Each CISO is being requested some model of the identical query: are we prepared for AI-powered assaults? Dive into how Cisco is reshaping its personal community, not as a posture checked yearly, however as a steady working mannequin.
Most enterprises are managing dangers based mostly on a menace mannequin constructed for a unique period. You set a threat threshold. You centered on the vulnerabilities above that line — those crucial sufficient to maintain you up at night time. The whole lot under it, you managed. That was an inexpensive tradeoff.
AI-powered cybersecurity instruments have modified the mannequin. They don’t simply speed up recognized exploits; they will discover and weaponize every part under your threshold, together with the vulnerabilities you determined weren’t pressing and the legacy units you hadn’t gotten round to changing. The bar hasn’t simply moved. It’s been dropped. That realization is reshaping how we function and defend our personal community at Cisco, and we predict it ought to reshape how each enterprise thinks about cyber protection.
“The stuff we used to not fear about — that’s now precisely what we fear about. The bar has been dropped, and we should rethink the entire mannequin.”
What we’re up towards
Cisco’s company community carries site visitors for tens of millions of units, 1000’s of purposes, and a fast-growing inhabitants of AI brokers. It’s a prime goal for a similar adversaries our merchandise are constructed to cease.
For years, we have now operated on the identical vulnerability-patching mannequin most enterprises nonetheless use at this time: vulnerability disclosed, patch developed, change-window scheduled, guide approvals collected, repair deployed. That cycle — measured in weeks — made sense when adversaries wanted months to weaponize a newly disclosed flaw. That window is now hours, with the trajectory pointing to minutes, and no quantity of course of enchancment closes a spot that large.
With new frontier AI fashions, conventional approaches to defending the community are now not enough. The identical capabilities that assist us discover and repair vulnerabilities quicker are additionally touchdown within the arms of menace actors who can now scan, exploit, and weaponize weaknesses at machine pace. This dynamic extends effectively past our personal code: our broader provider ecosystem is racing to patch vulnerabilities whereas adversaries leverage these similar fashions to find and exploit them, typically in parallel. The result’s a quickly compressing window between disclosure and exploitation, forcing us to evolve simply as shortly.
Our workforces concentrate on discovering and fixing vulnerabilities and use authorized, commercially obtainable AI coding brokers ruled by contractual and technical controls to scan complicated merchandise with tens of millions of traces of code. This helps us floor vulnerabilities that people alone would possibly miss.
How we’re responding: See it. Show it. Comprise it. Change it.
Operationally, knowledgeable by our work with Anthropic’s Undertaking Glasswing and OpenAI’s Dawn, in addition to different frontier fashions, we’ve reorganized our inside protection round 4 pillars, prioritized from the surface in — beginning with the broader provider and menace panorama and dealing inward to our personal surroundings.
On this mannequin, instruments and brokers don’t function as a guidelines however as a steady loop, reinforcing one another at machine pace.
- Actual-time visibility first. Visibility informs what we validate. Earlier than we may speed up something, we wanted a centralized, repeatedly up to date image of our full assault floor — each asset, id, service account, cloud entitlement, and API. Actual visibility isn’t simply an asset stock. It’s understanding who owns every asset, how crucial the asset is, and precisely how unhealthy issues can get if it’s compromised. That’s the muse for each choice.
- Steady publicity validation, not periodic assessment. Validation informs the place we deploy runtime protections. AI-powered adversaries don’t prioritize by the Widespread Vulnerability Scoring System (CVSS) rating. They chain lower-severity vulnerabilities into working exploits quicker than any periodic assessment cycle can catch. We stopped chasing vulnerability lists. This can enable us to simulate actual assaults at machine pace to repair what’s really exploitable, not what’s theoretically dangerous. Assault path evaluation tells you what’s in danger; severity scores alone don’t.
- Runtime safety as a bridge, not a vacation spot. Runtime telemetry feeds again into visibility. Runtime safety incorporates threats whilst you repair the foundation trigger. It buys time till the precise repair is prepared. The aim is a manufacturing surroundings resilient sufficient to maintain working safely even below partial compromise.
- Modernization as a strategic safety crucial. Modernization retains the entire loop operating on infrastructure constructed for change. Our focus is on hardening the muse — retiring end-of-life methods, eliminating insecure legacy companies, and positioning our infrastructure for quicker patching and larger resilience. That trendy basis is what unlocks superior runtime defenses like Hypershield-class segmentation, Dwell Shield, and the eBPF-powered Tetragon agent, which delivers real-time vulnerability shielding with out reboots or binary adjustments — capabilities that merely can’t run on legacy.
How we’re prioritizing: Outdoors in
Some of the concrete shifts we’ve made is how we sequence our response. When the scope of publicity is massive and you may’t do every part without delay, triage construction issues as a lot as technical functionality.
Our method: work from the surface in. Web-facing edges carry the best publicity threat and transfer quickest, in order that’s the place we’ve centered patching velocity and shielding first. As we transfer towards the core, the tempo turns into extra deliberate — the boundaries there are amongst our most important. The segments separating our largest safety zones — the firewalls defending our most delicate property — get prioritized as a result of defending them limits lateral motion and incorporates blast radius if one thing will get by means of.
From there, each choice runs by means of the identical risk-based logic: decide what’s most uncovered, most weak, and what’s the correct response — take away it from the community, section it, apply runtime safety, or speed up the patch. Finish-of-life and unsupported property get eradicated or remoted. Externally exploitable vulnerabilities get addressed first. Property that may’t be patched inside operational home windows get runtime-first safety whereas remediation proceeds.
The Greater Shift
All of this factors to one thing extra elementary than a quicker patch cycle. The mannequin we’re constructing towards isn’t a hardened fortress. It’s an agile and adaptable system that may transfer repeatedly to a safer state with out taking a time-out to do it.
“The sport is all the time being able to redeploy new, safe applied sciences. This notion that I’ve acquired to take a time-out and do patching work — that’s the sport of the previous.”
Because the business is getting into a interval of intense infrastructure evolution, companies should adapt safety practices and operational fashions to construct and keep resiliency. Our participation in trusted initiatives like Undertaking Glasswing and Dawn offers us with the deep insights essential to navigate this shift, yielding rapid adjustments in how we function. However we aren’t carried out. As we repeatedly mature our working mannequin, we are going to proceed to show each functionality internally — at scale and in manufacturing — sharing our learnings and greatest practices that assist our prospects evolve their very own safety operations.
The window to get forward of AI threats continues to be open. The organizations that construct this operational muscle will compound their benefit. People who wait compound their threat.
“We don’t simply promote the community; we defend each minute of on daily basis with the identical instruments we provide to our prospects.”
Jason Lish is Senior Vice President, Chief Info Safety Officer at Cisco the place he offers strategic management and oversight for Cisco’s Info Safety capabilities, together with enterprise info safety, information safety, assault floor administration, and safety operations. He additionally oversees worth chain safety and the Safety and Belief Group’s mergers and acquisitions service.
Be a part of the Webinar
Glasswing: Mythos calls for a brand new mannequin for infrastructure
Occasion by Cisco Safety
Thu, Might 28, 2026, 12:00 PM
Extra assets
