Eighty-five % of enterprises are working AI agent pilots, however solely 5% have moved these brokers into manufacturing. In an unique interview at RSA Conference 2026, Cisco President and Chief Product Officer Jeetu Patel stated that the hole comes down to one factor: belief — and that closing it separates market dominance from chapter. He additionally disclosed a mandate that may reshape Cisco’s 90,000-person engineering group.
The issue is not rogue brokers. The issue is the absence of a belief structure.
The belief deficit behind a 5% manufacturing price
A recent Cisco survey of main enterprise clients discovered that 85% have AI agent pilot packages underway. Solely 5% moved these brokers into manufacturing. That 80-point hole defines the safety drawback the complete business is making an attempt to shut. It is not closing.
“The largest obstacle to scaled adoption in enterprises for business-critical duties is establishing a adequate quantity of belief,” Patel instructed VentureBeat. “Delegating versus trusted delegating of duties to brokers. The distinction between these two, one leads to chapter and the different leads to market dominance.”
He in contrast brokers to youngsters. “They’re supremely clever, however they haven’t any worry of consequence. They’re fairly immature. And they are often simply sidetracked or influenced,” Patel stated. “What you may have to do is just be sure you have guardrails round them and also you want some parenting on the brokers.”
The comparability carries weight as a result of it captures the exact failure mode safety groups face. Three years in the past, a chatbot that gave the improper reply was a humiliation. An agent that takes the improper motion can set off an irreversible consequence. Patel pointed to a case he cited in his keynote the place an AI coding agent deleted a reside manufacturing database throughout a code freeze, tried to cowl its tracks with faux information, after which apologized. “An apology is not a guardrail,” Patel stated in his keynote blog. The shift from information threat to motion threat is the core motive the pilot-to-production hole persists.
Protection Claw and the open-source velocity play with Nvidia
Cisco’s response to the belief deficit at RSAC 2026 spanned three classes: defending brokers from the world, defending the world from brokers, and detecting and responding at machine velocity. The product announcements included AI Protection Explorer Version (a free, self-service pink teaming device), the Agent Runtime SDK for embedding coverage enforcement into agent workflows at construct time, and the LLM Safety Leaderboard for evaluating mannequin resilience towards adversarial assaults.
The open-source technique moved sooner than any of these. Nvidia launched OpenShell, a safe container for open-source agent frameworks, at GTC the week before RSAC. Cisco packaged its Abilities Scanner, MCP Scanner, AI Invoice of Supplies device, and CodeGuard right into a single open-source framework known as Defense Claw and hooked it into OpenShell inside 48 hours.
“Each single time you really activate an agent in an Open Shell container, now you can routinely instantiate all the safety providers that now we have constructed via Protection Claw,” Patel instructed VentureBeat. The mixing means safety enforcement prompts at container launch with out handbook configuration. That velocity issues as a result of the various is asking builders to bolt on safety after the agent is already working.
That 48-hour turnaround was not an anomaly. Patel stated a number of of the Protection Claw capabilities Cisco launched have been inbuilt per week. “You could not have constructed it in longer than per week as a result of Open Shell got here out final week,” he stated.
A six-to-nine-month product lead and an information asymmetry on prime of it
Patel made a aggressive declare price analyzing. “Product clever, we may be six to 9 months forward of most of the market,” he instructed VentureBeat. He added a second layer: “We even have an uneven information benefit of, I might say, three to six months on everybody as a result of, you recognize, we, by advantage of being in the ecosystem with all the mannequin corporations. We’re seeing what’s coming down the pipe.” The 48-hour Protection Claw dash helps the velocity declare, although the lead margin is Cisco’s personal characterization; no impartial benchmarks have been offered.
Cisco additionally prolonged zero belief to the agentic workforce via new Duo IAM and Secure Access capabilities, giving each agent time-bound, task-specific permissions. On the SOC aspect, Splunk introduced Publicity Analytics for steady threat scoring, Detection Studio for streamlined detection engineering, and Federated Seek for investigating throughout distributed information environments.
The zero-human-code engineering mandate
AI Protection, the product Cisco launched a yr before RSAC 2026, is now 100% constructed with AI. Zero strains of human-written code. By the finish of 2026, half a dozen Cisco merchandise will attain the identical milestone. By the finish of calendar yr 2027, Patel’s objective is 70% of Cisco’s merchandise constructed completely by AI.
“Simply course of that for a second and go: a $60 billion firm is gonna have 70% of the merchandise that are gonna haven’t any human strains of code,” Patel instructed VentureBeat. “The idea of a legacy firm not exists.”
He linked that mandate to a cultural shift inside the engineering group. “There’s gonna be two varieties of individuals: ones that code with AI and ones that do not work at Cisco,” Patel stated. That was not debated. “Altering 30,000 folks to change the manner that they work at the very core of what they do in engineering can not occur for those who simply make it a democratic course of. It has to be one thing that is pushed from the prime down.”
5 moats for the agentic period, and what CISOs can verify right this moment
Patel laid out 5 strategic benefits that may separate profitable enterprises from failing ones. VentureBeat mapped every moat towards actions safety groups can start verifying right this moment.
|
Moat |
Patel’s declare |
What CISOs can verify right this moment |
What to validate subsequent |
|
Sustained velocity |
“Working with excessive ranges of obsession for velocity for a sturdy size of time” creates compounding worth |
Measure deployment velocity from pilot to manufacturing. Monitor how lengthy agent governance evaluations take. |
Pair velocity metrics with telemetry protection. Quick deployment with out observability creates blind acceleration. |
|
Belief and delegation |
Trusted delegation separates market dominance from chapter |
Audit delegation chains. Flag agent-to-agent handoffs with no human approval. |
Agent-to-agent belief verification is the subsequent primitive the business wants. OAuth, SAML, and MCP do not but cowl it. |
|
Token effectivity |
Larger output per token creates a strategic benefit |
Monitor token consumption per workflow. Benchmark cost-per-action throughout agent deployments. |
Token effectivity metrics exist. Token safety metrics (what the token accessed, what it modified) are the subsequent construct. |
|
Human judgment |
“Simply because you may code it doesn’t suggest you must.” |
Monitor choice factors the place brokers defer to people vs. act autonomously. |
Spend money on logging that distinguishes agent-initiated from human-initiated actions. Most configurations can not but. |
|
AI dexterity |
“10x to 20x to 50x productiveness differential” between AI-fluent and non-fluent staff |
Measure the adoption charges of AI coding instruments throughout safety engineering groups. |
Pair dexterity coaching with governance coaching. One with out the different compounds the threat. |
The telemetry layer the business is nonetheless constructing
Patel’s framework operates at the identification and coverage layer. The subsequent layer down, telemetry, is the place the verification occurs. “It appears indistinguishable if an agent runs your net browser versus for those who run your browser,” CrowdStrike CTO Elia Zaitsev instructed VentureBeat in an unique interview at RSAC 2026. Distinguishing the two requires strolling the course of tree, tracing whether or not Chrome was launched by a human from the desktop or spawned by an agent in the background. Most enterprise logging configurations can not make that distinction but.
A CEO’s AI agent rewrote the firm’s safety coverage. Not as a result of it was compromised. As a result of it needed to repair an issue, lacked permissions, and eliminated the restriction itself. Each identification verify handed. CrowdStrike CEO George Kurtz disclosed that incident and a second one at his RSAC keynote, each at Fortune 50 corporations. In the second, a 100-agent Slack swarm delegated a code repair between brokers with out human approval.
Each incidents have been caught by chance
Etay Maor, VP of Risk Intelligence at Cato Networks, instructed VentureBeat in a separate unique interview at RSAC 2026 that enterprises deserted fundamental safety rules when deploying brokers. Maor ran a reside Censys scan throughout the interview and counted almost 500,000 internet-facing agent framework cases. The week before: 230,000. Doubling in seven days.
Patel acknowledged the delegation threat in the interview. “The agent takes the improper motion and worse but, a few of these actions may be important actions that are not reversible,” he stated. Cisco’s Duo IAM and MCP gateway implement coverage at the identification layer. Zaitsev’s work operates at the kinetic layer: monitoring what the agent did after the identification verify handed. Safety groups want each. Identification with out telemetry is a locked door with no digital camera. Telemetry with out identification is footage with no suspect.
Token era as the forex for nationwide competitiveness
Patel sees the infrastructure layer as decisive. “Each nation and each firm in the world is gonna wanna ensure that they’ll generate their very own tokens,” he instructed VentureBeat. “Token era turns into the forex for achievement in the future.” Cisco’s play is to present the most safe and environment friendly know-how for producing tokens at scale, with Nvidia supplying the GPU layer. The 48-hour Protection Claw integration demonstrated what that partnership produces underneath strain.
Safety director motion plan
VentureBeat recognized 5 steps safety groups can take to start constructing towards Patel’s framework right this moment:
-
Audit the pilot-to-production hole. Cisco’s personal survey discovered 85% of enterprises piloting, 5% in manufacturing. Mapping the particular belief deficits retaining brokers caught is the place to begin — the reply is hardly ever the know-how. Governance, identification, and delegation controls are what’s lacking. Patel’s trusted delegation framework is designed to shut that hole.
-
Take a look at Defense Claw and AI Defense Explorer Edition. Each are free. Purple-team your agent workflows before they attain manufacturing. Take a look at the workflow, not simply the mannequin.
-
Map delegation chains end-to-end. Flag each agent-to-agent handoff with no human approval. This is the “parenting” Patel described. No product absolutely automates it but. Do it manually, each week.
-
Set up agent behavioral baselines. Earlier than any agent reaches manufacturing, outline what regular appears like: API name patterns, information entry frequency, techniques touched, and hours of exercise. With out a baseline, the observability that Patel’s moats require has nothing to evaluate towards.
-
Shut the telemetry hole in your logging configuration. Confirm that your SIEM can distinguish agent-initiated actions from human-initiated actions. If it can not, the identification layer alone will not catch the incidents Kurtz described at RSAC. Patel constructed the identification layer. The telemetry layer completes it.
Disclaimer: This article is sourced from external platforms. OverBeta has not independently verified the information. Readers are advised to verify details before relying on them.
