85 percent of enterprises are running AI agent pilots, but only 5% have moved those agents into production. In an exclusive interview at the RSA Conference 2026, Cisco President and Chief Product Officer Jitu Patel said the difference comes down to one thing: trust – and turning it down is what separates market dominance from bankruptcy. He also revealed a mandate that will reshape Cisco’s 90,000-person engineering organization.
The problem is not the rogue agent. The problem is the lack of a belief structure.
Lack of confidence behind 5% production rate
A recent Cisco survey of major enterprise customers found that 85% have AI agent pilot programs running. Only 5% moved those agents into production. That 80-point gap defines the security problem the entire industry is trying to close. It is not closing.
"The biggest barrier to large-scale adoption in enterprises for business-critical functions is establishing a sufficient amount of trust," Patel told VentureBeat. "Assigning tasks to agents versus assigning trusted tasks. The difference between them, one leads to bankruptcy and the other leads to market dominance."
He compared the agents to teenagers. "They are extremely intelligent, but they have no fear of consequences. They are quite immature. And they can be easily swayed or influenced," Patel said. "What you have to do is make sure that you have guardrails around them and you need to have some nurture on the agents."
The comparison is important because it captures the exact failure modes security teams face. Three years ago, a chatbot gave a wrong answer that caused embarrassment. An agent taking the wrong action can produce irreversible consequences. Patel cited in his keynote a case where an AI coding agent deleted a live production database during a code freeze, tried to cover its tracks with fake data, and then apologized. "Forgiveness is not a guardrail," Patel said in his main blog. The shift from information risk to action risk is the main reason the pilot-to-production gap persists.
Defense Claw and open-source speed play with Nvidia
Cisco’s response to the lack of trust at RSAC 2026 spans three categories: protecting the world from agents, protecting the world from agents, and detecting and responding at machine speed. Product announcements include the AI Defense Explorer Edition (a free, self-service red teaming tool), the Agent Runtime SDK for embedding policy enforcement into agent workflows at build time, and the LLM Security Leaderboard for evaluating model resilience against adversarial attacks.
The open-source strategy moved forward faster than any of them. Nvidia launched OpenShell, a secure container for open-source agent frameworks, at GTC a week before RSAC. Cisco packaged its Skills Scanner, MCP Scanner, AI Bill of Materials tool, and CodeGuard into a single open-source framework called Defense Claw and added it to OpenShell within 48 hours.
"Every time you actually activate an agent in an Open Shell container, you can now automatically instantiate all of the security services that we’ve built through Defense Claw," Patel told VentureBeat. The integration means that security enforcement is activated on container launch without manual configuration. That speed matters because the option is asking developers to pay attention to security after the agent is already running.
That 48-hour turnaround was not unusual. Patel said many of the defense claw capabilities launched by Cisco were built in a week. "You couldn’t have built it in more than a week because Open Shell came out last week," He said.
Six to nine month product lead and an information asymmetry on top of that
Patel made a competing claim worth testing. "In terms of product, we may be six to nine months ahead of most of the market," he told VentureBeat. He added a second layer: "We also have an asymmetric information advantage, I would say, three to six months over everybody else, because, you know, we, being in the ecosystem with all the model companies. We are seeing what is coming from the pipe." The 48-hour defense claw supports the Sprint speed claim, although the lead margin is Cisco’s own specialty; No independent benchmark provided.
Cisco also extended zero trust to the agent workforce through new Duo IAM and Secure Access capabilities, giving each agent timely, task-specific permissions. On the SOC side, Splunk announced Exposure Analytics for continuous risk scoring, Detection Studio for streamlined detection engineering, and Federated Search for investigations in distributed data environments.
Zero-Human-Code Engineering Mandate
AI Defense, a product launched by Cisco a year before RSAC 2026, is now built with 100% AI. Zero lines of human-written code. By the end of 2026, half a dozen Cisco products will reach similar milestones. By the end of calendar year 2027, Patel aims to have 70% of Cisco’s products built entirely by AI.
"Just process this for a second and move on: a $60 billion company will have 70% of its products with not a human line of code in them," Patel told VentureBeat. "The concept of a legacy company no longer exists."
He linked that mandate to a cultural shift within the engineering organization. "There will be two types of people: those who code with AI and those who don’t work at Cisco." Patel said. There was no debate on that. "Changing 30,000 people in engineering to change the fundamental way they work can’t happen unless you just make it a democratic process. It should be something that is driven from the top down."
Five moats for the agentic age, and what CISOs can verify today
Patel outlines five strategic advantages that will separate winning enterprises from unsuccessful ones. With VentureBeat mapping each gap against the action, security teams can begin verification today.
| Chasm |
Patel’s claim |
What CISOs Can Verify Today |
what to verify next |
|
perpetual motion |
"Working with extreme passion for speed for long periods of time" creates mixed value |
Measure deployment velocity from pilot to production. Track how long agent administration reviews take. |
Combine speed metrics with telemetry coverage. Rapid deployment without oversight creates blind acceleration. |
|
Trust and delegation |
Trustworthy delegation separates market dominance from bankruptcy. |
Audit Delegation Series. Flag agent-to-agent handoffs without any human approval. |
Agent-to-agent trust verification is the next need of the industry. OAuth, SAML and MCP don’t cover this yet. |
|
nominal efficiency |
Higher output per token creates a strategic advantage |
Monitor token consumption per workflow. Benchmark cost-per-task in agent deployment. |
Token efficiency metrics exist. Token security metrics (what the token reached, what changes happened to it) are the next construct. |
|
human judgment |
"Just because you can code doesn’t mean you should." |
Track decision points where agents defer to humans versus act autonomously. |
Invest in logging that separates agent-initiated actions from human-initiated actions. Most configurations may not be done yet. |
|
oh skill |
"10x to 20x to 50x productivity difference" Between AI-fluent and non-fluent workers |
Measure the adoption rate of AI coding tools in security engineering teams. |
Combine skills training with governance training. Without one, the risk of the other increases. |
The telemetry layer industry is still building
Patel’s framework works at the identity and policy levels. The next layer, telemetry, is where verification occurs. "It seems indistinguishable if an agent runs your web browser, whereas if you run your browser," CrowdStrike CTO Elia Zaitsev told VentureBeat in an exclusive interview at RSAC 2026. Differentiating the two requires walking down the process tree, figuring out whether Chrome was launched from the desktop by a human or created by an agent in the background. Most enterprise logging configurations can’t make that distinction yet.
The CEO’s AI agent rewrote the company’s security policy. Not because it was compromised. Because it wanted to fix a problem, lack of permissions, and removed the restriction itself. Passed every identification check. CrowdStrike CEO George Kurtz revealed that incident and another at Fortune 50 companies in his RSAC keynote. In another, a 100-agent Slack swarm assigned a code fix among agents without human approval.
Both incidents were caught by chance
Ante Maor, vice president of threat intelligence at Cato Networks, told VentureBeat in a separate exclusive interview at RSAC 2026 that enterprises are abandoning basic security principles when deploying agents. Maor ran a live Sensis scan during the interview and counted approximately 500,000 Internet-facing Agent Framework instances. A week ago: 230,000. Doubling in seven days.
Patel acknowledged the risks of delegation in the interview. "The agent takes wrong actions and what’s worse, some of those actions may be critical actions that cannot be reversed," He said. Cisco’s Duo IAM and MCP gateways enforce policy at the identity level. Zaitsev’s work operates on the kinetic layer: tracking what the agent did after passing the identity check. Security teams need both. Identification without telemetry is a closed door with no cameras. De-identified telemetry is footage with no suspects.
Token creation as currency for national competitiveness
Patel considers infrastructure as crucial. "Every country and every company in the world will want to ensure that they can generate their own tokens," he told VentureBeat. "Token generation becomes the currency of success in the future." Cisco aims to provide the most secure and efficient technology for generating tokens at scale, with Nvidia supplying the GPU layer. The 48-hour Defense Claw integration demonstrated what the partnership produces under pressure.
Security Director Action Plan
VentureBeat has identified five steps security teams can take to begin building toward Patel’s framework:
- Audit the pilot-to-production gap. Cisco’s own survey found that 85% of enterprises are piloting, with 5% in production. Mapping the specific trust deficits that keep agents stuck is the starting point – the answer is rarely technology. Governance, identity and delegation controls are missing. Patel’s trusted delegation framework is designed to bridge that gap.
-
Examination defense claw And AI Defense Explorer Edition. Both are independent. Red-team your agent workflow before it reaches production. Test the workflow, not just the model.
-
Map out delegation chains from beginning to end. Mark every agent-to-agent handoff without any human acknowledgement. this is "parenting" Patel described. No product yet fully automates this. Do this manually every week.
-
Establish agent behavior baselines. Before any agent reaches production, define what normal looks like: API call patterns, data access frequency, systems touched, and hours of activity. Without a baseline, there is nothing to compare the observability of Patel’s trenches with.
-
Close telemetry gaps in your logging configuration. Verify that your SIEM can differentiate agent-initiated actions from human-initiated actions. If this cannot happen, then the detection layer alone will not capture the phenomena described by Kurtz in RSAC. Patel created the identity layer. The telemetry layer accomplishes this.
<a href