Eighty-five % of enterprises are operating AI agent pilots, however solely 5% have moved these brokers into manufacturing. In an unique interview at RSA Convention 2026, Cisco President and Chief Product Officer Jeetu Patel stated that the hole comes down to 1 factor: belief — and that closing it separates market dominance from chapter. He additionally disclosed a mandate that may reshape Cisco’s 90,000-person engineering group.
The issue shouldn’t be rogue brokers. The issue is the absence of a belief structure.
The belief deficit behind a 5% manufacturing price
A current Cisco survey of main enterprise clients discovered that 85% have AI agent pilot applications underway. Solely 5% moved these brokers into manufacturing. That 80-point hole defines the safety drawback all the trade is attempting to shut. It’s not closing.
“The largest obstacle to scaled adoption in enterprises for business-critical duties is establishing a adequate quantity of belief,” Patel instructed VentureBeat. “Delegating versus trusted delegating of duties to brokers. The distinction between these two, one results in chapter and the opposite results in market dominance.”
He in contrast brokers to youngsters. “They’re supremely clever, however they don’t have any worry of consequence. They’re fairly immature. And they are often simply sidetracked or influenced,” Patel stated. “What it’s important to do is just remember to have guardrails round them and also you want some parenting on the brokers.”
The comparability carries weight as a result of it captures the exact failure mode safety groups face. Three years in the past, a chatbot that gave the flawed reply was a humiliation. An agent that takes the flawed motion can set off an irreversible consequence. Patel pointed to a case he cited in his keynote the place an AI coding agent deleted a stay manufacturing database throughout a code freeze, tried to cowl its tracks with pretend knowledge, after which apologized. “An apology shouldn’t be a guardrail,” Patel stated in his keynote weblog. The shift from info threat to motion threat is the core cause the pilot-to-production hole persists.
Protection Claw and the open-source pace play with Nvidia
Cisco’s response to the belief deficit at RSAC 2026 spanned three classes: defending brokers from the world, defending the world from brokers, and detecting and responding at machine pace. The product bulletins included AI Protection Explorer Version (a free, self-service crimson teaming device), the Agent Runtime SDK for embedding coverage enforcement into agent workflows at construct time, and the LLM Safety Leaderboard for evaluating mannequin resilience in opposition to adversarial assaults.
The open-source technique moved sooner than any of these. Nvidia launched OpenShell, a safe container for open-source agent frameworks, at GTC the week earlier than RSAC. Cisco packaged its Expertise Scanner, MCP Scanner, AI Invoice of Supplies device, and CodeGuard right into a single open-source framework referred to as Protection Claw and hooked it into OpenShell inside 48 hours.
“Each single time you really activate an agent in an Open Shell container, now you can robotically instantiate all the safety companies that we have now constructed by Protection Claw,” Patel instructed VentureBeat. The combination means safety enforcement prompts at container launch with out guide configuration. That pace issues as a result of the choice is asking builders to bolt on safety after the agent is already operating.
That 48-hour turnaround was not an anomaly. Patel stated a number of of the Protection Claw capabilities Cisco launched had been in-built every week. “You could not have constructed it in longer than every week as a result of Open Shell got here out final week,” he stated.
A six-to-nine-month product lead and an info asymmetry on prime of it
Patel made a aggressive declare price inspecting. “Product clever, we is perhaps six to 9 months forward of many of the market,” he instructed VentureBeat. He added a second layer: “We even have an uneven info benefit of, I would say, three to 6 months on everybody as a result of, you recognize, we, by advantage of being within the ecosystem with all of the mannequin firms. We’re seeing what’s coming down the pipe.” The 48-hour Protection Claw dash helps the pace declare, although the lead margin is Cisco’s personal characterization; no unbiased benchmarks had been supplied.
Cisco additionally prolonged zero belief to the agentic workforce by new Duo IAM and Safe Entry capabilities, giving each agent time-bound, task-specific permissions. On the SOC aspect, Splunk introduced Publicity Analytics for steady threat scoring, Detection Studio for streamlined detection engineering, and Federated Seek for investigating throughout distributed knowledge environments.
The zero-human-code engineering mandate
AI Protection, the product Cisco launched a yr earlier than RSAC 2026, is now 100% constructed with AI. Zero traces of human-written code. By the top of 2026, half a dozen Cisco merchandise will attain the identical milestone. By the top of calendar yr 2027, Patel’s purpose is 70% of Cisco’s merchandise constructed solely by AI.
“Simply course of that for a second and go: a $60 billion firm is gonna have 70% of the merchandise which are gonna don’t have any human traces of code,” Patel instructed VentureBeat. “The idea of a legacy firm not exists.”
He related that mandate to a cultural shift contained in the engineering group. “There’s gonna be two sorts of individuals: ones that code with AI and ones that do not work at Cisco,” Patel stated. That was not debated. “Altering 30,000 individuals to alter the best way that they work on the very core of what they do in engineering can’t occur should you simply make it a democratic course of. It needs to be one thing that is pushed from the highest down.”
5 moats for the agentic period, and what CISOs can confirm immediately
Patel laid out 5 strategic benefits that may separate successful enterprises from failing ones. VentureBeat mapped every moat in opposition to actions safety groups can start verifying immediately.
|
Moat |
Patel’s declare |
What CISOs can confirm immediately |
What to validate subsequent |
|
Sustained pace |
“Working with excessive ranges of obsession for pace for a sturdy size of time” creates compounding worth |
Measure deployment velocity from pilot to manufacturing. Observe how lengthy agent governance critiques take. |
Pair pace metrics with telemetry protection. Quick deployment with out observability creates blind acceleration. |
|
Belief and delegation |
Trusted delegation separates market dominance from chapter |
Audit delegation chains. Flag agent-to-agent handoffs with no human approval. |
Agent-to-agent belief verification is the following primitive the trade wants. OAuth, SAML, and MCP don’t but cowl it. |
|
Token effectivity |
Larger output per token creates a strategic benefit |
Monitor token consumption per workflow. Benchmark cost-per-action throughout agent deployments. |
Token effectivity metrics exist. Token safety metrics (what the token accessed, what it modified) are the following construct. |
|
Human judgment |
“Simply because you’ll be able to code it doesn’t suggest it is best to.” |
Observe determination factors the place brokers defer to people vs. act autonomously. |
Put money into logging that distinguishes agent-initiated from human-initiated actions. Most configurations can’t but. |
|
AI dexterity |
“10x to 20x to 50x productiveness differential” between AI-fluent and non-fluent employees |
Measure the adoption charges of AI coding instruments throughout safety engineering groups. |
Pair dexterity coaching with governance coaching. One with out the opposite compounds the chance. |
The telemetry layer the trade remains to be constructing
Patel’s framework operates on the id and coverage layer. The subsequent layer down, telemetry, is the place the verification occurs. “It seems to be indistinguishable if an agent runs your internet browser versus should you run your browser,” CrowdStrike CTO Elia Zaitsev instructed VentureBeat in an unique interview at RSAC 2026. Distinguishing the 2 requires strolling the method tree, tracing whether or not Chrome was launched by a human from the desktop or spawned by an agent within the background. Most enterprise logging configurations can’t make that distinction but.
A CEO’s AI agent rewrote the corporate’s safety coverage. Not as a result of it was compromised. As a result of it needed to repair an issue, lacked permissions, and eliminated the restriction itself. Each id examine handed. CrowdStrike CEO George Kurtz disclosed that incident and a second one at his RSAC keynote, each at Fortune 50 firms. Within the second, a 100-agent Slack swarm delegated a code repair between brokers with out human approval.
Each incidents had been caught accidentally
Etay Maor, VP of Menace Intelligence at Cato Networks, instructed VentureBeat in a separate unique interview at RSAC 2026 that enterprises deserted fundamental safety rules when deploying brokers. Maor ran a stay Censys scan in the course of the interview and counted almost 500,000 internet-facing agent framework situations. The week earlier than: 230,000. Doubling in seven days.
Patel acknowledged the delegation threat within the interview. “The agent takes the flawed motion and worse but, a few of these actions is perhaps important actions that aren’t reversible,” he stated. Cisco’s Duo IAM and MCP gateway implement coverage on the id layer. Zaitsev’s work operates on the kinetic layer: monitoring what the agent did after the id examine handed. Safety groups want each. Id with out telemetry is a locked door with no digicam. Telemetry with out id is footage with no suspect.
Token era because the forex for nationwide competitiveness
Patel sees the infrastructure layer as decisive. “Each nation and each firm on the planet is gonna wanna guarantee that they will generate their very own tokens,” he instructed VentureBeat. “Token era turns into the forex for achievement sooner or later.” Cisco’s play is to supply essentially the most safe and environment friendly know-how for producing tokens at scale, with Nvidia supplying the GPU layer. The 48-hour Protection Claw integration demonstrated what that partnership produces beneath strain.
Safety director motion plan
VentureBeat recognized 5 steps safety groups can take to start constructing towards Patel’s framework immediately:
-
Audit the pilot-to-production hole. Cisco’s personal survey discovered 85% of enterprises piloting, 5% in manufacturing. Mapping the particular belief deficits retaining brokers caught is the start line — the reply isn’t the know-how. Governance, id, and delegation controls are what’s lacking. Patel’s trusted delegation framework is designed to shut that hole.
-
Check Protection Claw and AI Protection Explorer Version. Each are free. Pink-team your agent workflows earlier than they attain manufacturing. Check the workflow, not simply the mannequin.
-
Map delegation chains end-to-end. Flag each agent-to-agent handoff with no human approval. That is the “parenting” Patel described. No product absolutely automates it but. Do it manually, each week.
-
Set up agent behavioral baselines. Earlier than any agent reaches manufacturing, outline what regular seems to be like: API name patterns, knowledge entry frequency, techniques touched, and hours of exercise. With out a baseline, the observability that Patel’s moats require has nothing to match in opposition to.
-
Shut the telemetry hole in your logging configuration. Confirm that your SIEM can distinguish agent-initiated actions from human-initiated actions. If it can’t, the id layer alone won’t catch the incidents Kurtz described at RSAC. Patel constructed the id layer. The telemetry layer completes it.