San Jose, California.
A zero-day vulnerability can go unnoticed in your data center switching fabric for months. Instead of being discovered by a security researcher, it might be found by an AI model within hours, which then starts probing enterprise perimeters at scale. With the traditional patching model, your choices are tough: schedule an emergency maintenance window, reboot the affected systems, deal with downtime, and hope the exploit is fixed before it causes damage. For IT teams managing hundreds of Nexus switches in a hybrid cloud, this approach is no longer practical.
Cisco Cloud Control was designed to solve this exact problem. It was introduced at Cisco Live 2026 in Las Vegas, not as a simple product update, but as a complete rethinking of how enterprises run and protect their critical IT infrastructure.
What Cisco Cloud Control Actually Delivers
Cisco Cloud Control is an integrated platform designed to serve both people and AI agents in managing, monitoring, and protecting critical IT infrastructure. With just one login, users get a single view of Cisco networking, security, computing, observability, and alliance in a secure environment. People and AI agents operate within the same operational context and system of action, a significant change from the fragmented tools most enterprise IT teams use today.
The main difference is in the architecture. Tools like Terraform, Ansible, and Python scripts made infrastructure programmable, but they all rely on humans to write the logic, connect systems, and decide on changes. Cisco Cloud Control takes a different approach. It offers standard APIs, telemetry, identity, and enforcement points, enabling both people and AI agents to work effectively within the same controlled environment.
Imagine a financial services company with 400 Nexus switches spread across three data centers. In the past, a new CVE disclosure would trigger weeks of coordination among the security team, network operations, and change management. With Cisco Cloud Control, the same event can now trigger an automated response that is analyzed, scoped, and resolved, all while the network continues to run.
The AgenticOps Platform Model: What Changes for IT Teams
The idea of unified infrastructure management for human and AI agents is not simply a product positioning statement. It shows a real operational shift that Cisco has branded as AgenticOps. The AgenticOps Platform is the operating model on which Cisco Cloud Control is founded — one where people and agents work from a single data layer, and humans keep control over the actions taken.
This is important because most enterprise AI deployments today lack trust rather than ability. AI agents can analyze infrastructure data, but devoid of clear boundaries, permissions, audit trails, and ways for humans to override actions, IT leaders cannot use them responsibly. The AgenticOps Platform solves this by building identity, policy, and zero trust directly into the control path, not as an add-on. It also includes governance that makes every agent action transparent, auditable, limited, reversible, and always subject to human approval.
In practice, this means an AI agent in Cisco Cloud Control can spot unusual traffic patterns on a campus wireless controller, match that signal to a known vulnerability, and isolate the affected segment within seconds. It creates a full audit trail and does not need to wait for a human to notice the alert in the middle of the night.
Customers can also create their own applications and agents using natural language directly in the platform. It connects to a wide range of services, including AWS, Linear, Microsoft, PagerDuty, ServiceNow, Slack, and Google Cloud. The AgenticOps Platform is open and unrestricted.
Live Protect Security: The End of Reboot-Dependent Patching
The most operationally consequential piece of the Cisco Cloud Control architecture is Live Protect Security. The concept is simple; the execution is sophisticated.
Traditional CVE patching requires maintenance windows and reboots, and can cause downtime. Live Protect Security takes a different approach by applying security policies to live systems without requiring a switch reboot. It provides immediate protection as soon as a threat is found, well before a standard PSIRT upgrade is scheduled.
When set to enforce mode, Live Protect Security blocks or reduces detected threats in real time. This enforcement occurs at the kernel level, so threats can be stopped immediately without requiring software upgrades, reboots, or downtime. Enforce mode uses NXSecure, which is built into NX-OS, to apply kernel-level security shields. This keeps Nexus 9000 series switches protected against new CVEs while ensuring the network remains stable and online.
Live Protect Security is powered by extended Berkeley Packet Filter (eBPF) technology. Live Protect Security delivers kernel-level visibility and enforcement to protect against zero-day attacks, privilege escalation, and advanced DDoS threats. Controls can be set to monitor, log, or enforce mode, allowing instant CVE mitigation without reboots, disruptive updates, or maintenance windows.
Cisco is also collaborating with AI red-teaming firm Armadin to independently validate Live Protect Security shields before deployment. Live Protect Security is currently shipping on Nexus 9000 switches, with expansion to SD-WAN Manager, Catalyst campus wireless controllers, switches, and other platforms planned.
For hospital networks or stock exchanges, where any unforeseen downtime can have regulatory and financial impacts, this feature is a major shift. It completely changes how organizations think about security.
Quantum Readiness and the Longer Arc
Cisco Cloud Control and the AgenticOps Platform do not address only the threats visible today. “Harvest now, decrypt later” attacks are already collecting encrypted data to unlock when quantum capabilities mature. Cisco is responding with post-quantum protection extensions across its core portfolio, pledging to enable quantum-safe communications across the majority of Cisco’s core portfolio by December 2026.
New enterprise and data center routers, switches, and firewall series will be quantum-safe by default. Cisco Cloud Control will highlight this change through its unified visibility layer, giving security teams a real-time view of your quantum readiness.
Unified Infrastructure Management for Human and AI Agents: The Competitive Reality
Cisco Cloud Control’s unified infrastructure management for human and AI agents is not unique, as every major infrastructure vendor is moving toward similar consolidation. What sets Cisco apart is how deeply integrated its platform is. The same system that manages a Catalyst campus switch also lets a security agent fix a kernel-level exploit on a Nexus data center fabric, all without changing tools, consoles, or data sources.
As AI agents start working across different clouds, the network is no longer just a passive transport layer. It becomes part of the intelligence stack. Companies that use Cisco Cloud Control only to simplify management will get some benefits. But those who make it the foundation of their AgenticOps Platform strategy will be best prepared for the next AI-driven zero-day threat. All signs show that these threats are coming faster than ever.
The organizations that will withstand the next wave of infrastructure threats are those that stop waiting for maintenance windows and start defending at the speed of machines.
Source: Cisco Unveils Agentic Platform for Operating and Defending Critical IT Infrastructure
