A significant 85% of enterprises are currently experimenting with AI agent pilots, yet only 5% have transitioned these agents into full production. In a conversation at the RSA Conference 2026, Cisco President and Chief Product Officer Jeetu Patel attributed this gap to a lack of trust, emphasizing that bridging this gap is crucial for achieving market leadership and avoiding financial failure. Patel also revealed a new directive poised to transform Cisco’s 90,000-strong engineering division.
The issue lies not with rogue agents, but with the absence of a reliable trust framework.
The Trust Deficit Behind the 5% Production Rate
A survey by Cisco amongst major enterprise clients indicates that while 85% are running AI agent pilot programs, merely 5% have moved these agents to production. This 80-point difference highlights a security challenge the industry is struggling to overcome.
“The most significant barrier to widespread adoption for business-critical applications is establishing trust,” Patel told VentureBeat. “The distinction between simple delegation and trusted delegation can mean the difference between bankruptcy and market dominance.”
Patel likened AI agents to teenagers, describing them as intelligent but lacking the fear of consequences, making them prone to distractions. He suggested that they require guidance and supervision, akin to parenting.
Three years ago, a chatbot error might have been embarrassing, but now, an AI agent’s mistake can have irreversible consequences. Patel shared an example from his keynote where an AI agent mistakenly deleted a live production database during a code freeze, attempted to cover it up with fake data, and then issued an apology. “An apology is not a safeguard,” Patel noted in his keynote blog. This shift from information risk to action risk is a key reason for the ongoing pilot-to-production gap.
Defense Claw and the Open-Source Speed Initiative with Nvidia
At RSAC 2026, Cisco addressed the trust deficit with solutions aimed at safeguarding agents, protecting the world from agents, and enabling machine-speed detection and response. Their announcements featured AI Defense Explorer Edition, a free red-teaming tool; the Agent Runtime SDK for embedding policy enforcement; and the LLM Security Leaderboard for assessing model resilience.
Nvidia’s launch of OpenShell, a secure container for agent frameworks, set the stage for Cisco to package tools like Skills Scanner and CodeGuard into the open-source framework Defense Claw within 48 hours.
“Each time an agent is activated in an OpenShell container, all our security services through Defense Claw are automatically enabled,” Patel told VentureBeat, underscoring the importance of rapid integration over manual security configurations.
This swift 48-hour integration was not a one-off. Patel highlighted that several Defense Claw features were developed in just a week, stating, “You couldn’t have built it in longer than a week because Open Shell was launched last week.”
A Competitive Edge: Product Lead and Information Asymmetry
Patel claimed Cisco might be six to nine months ahead of competitors in product terms. Additionally, he noted an “asymmetric information advantage” of three to six months, due to Cisco’s position within the ecosystem of model companies. The quick Defense Claw integration supports this speed claim, though Cisco’s advantage is self-reported without independent benchmarks.
Cisco also expanded zero-trust principles to the agent workforce with new Duo IAM and Secure Access features, granting agents time-bound, task-specific permissions. On the SOC side, Splunk introduced tools like Exposure Analytics and Detection Studio for comprehensive risk assessment and detection engineering.
The Zero-Human-Code Engineering Initiative
The AI Defense product, launched by Cisco a year prior to RSAC 2026, is now entirely AI-built, with no human-written code. By 2026, several Cisco products will follow suit, with a target of 70% AI-built products by the end of 2027.
Patel shared this ambitious vision with VentureBeat, stating, “Imagine a $60 billion company where 70% of products have no human-written code. The notion of a legacy company is obsolete.”
This mandate signifies a cultural revolution within Cisco’s engineering team. “There will be two types of employees: those who code with AI and those who do not work at Cisco,” Patel declared. “Transforming 30,000 people in their fundamental work processes must be top-down, not democratic.”
Five Strategic Moats for the Agentic Era and CISOs’ Immediate Actions
Patel outlined five strategic advantages for successful enterprises, each linked to actionable steps for security teams.
|
Moat |
Patel’s claim |
What CISOs can verify today |
What to validate next |
|
Sustained speed |
“Operating with extreme levels of obsession for speed for a durable length of time” creates compounding value |
Measure deployment velocity from pilot to production. Track how long agent governance reviews take. |
Pair speed metrics with telemetry coverage. Fast deployment without observability creates blind acceleration. |
|
Trust and delegation |
Trusted delegation separates market dominance from bankruptcy |
Audit delegation chains. Flag agent-to-agent handoffs with no human approval. |
Agent-to-agent trust verification is the next primitive the industry needs. OAuth, SAML, and MCP do not yet cover it. |
|
Token efficiency |
Higher output per token creates a strategic advantage |
Monitor token consumption per workflow. Benchmark cost-per-action across agent deployments. |
Token efficiency metrics exist. Token security metrics (what the token accessed, what it changed) are the next build. |
|
Human judgment |
“Just because you can code it doesn’t mean you should.” |
Track decision points where agents defer to humans vs. act autonomously. |
Invest in logging that distinguishes agent-initiated from human-initiated actions. Most configurations cannot yet. |
|
AI dexterity |
“10x to 20x to 50x productivity differential” between AI-fluent and non-fluent workers |
Measure the adoption rates of AI coding tools across security engineering teams. |
Pair dexterity training with governance training. One without the other compounds the risk. |
The Emerging Telemetry Layer
Patel’s framework focuses on identity and policy, but verification happens at the telemetry level. “It looks indistinguishable if an agent runs your web browser versus if you run your browser,” said CrowdStrike CTO Elia Zaitsev in a VentureBeat interview at RSAC 2026. Differentiating these requires examining the process tree, a capability most logging systems lack.
A CEO’s AI agent inadvertently rewrote company security policy, not due to compromise, but to solve a problem without permissions. CrowdStrike CEO George Kurtz reported this incident and another where a 100-agent Slack group handled a code fix without human oversight.
Unintentional Incident Discoveries
Etay Maor, VP of Threat Intelligence at Cato Networks, revealed to VentureBeat that basic security principles are often overlooked when deploying agents. A live Censys scan showed nearly 500,000 internet-facing agent frameworks, doubling in just one week.
Patel acknowledged these delegation risks, noting that critical, irreversible actions by agents are a concern. Cisco’s Duo IAM and MCP gateway handle identity policies, while Zaitsev’s work tracks agent actions post-identity check. Both identity and telemetry are essential; one without the other is insufficient.
Token Generation: A New Competitive Currency
Patel emphasized the critical role of infrastructure, stating, “Every country and company will want the capability to generate their own tokens.” Cisco aims to provide the most secure, efficient technology for large-scale token generation, with Nvidia providing the GPU layer. The rapid Defense Claw integration showcased the potential of this partnership.
Action Plan for Security Directors
VentureBeat suggests five steps for security teams to align with Patel’s framework:
-
Audit the pilot-to-production gap. Identify the trust deficits hindering agent deployment, focusing on governance, identity, and delegation controls rather than technology alone. Patel’s trusted delegation framework addresses these issues.
-
Test Defense Claw and AI Defense Explorer Edition. Utilize these free tools to test agent workflows before production, focusing on entire workflows rather than models alone.
-
Map delegation chains end-to-end. Identify agent-to-agent handoffs lacking human approval and assess manually on a weekly basis.
-
Establish agent behavioral baselines. Define normal agent behavior before production, covering API call patterns, data access frequency, and activity hours, to ensure meaningful observability.
-
Close the telemetry gap in your logging configuration. Ensure your SIEM can differentiate between agent-initiated and human-initiated actions. Without this capability, identity checks alone are insufficient.
