My colleague, Sameh Boujelbene, has already covered one of the bigger Cisco Live takeaways: Cisco wants the AI discussion to move beyond the data center and into the broader enterprise network. I am not going to retell that story here. What interested me more, coming out of Cisco Live, were the security and operational implications of the same argument. In other words, what happens after the entire enterprise network is “AI-ready”?
Faster networks, better silicon, and more capable fabrics matter. They will clearly be part of the AI infrastructure buildout. But once AI spans campuses, branches, clouds, applications, users, devices, and agents, the constraint begins to shift. The harder questions become: what assets do I have, what is exposed, where should enforcement happen, how long can I safely wait to patch, and which AI-generated recommendation can I trust enough to act on?
That is where Cisco’s message became more interesting to me. The company is not only trying to sell AI-ready infrastructure. It is trying to make the case for runtime-resilient operations. That’s the right problem to target. It is also a much harder problem than simply adding AI features to existing products.
AI Readiness Quickly Becomes an Operating-Model Question
The AgenticOps discussions were where Cisco’s AI message started to feel less like a feature roadmap and more like an operating-model bet. Cisco is clearly trying to move customers from siloed infrastructure management to a more unified operating layer that brings together topology, telemetry, identity, policy, exposure data, user experience, and remediation.
The product names matter less than the architecture. Whether it’s Cisco Cloud Control, AI Canvas, Agentic Actions, Digital Twin, ThousandEyes, Splunk, Cisco IQ, or Live Protect, all point in the same direction: customers need better context before they can safely automate more of their infrastructure operations.
Cisco has a real advantage here. It has a large installed base across enterprise networking, security, observability, collaboration, and support. That does not automatically make Cisco the operating layer for the AI-era enterprise, but it does give the company a credible starting point. Few vendors can look across as many infrastructure domains and claim the same degree of embedded operational context.
I also think Cisco is being realistic, at least in how it talks about customer adoption. The emphasis on explainability, confidence scoring, impact assessment, human approval, and digital-twin validation is important. Most enterprises are not ready to hand broad operational authority to AI agents. They may be ready, however, to use AI to improve inventory, accelerate troubleshooting, prioritize risk, recommend changes, and reduce the time spent stitching together data from too many tools.
That distinction matters for the adoption curve. The first phase of AgenticOps is unlikely to be full autonomy. It is more likely to be better evidence, better recommendations, and more supervised remediation. If Cisco can help customers get from fragmented visibility to trusted recommendations, that would still be meaningful.
Where I would be more careful is on timing. “Agentic” is an attractive concept, but enterprise operations teams have long memories. They know that configuration mistakes, poorly understood dependencies, and incomplete asset data can create real outages. The trust curve will be gradual. Cisco’s architecture is directionally constructive, but customers will decide where the handoff from human to machine actually happens.
Runtime Resilience May Be the More Immediate Security Opportunity
The security sessions reinforced a point that is easy to agree with but harder to operationalize: AI, particularly in the era that began with the recent unveiling of Anthropic Mythos, is compressing the response window. Vulnerabilities can be discovered, chained, tested, and weaponized faster than many enterprises can patch. That puts pressure on the familiar model of periodic scanning, manual prioritization, planned maintenance windows, and centralized enforcement. Cisco’s answer is not just “patch faster,” because that is not always realistic. The more interesting answer is runtime resilience.
To me, runtime resilience means four things: know what is exposed, understand which risks matter, apply compensating controls when immediate patching is not possible, and move enforcement closer to the workload when centralized inspection creates too much operational friction. A variety of Cisco products, including Cisco IQ, Splunk Exposure Analytics, Live Protect, Hypershield, AI Defense, Duo, Secure Access, and ThousandEyes, each touch part of that problem.
The session on a customer’s (Xifin) journey with Hypershield was useful because it moved the discussion out of the abstract. The customer story was not about AI branding. It was about simplifying east-west security operations and avoiding unnecessary hairpinning through external firewalls. Using Nexus Smart Switches with DPUs to enforce stateful policy closer to workloads is a tangible architectural shift. The reported reduction in rule complexity after converting ACLs into more intent-based policies was also a good reminder that the value proposition is as much operational as it is technical.
This is where I think Cisco has a strong argument. Security teams do not need more isolated control points. They need enforcement that fits how applications, users, and workloads actually move. If some portion of segmentation and east-west policy enforcement can move into the network fabric, customers may be able to reduce complexity while improving response time.
But this should not be oversold. Hypershield is not a universal firewall replacement, and fabric-based enforcement will not eliminate the need for dedicated firewalls, SSE, WAF, endpoint, identity, or cloud security controls. The more realistic implication is that the boundaries between switching, firewall, microsegmentation, and security software continue to blur. It is one of the reasons why my network security coverage now spans from the user-edge SASE solutions to cloud-centric application delivery and control solutions. The neat market silos that once existed are becoming a continuum.
Net/net, I view the blurring of the world as constructive for Cisco. It gives the company a differentiated way to connect markets that have historically been viewed separately but are increasingly being consumed together. However, for the customer (and, by extension, even for folks like me in the analyst community or folks in the investor community), it also complicates taxonomy. Is the customer buying switching, firewall, microsegmentation, or security software? In many cases, the answer may be a mix of all four in a single solution.
The Market Opportunity is Real, but Packaging Still Needs to Catch Up
The broader market read-through from Cisco Live 2026 was positive. AI traffic growth will be part of the story, but security-led and operations-led modernization will be equally important for enterprise infrastructure spending.
Customers are not going to refresh networks only because AI produces more traffic. They will refresh when the current architecture cannot support the operating model they need. That could mean poor visibility into assets. It could mean aging hardware and software tied to lifecycle risk. It could mean branch architectures that are too complex to secure. It could mean too much dependence on manual policy management. It could mean east-west traffic patterns that were never designed for today’s segmentation requirements.
Cisco is trying to connect those dots. Cisco IQ can turn asset posture, lifecycle state, vulnerability context, and support data into a conversation about modernization. ThousandEyes can extend the discussion from device health to digital experience. Splunk gives Cisco a broader data and exposure story. Secure Access ties policy, users, and access into the same broader security architecture. Hypershield gives Cisco a way to talk about enforcement inside the fabric, not only around it.
That is a good strategic setup. The challenge is that customer buying motions do not always line up neatly with vendor architecture. Many Cisco products, including Cloud Control, Cisco IQ, Live Protect, Hypershield, AI Defense, ThousandEyes, Splunk, Secure Access, and professional services, may all contribute to the same outcome. Still, they will not necessarily be bought by the same team, funded by the same budget, or measured in the same way. Budget pressure is the other constraint. Customers may agree with Cisco’s direction and still struggle to fund every part of the vision at once.
The strongest opportunities will be where Cisco can connect the architecture to measurable outcomes: lower downtime, faster vulnerability response, less rule complexity, better user experience, reduced patch-window pressure, or fewer operational escalations. That is the right way to sell this. Runtime resilience cannot remain a conceptual platform story. It has to become an operational and economic argument.
Conclusion
My view coming out of Cisco Live 2026 is that Cisco is aiming at the right problem. The AI-ready enterprise will need more than connectivity. It will need visibility, policy, enforcement, identity, observability, and remediation to keep pace with a faster, less predictable operating environment.
The positives outweigh the concerns. Cisco has breadth, installed-base reach, telemetry, security assets, observability assets, and customer relationships that give it a credible position.
However, the concerns are still worth watching. Multi-vendor coverage will be essential. Customer trust in autonomy will take time. Runtime protection cannot become an excuse for weak patch discipline. And packaging needs to become clearer if customers are going to understand what they need to buy.
Still, these are better problems to have than trying to convince customers that AI is only a data center bandwidth story. Cisco’s more compelling argument is that AI changes how infrastructure has to be operated and defended. If the company can translate that argument into repeatable customer outcomes, runtime resilience could become one of the more important enterprise infrastructure themes to emerge from Cisco Live 2026.
