A physician in a hospital examination room watches as a medical transcription agent updates digital well being information, prompts prescription choices, and surfaces affected person historical past in actual time. A pc imaginative and prescient agent on a producing line is working high quality management at speeds no human inspector can match. Each generate non-human identities that almost all enterprises can’t stock, scope, or revoke at machine velocity.
That’s the structural downside preserving agentic AI caught in pilots. Not mannequin functionality. Not compute. Id governance.
Cisco President Jeetu Patel informed VentureBeat at RSAC 2026 that 85% of enterprises are working agent pilots whereas solely 5% have reached manufacturing. That 80-point hole is a belief downside. The primary questions any CISO will ask: which brokers have manufacturing entry to delicate programs, and who’s accountable when one acts outdoors its scope? IANS Analysis discovered that almost all companies nonetheless lack role-based entry management mature sufficient for at the moment’s human identities, and brokers will make it considerably tougher. The 2026 IBM X-Power Menace Intelligence Index reported a 44% enhance in assaults exploiting public-facing functions, pushed by lacking authentication controls and AI-enabled vulnerability discovery.
Why the belief hole is architectural, not only a tooling downside
Michael Dickman, SVP and GM of Cisco’s Campus Networking enterprise, laid out a belief framework in an unique interview with VentureBeat that safety and networking leaders hardly ever hear said this plainly. Earlier than Cisco, Dickman served as Chief Product Officer at Gigamon and SVP of Product Administration at Aruba Networks.
Dickman mentioned that the community sees what different telemetry sources miss: precise system-to-system communications quite than inferred exercise. “It is that distinction of figuring out versus guessing,” he mentioned. “What the community can see are precise information communications … not, I feel this technique wants to speak to that system, however which programs are literally speaking collectively.” That uncooked behavioral information, he added, turns into the inspiration for cross-domain correlation, and with out it, organizations don’t have any dependable strategy to implement agent coverage at what he referred to as “machine velocity.”
The belief prerequisite that almost all AI methods skip
Dickman argues that agentic AI breaks a sample he says outlined each prior know-how transition: deploy for productiveness first, bolt on safety later.
“I do not suppose belief is a kind of issues the place the enterprise productiveness comes first, and the safety is an afterthought,” Dickman informed VentureBeat. “Belief truly is without doubt one of the key necessities. Simply desk stakes from the start.”
Observing information and recommending selections carries penalties that keep contained. Execution adjustments every part. When brokers autonomously replace affected person information, alter community configurations, or course of monetary transactions, the blast radius of a compromised identification expands dramatically.
“Now greater than ever, it is that query of who has the appropriate to do what,” Dickman mentioned. “The who’s now far more sophisticated as a result of you will have the potential in our actuality of those autonomous brokers.”
Dickman breaks the belief downside into 4 situations. The primary is safe delegation, which begins by defining what an agent is permitted to do and sustaining a transparent chain of human accountability. The second is cultural readiness; he pointed to alert fatigue as a case research. The normal repair, Dickman famous, was to combination alerts, so analysts see fewer objects. With brokers able to evaluating each alert, that logic adjustments completely.
“It’s now potential for an agent to undergo all alerts,” Dickman mentioned. “You possibly can truly begin to consider completely different workflows another way. After which how does that have an effect on the tradition of the work, which is wonderful.”
The third is token economics: Each agent’s motion carries an actual computational value. Dickman sees hybrid architectures as the reply, the place agentic AI handles reasoning whereas conventional deterministic instruments execute actions. The fourth is human judgment. For instance, his staff used an AI software to draft a product necessities doc. The agent produced 60 pages of repetitive filler that instantly supplied how technically responsive the structure was, but confirmed indicators of needing intensive fine-tuning to make the output related. “There isn’t any substitute for the human judgment and the expertise that is wanted to be dextrous with AI,” he mentioned.
What the community sees that endpoints miss
Most enterprise information at the moment is proprietary, inner, and fragmented throughout observability instruments, utility platforms, and safety stacks. Every area staff builds its personal view. None sees the total image.
“It is that distinction of figuring out versus guessing,” Dickman mentioned. “What the community can see are precise information communications. Not ‘I feel this technique wants to speak to that system,’ however which programs are literally speaking collectively.”
That telemetry grows extra helpful as IoT and bodily AI proliferate. Laptop imaginative and prescient brokers analyzing shopper habits and working factory-floor high quality management generate extremely delicate information that calls for exact entry controls.
“All of these issues require that belief that we began with, as a result of that is extremely delicate information round like who’s doing what within the store or what’s taking place on the manufacturing unit ground,” Dickman mentioned.
Why siloed agent information misses the sign
“It isn’t solely aggregation, however truly the creation of information from the community,” Dickman mentioned. “There are these new insights you may get while you see the true information communications. And so now it turns into what can we do first versus second versus third?”
That final query reveals the place Dickman’s focus lands: the strategic problem is sequencing, not functionality.
“The true energy comes from the cross-domain views. The true energy comes from correlation,” Dickman mentioned. “Versus simply aggregation and deduplication of alerts, which is nice, nevertheless it’s a bit of bit primary.”
That is the place he sees the most typical pitfall. Staff A builds Agent A on prime of Knowledge A. Staff B builds Agent B on prime of Knowledge B. Every silo produces incrementally helpful automation. The cross-domain perception by no means materializes.
Impartial practitioners validate the sample. Kayne McGladrey, an IEEE senior member, informed VentureBeat that organizations are defaulting to cloning human consumer profiles for brokers, and permission sprawl begins on day one. Carter Rees, VP of AI at Popularity, recognized the structural motive. “A major vulnerability in enterprise AI is damaged entry management, the place the flat authorization airplane of an LLM fails to respect consumer permissions,” Rees informed VentureBeat. Etay Maor, VP of Menace Intelligence at Cato Networks, reached the identical conclusion from the adversarial facet. “We’d like an HR view of brokers,” Maor informed VentureBeat at RSAC 2026. “Onboarding, monitoring, offboarding.”
Agentic AI belief hole evaluation
Use this matrix to judge any platform or mixture of platforms towards the 5 belief gaps Dickman recognized. Word that the enforcement approaches in the appropriate column replicate Cisco’s framework.
|
Belief hole |
Present management failure |
What network-layer enforcement adjustments |
Really helpful motion |
|
Agent identification governance |
IAM constructed for human customers can’t stock, scope, or revoke agent identities at machine velocity |
Agentic IAM registers every agent with outlined permissions, an accountable human proprietor, and a policy-governed entry scope |
Audit each agent identification in manufacturing. Assign a human proprietor. Outline permitted actions earlier than increasing the scope |
|
Blast radius containment |
Host-based brokers and perimeter controls will be bypassed; flat segments give compromised brokers lateral motion |
Microsegmentation enforces least-privileged entry on the community layer, limiting blast radius impartial of host-level controls |
Implement microsegmentation for each agent-accessible system. Begin with the highest-sensitivity information (PHI, monetary information) |
|
Cross-domain visibility |
Siloed observability instruments create fragmented views; Staff A’s agent information by no means correlates with Staff B’s safety telemetry |
Community telemetry captures precise system-to-system communications, feeding a unified information material for cross-domain correlation |
Unify community, safety, and utility telemetry right into a shared information material earlier than deploying manufacturing brokers |
|
Governance-to-enforcement pipeline |
No formal course of connecting enterprise intent to agent coverage to community enforcement |
Coverage-to-enforcement pipeline interprets governance selections into machine-speed community guidelines |
Set up a proper pipeline from business-intent definition to automated community coverage enforcement |
|
Cultural and workflow readiness |
Organizations automate present workflows quite than redesigning for agent-scale processing |
Community-generated behavioral information reveals precise utilization patterns, informing workflow redesign |
Run a 30-day telemetry seize earlier than designing agent workflows. Construct round noticed information, not assumptions |
A damaged ankle and a microsegmentation lesson
Dickman grounded his framework in a situation from his personal life. A member of the family not too long ago broke an ankle, which put him in a hospital examination room watching a medical transcription agent replace the EHR, immediate prescription choices, and floor affected person historical past in actual time. The physician permitted every determination, however the agent dealt with duties that beforehand required guide entry throughout a number of programs.
The safety implications hit otherwise when it’s a cherished one’s information on the display.
“I’d name it do governance slowly. However do the enforcement and implementation quickly,” he mentioned. “It should be achieved in machine velocity.”
It begins with agentic IAM, the place every agent is registered with outlined permitted actions and a human accountable for its habits.
“Here is my set of brokers that I’ve constructed. Listed here are the brokers. By the best way, here is a human who’s accountable for these brokers,” Dickman mentioned. “So if one thing goes fallacious, there’s an individual to speak to.”
That identification layer feeds microsegmentation — a network-enforced boundary Dickman says enforces least-privileged entry and limits blast radius.
“Microsegmentation ensures that least-privileged entry,” Dickman mentioned. “You are not counting on a bunch of host brokers, which will be bypassed or produce other points.”
If the governance mannequin works for a medical transcription agent dealing with affected person information in an emergency division, it scales to much less delicate enterprise use circumstances.
5 priorities earlier than brokers attain manufacturing
1. Power cross-functional alignment now. Outline what the group expects from agentic AI throughout line-of-business, IT, and safety management. Dickman sees the human coordination layer shifting extra slowly than the know-how. That hole is the bottleneck.
2. Get IAM and PAM governance production-ready for brokers. Dickman referred to as out identification and entry administration and privileged entry administration particularly as not mature sufficient for agentic workloads at the moment. Solidify the governance earlier than scaling the brokers. “That turns into the unlock of belief,” he mentioned. “As a result of when the know-how platform is prepared, you then want the appropriate governance and coverage on prime of that.”
3. Undertake a platform strategy to networking infrastructure. A platform technique permits information sharing throughout domains in methods fragmented level options can’t. That shared basis is what makes the cross-domain correlation within the belief hole evaluation above operationally actual.
4. Design hybrid architectures from the beginning. Agentic AI handles reasoning and planning. Conventional deterministic instruments execute the actions. Dickman sees this mix as the reply to token economics: it delivers the intelligence of basis fashions with the effectivity and predictability of standard software program. Don’t construct pure-agent programs when hybrid programs value much less and fail extra predictably.
5. Make the primary use circumstances bulletproof on belief. Decide two or three high-value use circumstances and construct them with role-based entry management, privileged entry administration, and microsegmentation from day one. Even modest deployments delivered with finest practices intact construct the organizational confidence that accelerates every part after.
“You possibly can assure that belief to the group, and that may unleash the velocity,” Dickman mentioned.
That’s the structural perception working by each part of this dialog. The 85% of enterprises caught in pilot mode aren’t ready for higher fashions. They’re ready for the identification governance, the cross-domain visibility, and the coverage enforcement infrastructure that makes manufacturing deployment defensible. Whether or not they construct on Cisco’s platform or assemble their very own, Dickman’s framework holds: identification governance, cross-domain visibility, coverage enforcement. None of these conditions is non-compulsory.
The organizations that fulfill them first will deploy brokers at a tempo the remaining can’t match, as a result of each new agent inherits the belief structure the primary ones required. Those nonetheless debating whether or not to begin will watch that hole widen. Theoretical belief doesn’t ship.