, Red Hat and NVIDIA have eliminated the need for manual remediation. For Cisco customers, this software-level integration finds its perfect home on Cisco AI PODs. Our engineering ensures that these AI clusters can be deployed, governed, and operated with the same rigor, security, and predictability as your core enterprise IT platforms. When you layer this co-engineered software stack onto Cisco unified compute and high-performance networking fabric, the "infrastructure tax" disappears. With Cisco Intersight providing intelligent, cloud-based management, IT teams can simplify operations across data center and edge environments, ensuring consistent performance regardless of location. This allows data scientists to stop troubleshooting driver versions or interconnect bottlenecks and start focusing on model accuracy and business impact. With the Cisco Secure AI Factory with NVIDIA, we aren't just giving you the tools to build AI; we're providing the industrial-grade foundation to run it with confidence. While operational stability lays the groundwork, you also need to overcome the complexity that often stalls deployment speed. In today's market, speed is a competitive necessity. Red Hat simplifies software acquisition and deployment through a new, streamlined licensing model. By combining Red Hat AI Enterprise with NVIDIA AI Enterprise (available through Cisco) in a unified AI Factory software platform, Red Hat and NVIDIA have made high-end MLOps economically accessible. This unified procurement through Cisco further simplifies the path to production by providing a single point of contact for both your infrastructure and the AI software stack. What's more, Cisco customers gain instant access to pre-configured models, including the IBM Granite family and NVIDIA Nemotron, delivered as NVIDIA NIM microservices. With Red Hat AI Factory software now supported by Cisco, AI practitioners can skip the complicated setup phase and jump straight to fine-tuning and inference, significantly reducing time to value for next-generation physical and agentic AI applications. As you accelerate these deployments, where you run your workloads becomes a critical strategic decision. Does your AI strategy require the scale of the public cloud, the security of an on-premises data center, or the low latency of the edge? With Cisco support for Red Hat AI Factory software, the answer is "all of the above." Powered by Red Hat OpenShift Container Platform, this solution provides a consistent operational model across core to the edge. Cisco customers can build and train models on-premises on AI PODs, which form the infrastructure foundation of Cisco Secure AI Factory with NVIDIA, while maintaining the flexibility to deploy those models anywhere. This ensures you maintain full architectural control over your data and models, regardless of where the physical hardware resides. Maintaining this architectural flexibility across the hybrid cloud requires simultaneous focus on the non-negotiable requirements of enterprise-grade security and performance. At its core, security cannot be an afterthought. Siloed tools and fragmented enforcement leave gaps, exposing AI environments to threats like model poisoning, prompt injection, and data exfiltration. Cisco Secure AI Factory with NVIDIA is built differently; security is engineered into every layer of the stack consistently from core to edge. Cisco AI Defense, integrated with NVIDIA AI, protects AI models and applications from development to runtime -- ensuring every inference is trusted and safeguarded against prompt injection, harmful output, and data privacy risks. Cisco Isovalent delivers runtime security for containerized AI workloads on Kubernetes, preventing lateral movement through identity-based, kernel-level enforcement using eBPF technology, without impacting performance. This security extends to the infrastructure, with consistent policy enforcement through Cisco Hybrid Mesh Firewall and Cisco Security Cloud Control, while Cisco Splunk Enterprise Security provides built-in threat detection and response. This is security engineered into the AI Factory, not bolted on. Complementing this is Splunk Observability Cloud's Observability for AI, which delivers unified visibility across the Secure AI Factory with NVIDIA to monitor performance, quality, security, and cost. With AI Infrastructure Monitoring, teams gain real-time insights into the health, availability, and resource utilization (e.g., GPU, power, network, nodes) of Cisco AI PODs, ensuring cost attribution and optimization. AI Agent Monitoring tracks LLM and agentic applications for hallucinations, biases, and semantic quality, while detecting AI privacy risks through integration with Cisco AI Defense. These real-time insights empower proactive root cause analysis and rapid issue resolution to improve the efficiency, reliability, and security of the entire AI stack. By combining the robust infrastructure from Cisco with the innovative AI software stacks from Red Hat and NVIDIA, we're turning the promise of AI into a mission-critical reality for every enterprise. This lets you accelerate the delivery of trusted agentic and physical AI applications with scalable, high-performance, and secure infrastructure. Contact your Cisco account representative today to schedule a strategy session on Cisco Secure AI Factory with NVIDIA. Together, we can assess your infrastructure readiness and chart a path toward industrial-scale AI production.

Beyond the plumbing: How Cisco and Nvidia are industrializing the 'token economy' - SiliconANGLE

Beyond the plumbing: How Cisco and Nvidia are industrializing the 'token economy' The initial phase of the artificial intelligence gold rush was defined by "The Build." Hyperscalers and model builders raced to secure every available Nvidia Corp. H100 GPU, constructing massive, centralized cathedrals of compute. But as the industry descends from the peak of inflated expectations toward real-world utility, the conversation is shifting. AI is moving from the lab to the factory floor, the retail aisle and the telco edge. At Nvidia's annual GTC today in San Jose, Cisco Systems Inc. laid out its blueprint for this transition. Cisco's message is for AI to work in the enterprise, it requires more than just raw GPU power. It needs a "Secure AI Factory" -- a full-stack, validated architecture that treats AI not as a science project, but as a high-value production line. For decades, Cisco's role in the data center was to provide the "plumbing" -- the reliable, invisible pipes that moved data from point A to point B. But in an analyst briefing, Kevin Wollenweber, Cisco's senior vice president and general manager of data center and internet infrastructure, explained Cisco's role has fundamentally changed. "The network has gone from just plumbing and infrastructure to really a critical component to what enables these models to learn and think," he said. "Whether it's connecting GPUs in a massive network efficiently to allow training workloads to run across tens of thousands of GPUs, or as we pivot more into inference, it's about how we actually get low latency and high bandwidth access to storage." This shift is critical for Cisco and Nvidia customers alike. As workloads move from training (learning) to inference (doing), the bottleneck isn't just the processor; it's the ability to feed that processor data at the speed of thought. By integrating Nvidia's Spectrum-X Ethernet platform with Cisco's UCS compute and Nexus management, the two companies are attempting to standardize and simplify the AI stack. This is similar to the approach Cisco took with private cloud when it entered into a joint venture with VMware and EMC, and "VCE" created a turnkey, engineered solution for cloud. Perhaps the most significant point mentioned in the briefing was the focus on "tokenomics." In the enterprise, the value of AI is increasingly measured by the cost and speed of the output -- the tokens. Wollenweber argued that the competitive moat for modern businesses will be built on how efficiently they can generate these tokens. "The competitiveness for a lot of our customers is going to be around: how do we drive efficient token generation?" Wollenweber explained. "You're going to have OpEx and engineering resources, but you have to look at actually how you can either leverage tokens efficiently or generate tokens efficiently to be able to grow in this ecosystem." This is why Cisco is pushing the "AI factory" concept. If an enterprise tries to "DIY" their AI infrastructure, they face a "complexity tax" that drains token efficiency. By providing a validated "Secure AI Factory" stack, Cisco and Nvidia are offering a way to bypass the architectural heavy lifting, allowing customers to focus on the workloads that drive return on investment. The briefing also touched on a massive looming shift in AI architecture: the move from human-led prompts to agentic AI. We are moving into an era where autonomous agents communicate with other agents to execute complex workflows. Wollenweber shared how this is already changing his own work habits: "I think the agentic era that we're in is going to drive a lot more of that [on-premises demand] than people probably realized. I go into a meeting, a closed-laptop type of meeting with my executive team, and I make sure I kick off six agents before I leave to go generate work and do work for me while I'm sitting in a meeting." This "agentic" workflow creates a massive security headache. How do you secure a conversation between two autonomous agents? Cisco's answer is to fuse security into the fabric itself. By extending their Hybrid Mesh Firewall into the Nvidia BlueField Data Processing Unit ecosystem, Cisco is placing a security guard at every single GPU entrance. The implication for customers is to greatly simplify threat protection: security is no longer a "bolt-on" that adds latency; it is an offloaded process that happens on the DPU, ensuring that the "security tax" doesn't slow down the "token generation." One of the most ambitious parts of its GTC announcement is the expansion into the telco edge. Through a partnership with AT&T, Cisco is taking these AI factory concepts and pushing them into the mobility network. The goal is to solve the "Mobile Edge Compute Hangover." For years, telcos built edge compute sites that struggled to find a clear revenue stream. Wollenweber believes distributed inferencing -- running AI tasks such as video analytics or real-time sensor processing close to the source -- is the "killer app" the edge has been waiting for. By bringing Nvidia RTX Pro GPUs into the Cisco UCS edge portfolio, they are enabling what Wollenweber calls "distributed intelligence." This isn't just about big H100 clusters; it's about putting the right amount of compute in the right place to make a decision in milliseconds. This could solve the age-old problem of how telcos can make more money. Historically, they spend more and often the new technology reduces costs but rarely generates more revenue. The telcos have a great opportunity to offer the network and the token generation and reverse the declining revenue curve that has plagued them of years. Finally, the briefing addressed the elephant in the room: the staggering cost and rapid obsolescence of AI hardware. For a chief financial officer, spending tens of millions on GPUs is terrifying when the next generation is always six months away. Cisco is countering this fear with a focus on "Time to First Intelligence." Through new service offerings, Cisco is aiming to get massive clusters up and running in days rather than months. "We all know that this equipment has a very, very short half-life," Wollenweber noted. "The longer it sits on the shelf, the less value you get out of it before next generations are released. The faster we can get things up and running and generating tokens, the better it is for customers." In one Asia-Pacific deployment, Cisco managed to get a 1,000-GPU cluster fully validated and running workloads in less than a week. This operational speed is the true value proposition of the Cisco-Nvidia partnership. It's not just about the silicon; it's about the "velocity of AI." For information technology leaders, the takeaway from Cisco's GTC announcements is that the era of AI experimentation is closing, and the era of AI industrialization is beginning. Cisco is no longer content to be the plumber. By integrating Nvidia's accelerated computing with its own security, networking and observability tools, including Splunk, Cisco is positioning itself as the operating system for the AI factory. As Wollenweber concluded, the goal is simple: "Enable our customers to build everything end-to-end required: to manage, monitor and react to anything that we see." For the enterprise, the "Secure AI Factory" isn't just a new product -- it's the infrastructure required to capitalize on the token-driven economy.

Rebuilding The Foundation: Why AI Infrastructure Needs To Change

As AI workloads shift from experimental to mission-critical, unexpected challenges test the assumptions underlying our networks, storage architectures, and security models. After nearly two decades of observing infrastructure evolution, I believe this moment is fundamentally different. We are not optimizing existing paradigms; we are rebuilding them. Modern AI training clusters require significant bandwidth. Training advanced models may involve tens or hundreds of thousands of GPUs exchanging data at speeds unimaginable just two years ago. Some clusters now exceed hundreds of petabits per second in total bandwidth, pushing traditional pluggable optics to their physical limits. The industry is quickly adopting 102.4Tbps silicon as the standard for large-scale AI factories. The main bottleneck is no longer just how much compute power we have, but how fast data can move between chips, nodes, and memory. With 102.4Tbps, new networking silicon finally provides enough bandwidth to keep GPUs working at full capacity, reducing idle time and improving efficiency for hyperscalers and neoclouds. Whether through high-radix switching, advanced NICs, or co-packaged optics, 102.4Tbps is now the minimum needed for competitive AI clusters. It's the new baseline. As link speeds reach 800G, 1.6T, and beyond, the power needed for separate optical modules and electrical losses from the switch chip to the front panel create inefficiencies that are difficult to manage at scale. Linear-drive Pluggable Optics (LPO) is becoming more important. By removing the digital signal processor (DSP) typically found in optical transceivers, LPO allows the host chip to connect directly to the optical module. This can cut power use by up to 50% per link and also lower latency and costs. For large operators building 800G and 1.6T connections to meet AI's bandwidth needs, LPO is quickly becoming a core part of their systems. Co-Packaged Optics (CPO) brings an even bigger shift in network design. By putting optical engines directly onto the switch package, CPO removes the electrical losses that limit bandwidth and efficiency. This leads to 30-40% less power use at the same speeds, better signal quality at higher data rates, and more ports than pluggable designs can offer. CPO also expands network design possibilities. With sufficient connections, it can link clusters of 512 GPUs in a single layer or reduce larger setups from three layers to two. This eliminates extra switches, reduces latency, and simplifies the network. Transitioning to CPO will take time and require new approaches to maintenance, cooling, and supply chain management. However, for large-scale AI, co-packaged optics are now essential. AI networking has gone through several stages. Scale-up meant closely linking GPUs within a single system, using NVLink to treat an entire rack as a single computer. Scale-out took this further, using InfiniBand and Ethernet to connect thousands of GPUs across a data center, enabling today's large clusters. We are reaching the practical limits of scale-out. The largest training runs are now limited not by compute availability, but by the challenge of aggregating sufficient resources in a single location with adequate power, cooling, and network capacity. The next phase focuses on connecting clusters rather than simply building larger ones. Scale-across treats compute resources across different locations as a single shared pool. This challenges old assumptions. Traditional distributed training assumes the same latency everywhere, but spreading across cities or continents introduces latency differences that disrupt standard operations. To meet these new needs, we need large, secure routers with deep buffers that match the bandwidth and efficiency of switching chips. Routing and switching must be combined into a single solution. Data centers that do not adapt to these AI traffic changes risk performance problems and bottlenecks that could slow down AI work and growth. New solutions are also appearing. Smart aggregation algorithms now take the network's layout into account and optimize for it. Tasks are split so GPUs can keep working while data moves between distant sites, reducing latency. Systems learn to handle small delays in syncing, rather than requiring perfect timing. The network's job is shifting from just providing fast, equal connections to smartly routing traffic across different types of paths. Networks must now do more than provide speed; they need to understand their structure and make informed decisions about traffic routing. The control system is as important as the data system. Monitoring and observation are now essential components of network design. Organizations that master scale-across will have access to computing power that single-cluster competitors cannot match. Most discussions about AI infrastructure focus on compute and networking, with storage often coming up later. This is an oversight. AI storage requirements stress traditional architectures in unexpected ways. Training workloads combine sequential, read-heavy ingestion across petabytes of images, text, video, and multimodal content with frequent checkpoint writes/reads that can saturate storage fabrics during failure recovery. Inference demands rapid access to model weights, and KV caches with strict latency SLAs -- and as context windows grow, KV cache updates add sustained write pressure. Storage has become a performance bottleneck, not just a capacity planning exercise. When ingestion starves GPUs of data, when checkpoint bursts block training progress, or when KV cache latency delays token generation, accelerator cycles go idle. The economics are unforgiving: idle GPUs cost the same as busy ones. In response, there has been a wave of new storage designs: distributed file systems built for AI, smart tiering that keeps active data on NVMe and moves older data to cheaper storage, and special caching layers between compute and storage. Network and storage are also converging, with RDMA-based protocols bypassing the usual OS layers to cut latency from milliseconds to microseconds. The biggest change is that teams must design AI storage from the beginning, not added later. This requires teams working on training frameworks and storage to collaborate closely. It also means learning how different models use data and optimizing storage for those patterns. AI models are valuable. Training a leading model can cost hundreds of millions of dollars. The weights, which are billions of parameters that define what the model can do, are both important assets and possible security risks. Model theft, whether through network data exfiltration or insider misuse, presents risks that most security systems were not designed to address. The need for training clusters to transfer large volumes of data requires fast, accessible connections, which can increase vulnerability. Multi-tenant inference must maintain customer separation while delivering required performance for shared systems. Security systems are changing to meet AI's needs. They now include hardware-based trust from the accelerator up through the software, confidential computing that protects weights even from system operators, and network segmentation that separates real training traffic from possible data theft. As AI systems grow to thousands of GPUs, securing the front-end network for control, storage, and management becomes a major challenge. Modern SmartNICs and Data Processing Units (DPUs) help by handling firewall tasks directly on the card, freeing the main CPU. A DPU keeps track of each connection in its own memory and enforces network rules like IP filtering, session tracking, rate limiting, and protection against certain attacks, all at full speed and in a secure area separate from the main operating system. This hardware isolation makes DPUs a good fit for zero-trust security. As an industry, we are also building security systems for threats unique to AI. Attackers can create inputs that trick models into making mistakes. They can corrupt training data to weaken a model before it is used. They can also test a model's outputs to determine what private data it was trained on. These are not just theories -- they are real risks and active areas of research. Security for AI infrastructure is not just about meeting compliance rules. It is about protecting assets that may be worth more than the hardware they run on. The Path Forward Leading organizations are making infrastructure investments that reflect these realities. They are not only acquiring GPUs, but also building efficient connectivity, robust storage systems, and security architectures to protect the value they generate. Decisions made in the coming years will determine which organizations can train and deploy the next generation of AI systems, and which will depend on external infrastructure. For those building infrastructures, this is an exciting time. We are not simply maintaining legacy systems; we are establishing the foundations for the future.