Table of Contents
Agentic AI is collapsing the time defenders have to act; Cisco’s answer is a security model built around visibility, runtime protection, governed automation and human control
The “Mythos moment” was front-and-center at Cisco Live. When CEO Chuck Robbins and EVP and Chief Customer Experience Officer Liz Centoni both referenced Anthropic’s unreleased cyber-capable AI model, the point was that cybersecurity’s clock had changed.
That became clearer after reports that General Joshua Rudd, who leads the NSA and U.S. Cyber Command, told the Senate Intelligence Committee that Mythos was able to compromise or identify vulnerabilities across classified systems “not in weeks, but in hours.” While finding vulnerable systems is not the same thing as fully exploiting them, the strategic meaning is harder to dismiss. The vulnerability discovery cycle is moving from human speed to machine speed.
That is the real “Mythos moment.” It is not a single model, a single vendor program or a single sensational report. It is the moment when security leaders have to accept that established practices around vulnerability management, patch prioritization, asset visibility and incident response were designed around a slower operating tempo than the one that’s here now.
Cisco has been close to this shift. In April, the company joined Anthropic’s Project Glasswing, a coalition of technology and security companies given access to Mythos in an effort to secure critical software before adversaries can exploit it. At the time, Cisco SVP and Chief Security and Trust Officer Anthony Grieco wrote that the company was using Mythos “to find and fix vulnerabilities at a speed and scale previously impossible,” while also accelerating the development of security products capable of defending against AI-enabled adversaries.
That formulation reinforces the idea that in the agentic era, the defensive question is no longer whether AI can find vulnerabilities faster than humans. It definitely can. The question is whether enterprises can convert that speed into verified action without drowning in false positives, breaking production systems or surrendering control to probabilistic systems they do not fully understand.
Centoni put the challenge plainly at Cisco Live. “There are networks being mapped by AI at machine speed,” she said, “finding vulnerable devices, finding those end-of-life devices in minutes.” Her conclusion was the central premise of Cisco’s security message: “Human-speed reactive defense is no longer viable. This is the Mythos moment and the question is, how are you meeting it?” Cisco sees the answer as a new operating model.
At the platform level, that answer begins with Cisco Cloud Control, the company’s new unified operating surface for humans and AI agents across networking, security, observability, compute and collaboration. The security relevance is that Cisco is trying to collapse the distance between signal, context, policy and action. A vulnerability finding is only useful if the organization knows what asset is affected, whether it is still in production, what business process depends on it, what compensating control can be applied, who has authority to approve that control, and whether the system has returned to a known-good state.
That is where Live Protect becomes the most concrete expression of the Cisco Live security story. Cisco is positioning Live Protect as runtime shielding for supported Cisco infrastructure where validated compensating controls can be applied while teams test, schedule and deploy permanent patches. The company is positioning Live Protect as a bridge between discovery and remediation, not an excuse to defer lifecycle discipline.
The strategic logic is sound. If AI collapses the time between vulnerability discovery and exploit availability, the industry cannot rely exclusively on quarterly maintenance windows, manual triage and emergency change boards. Organizations need a way to reduce exposure immediately without indiscriminately touching production infrastructure. Cisco’s use of eBPF-based controls in Live Protect is a technical mechanism for that broader operating-model change that shields specific exploit paths at runtime while preserving uptime and change-control discipline.
Cisco IQ addresses the other half of the problem: context. Centoni described the old support model as a kind of educated guesswork — spreadsheets, partial asset inventories, decommissioned devices that still appear in the environment, and support calls where the first 35 to 40 minutes are spent explaining the customer’s environment to the engineer. In a world where AI-enabled attackers can map vulnerable infrastructure in minutes, that delay becomes untenable.
Cisco IQ is Cisco’s effort to make support and lifecycle intelligence agentic. The idea is to give customers real-time visibility into their estate, connect vulnerabilities to business risk, prioritize action based on actual exposure and feed that context into Cloud Control. The additions around resilient infrastructure services, air-gapped deployment options, peer benchmarking and quantum readiness also matter because they expand the security discussion beyond immediate patching. The same operating model needed for Mythos-era vulnerability management will be needed for post-quantum migration, end-of-life exposure and broader digital resilience.
The more interesting part of Cisco’s agentic security narrative, though, is that agents are doing two things at once — agents are helping defenders while becoming part of the attack surface.
This is where Cisco’s Zero Trust for Agents, Agent Gateway, AI Defense and Agentic SOC fits in. Agentic AI systems do not behave like conventional software interfaces. They use tools, call APIs, interact with models, move data, write code and trigger workflows. That means enterprises have to protect agents from malicious inputs, protect enterprise systems from agent misuse, and maintain an audit trail across multi-step, multi-system activity.
In other words, agentic security has two sides. One side is AI for defense: using frontier models and agentic workflows to find, validate and prioritize vulnerabilities faster. The other side is security for agents: identity, policy, inspection, authorization, runtime controls and auditability for software actors that increasingly behave like employees with credentials and delegated authority.
This is the architectural opening Cisco is trying to claim. The company’s argument is that the network, security stack, observability layer, support organization and collaboration environment cannot be treated as separate domains once agents begin acting across all of them. Agentic AI creates routing problems, policy problems, telemetry problems, trust problems and cost problems at the same time. Security becomes the discipline that forces those domains into one operating model.
The Mythos moment is not a temporary panic over one Anthropic model. It is a preview of a persistent condition where vulnerability discovery, exploit development and adversary automation are becoming faster, broader and cheaper. The old security model assumed that defenders had time to see, understand, prioritize and patch. The new model assumes they may not.
Meeting that moment requires governed speed, complete visibility, prioritized risk, runtime protection, validated remediation, agent identity, human approval and continuous verification. Cisco reinforced that its breadth — networking, security, observability, services, Splunk and now Cloud Control — can be turned into that kind of agentic security platform.
The companies that meet the Mythos moment will be the ones that can turn machine-speed discovery into machine-assisted defense without losing human control. That is the real test for Cisco’s agentic security strategy, and for every enterprise trying to secure critical infrastructure in the age of AI agents.