Cisco Unveils AI-Centric Security Solutions to Combat Rogue AI Agents and Enhance Network Protection

How Cisco plans to stop rogue AI agent attacks inside your network

Defensive strategies have always been vulnerable to technological innovation. Back in the day, big thick fortress walls were the state of the art, until attackers learned how to hurl objects over the walls and later fly over and drop munitions. Hand-coded messages encrypted with complex ciphers were once thought to be unbreakable, until fast computing power and decryption algorithms made all but the most robust codes ineffective. And now, we have AI. Elements like network security based on firewalls, intrusion detection, segmentation, and access control are suddenly vulnerable not just to malware but to intelligent agents operating within the virtual walls of the network. Also: How AI coding agents could destroy open source software The network security risk now comes from AIs launched by enemy actors and disgruntled insiders, and AI agents breaking loose from their instructions due to a misunderstanding or hallucination and running amok among fields of data. AIs can increase the velocity and variety of malicious attacks, while also reducing the cost to the attackers. They are force multipliers of exponential ferocity. And yet, responsibility for defense still rests with a limited number of overworked IT workers simply trying to keep up with their never-ending to-do list. Now, Cisco, the scion of network protection infrastructure in the pre-AI era, is expanding its defensive capabilities by announcing a new suite of AI-centric defensive solutions. Let's find out more. Zero trust is a cybersecurity term that describes a method by which no network entity is guaranteed access to another network entity without validation. If the network were a house, every room you'd go into would have a lock. Opening one lock wouldn't mean all the other doors would get unlocked. In fact, if you unlock a room, enter, and then leave, you'll have to unlock the room to regain entrance. Also: How AI agents help hackers steal your confidential data - and what to do about it This approach is zero trust. It is a way to prevent unfettered access and movement throughout a network, working on the assumption that just because a network entity passed one trust test at one time doesn't mean the entity will continue to do so. This approach provides strong protection against malware that could corrupt a previously secure application or user. It also shows promise in protecting against AI agents that need access to network resources. Cisco's core approach is Universal ZTNA (for Zero Trust Network Access). This is a unified policy management approach that provides secure access for users, devices, and agents, regardless of network location. ZTNA also applies the zero-trust approach to unmanaged network components and IoT devices. Cisco is attempting to lock down user-to-application connections and interactions within the network. Management is provided using Cisco's Security Cloud Control, and the company reports "enhanced observability with AI-insights," which I assume means it's using AI to highlight important or worrisome issues in the network. Also: 96% of IT pros say AI agents are a security risk, but they're deploying them anyway Another aspect of Cisco's zero-trust defensive posture is what it calls Hybrid Mesh Firewall. This technology isn't a device, but an overall architecture designed to create a distributed security fabric that enables advanced threat protection, segmentation, and policy enforcement across various environments. Of course, there needs to be an identity management system at the core to respond to demands for verification if you, your applications, and your AI buddies are all being asked to present credentials at every step within a network. Cisco is launching Duo Identity and Access Management (IAM), which acts as an identity broker, providing both passwordless capabilities and a proximity verification capability on top of the existing identity infrastructure. If the name Duo seems familiar, that's because there has long been a Duo multi-factor authentication service used for secure web access, among other things. Cisco acquired Duo Security back in 2018 and has been using Duo as a branding artifact ever since. Firewalls are the core of network security, and Cisco is announcing two new firewall series, the Secure Firewall 6100 series and the Secure Firewall 200 Series. The Secure Firewall 6100 series is for what Cisco calls "AI-ready data centers." The real key to these units is network throughput capacity. They can handle up to 200 Gbps per rack unit. What this capability means is that you can pump lots of data through them, and they take up less rack space handling that tsunami of byte traffic. Also: Why AI-powered security tools are your secret weapon against tomorrow's attacks The Secure Firewall 200 series is aimed at distributed branches. The idea is that each box includes threat inspection and integrated support for SD-WAN (software-defined wide area networking). In other words, the boxes easily and smartly connect distributed locations, tying them together into one large virtual network, regardless of physical address. Beyond the new hardware, Cisco is expanding its related software offerings. The Cisco Security Cloud Control tool now has a Mesh Policy Engine. This allows IT teams to define a security policy that is enforced across Cisco firewalls and third-party firewalls, which is what caught my attention. In other words, you can have your Cisco security, even if you're not a 100% Cisco shop. Agentic AI is the next big area for Cisco. If you think about it, agentic AI is all about manifesting your worst security nightmares. You've got an intelligence running around, often making stuff up, ignoring directions, and generally going out of control, and it's inside your network. In some ways, I think of agentic AI on the same threat/benefit spectrum as nuclear technology. On the one hand, nuclear technology has brought amazing advances, and on the other hand, big concerns. Agentic AI may buy us benefits of a similar degree of awesome, but the price is the ticking time bomb that every single agent has the potential to become. Plus, of course, there's the threat of dedicated agents developed by enemy actors purposely causing mayhem. Also: AI agents bring big risks and rewards for daring early adopters, says Forrester As Cisco put it, "These AI agents autonomously access enterprise resources, make decisions, and act on behalf of users, necessitating robust safeguards." Ya think? I think Cisco's key theme is the Universal Zero Trust architecture. The idea is that if you have a complete end-to-end zero-trust environment, rogue processes won't be able to run rampant, and AI agents will also be limited in their scope of operations. Cisco is also adding features to enable comprehensive tracking of agent actions and automated agent discovery, and this capability is powered by the new IAM Cisco identity intelligence service discussed earlier. Just about a year ago, Cisco completed its $28 billion acquisition of Splunk. Splunk has long been a provider of data security, monitoring, and observability platforms, helping its customers understand what's happening on their networks. "Advancements between Cisco and Splunk strengthen interoperability across key security workflows," said Cisco in its announcement. "By unifying and enriching data across platforms, these enhancements help security teams respond faster, reduce manual effort, and extract greater value from their security operations." Essentially, Cisco's security data is now more interoperable with Splunk's analytics, and the environment gets more AI support. Cisco announced that Cisco Secure Firewall will be able to "unlock deeper insights within Splunk" by feeding data from the firewall into the analytics engine. Also: The hidden data crisis threatening your AI transformation plans The Cisco Cloud Security App for Splunk (Splunk supports security apps) will have greater support for Cisco Firepower Threat Defense. Combining that capability with telemetry from a wide range of Cisco products and services, tighter Splunk integrations will increase the speed of detection, particularly across hybrid environments. Splunk's security orchestration, automation, and response (SOAR) platform now adds actions specific to Cisco Secure Firewall. Playbooks, which are essentially automated policies, can automatically respond by isolating hosts or blocking traffic, improving mitigation speed during attacks. Additionally, data from Cisco's Secure Application solution, which helps protect applications at the runtime layer, can be fed into Splunk, meaning security teams can discover threats and identify areas of concern at the application layer. There's a classic old phrase, "Just because you're paranoid, doesn't mean nobody's out to get you." In the world of cybersecurity, especially in this new and challenging "AI era," some level of watchful paranoia is necessary. While the terminology from Cisco about what it's doing at the network level is fairly arcane outside of the world of enterprise computing, the bottom line is it's looking at better and more comprehensive ways to protect networks in an environment where there are more threats, more ferocious threats, and a new class of threat from intelligent actors, both those run amok and those targeted with malicious intent. What about you? Is your organization preparing for agentic AI? How are you approaching the security challenges it brings? Are you already using Cisco's firewalls or Duo tools? Do these new updates change how you think about your infrastructure? Have you integrated with Splunk or explored how Cisco's zero trust model fits your hybrid environment? Let us know in the comments below.

Cisco Secure Data Center, Nexus And Firewall Innovations Unveiled At Cisco Live 2025

As enterprises adopt agentic AI, data centers and infrastructure have to be secure and ready, according to Cisco. Here are the latest security innovations for the data center and branch that the tech giant unveiled at Cisco Live 2025. Agentic AI promises productivity gains that are largely net positive so it's important to remember that every agent is an attack surface, said Craig Connors, vice president and CTO of Cisco Systems' Infrastructure and Security Group. "We have to marry AI-ready infrastructure to support the productivity gains that these agents will provide with built-in security to secure the use of these agents to make sure that we're doing it safely. In our view, this is not two projects; this is one fabric," Connors said. Cisco, which has been building out its security profile in recent years, is on a mission to fuse zero-trust networking and AI operations all the way from the silicon in the chips that the company builds to the Security Operations Center, Connors said. Because of its focus on networking and security, Cisco is "uniquely positioned to enable organizations to deploy and protect AI at scale," he said. To that end, the San Jose, Calif.-based networking giant at Cisco Live 2025 unveiled a handful of security innovations for the data center and branch. Here are the latest AI security, secure data center and firewall offerings that Cisco partners should know about. A "long-awaited" feature for customers, the new unified fabric Experience with Nexus will let customers simplify network operations by converging ACI and NX-OS VXLAN EVPN fabrics with unified data, control, policy enforcement and management, all in one dashboard, Connors said. The Unified Nexus Dashboard consolidates services across LAN, SAN, IPFM, and AI/ML fabrics, the company said. Cisco will also add AI Assistant into the Nexus Dashboard to troubleshoot with natural language interaction and offer up intelligent recommendations. The Cisco AI Assistant in Nexus Dashboard will be available later this year. The unified fabric Experience with Nexus will be available in July 2025. Cisco is expanding its AI PODs, which are already flexible and scalable for diverse AI use cases, such as training, fine-tuning as well as other use cases that are happening in enterprise data centers. To do that, Cisco is continuing to work closely with Nvidia, Connors said. The Nvidia RTX 6000 Pro is now orderable with Cisco UCS C845A M8 servers. The companies together have pledged to continue to deliver validated solutions as part of the Cisco Secure AI Factory with Nvidia to ensure secure AI solutions, Cisco said. The speed of networking needed to keep up with AI workloads is a challenge to keep up with, Connors said. With that obstacle in mind, Cisco is releasing novel, 400G bidirectional (BiDi) optics, which lets customers easily transition to 400G networks while preserving their existing duplex multimode fiber infrastructure to keep costs reasonable, while also giving them infrastructure that can scale, Connors said. The new optics will be available in the second half of 2025. The data center improvements that Cisco is revealing at the event blend into its security strategy, Connors said. To that end, the company is introducing the Cisco Secure Firewall 6100 Series, which addresses complexity, cost and scalability, Cisco said. The modular scalable data center firewall offers the highest performance density for data center firewalling -- 200 Gbps per rack unit, and it can be managed from Cisco Security Cloud, Cisco said. "Not only does [Cisco] have the next-generation hardware for the data center at a firewall level but a way to tie the security policy for all of these pieces together seamlessly," Connors said. For the branch, Cisco is also rolling out the Cisco Secure Firewall 200 Series. This offering provides advanced on-box threat inspection and integrated SD-WAN for distributed branches at up to 3X the price-performance compared with Cisco's competition, Connors said.