Analyst(s): Fernando Montenegro
Publication Date: June 8, 2026

What is Covered in This Article:

• Cisco Cloud Control enters controlled availability as a unified agentic operations platform spanning the full Cisco portfolio, with a 50-plus partner marketplace and Codex integration on day one.
• The post-Mythos environment reshapes Cisco’s defensive architecture, from Live Protect’s runtime compensating controls to the Hybrid Mesh Firewall’s exploit containment model.
• Silicon One G300 and P200 anchor Cisco’s networking supercycle argument, addressing scale-out and scale-across infrastructure demands for the agentic era.
• Agentic security moves from concept to architecture, with Zero Trust reframed from access control to action control and a near-term roadmap for non-human identity, agent observability, and enforcement.
• Cisco IQ makes the case that shared environmental context may matter as much as new technology as organizations navigate the orchestration demands of agentic AI.

The Event—Major Themes & Vendor Moves: Cisco Live 2026 ran last week at the Mandalay Bay Convention Center in Las Vegas, drawing more than 20,000 attendees from over 75 countries alongside a free global broadcast that required no registration. The conference arrived on the back of a record financial quarter: Cisco reported $15.8 billion in Q3 revenue, up 12% year-over-year, with full-year AI infrastructure order guidance raised to $9 billion and the company’s market capitalization crossing the half-trillion-dollar mark in the weeks prior. The week’s tone was less about announcing a direction and more about demonstrating one already underway.

Cisco Chairman and CEO Chuck Robbins and President and CPO Jeetu Patel led both days of keynotes; Liz Centoni, EVP and Chief Customer Experience Officer, headlined the customer experience and services session on Day 2. Robbins opened with Mythos, Anthropic’s frontier security-focused model, named explicitly as a CEO-level forcing function reshaping how enterprises think about infrastructure risk. He introduced the event’s three strategic pillars as they appeared on screen: AI-Ready Data Centers, Future-Proofed Workplaces, and Digital Resilience, connected by Secure Global Connectivity and accelerated by Cisco AI.

Patel’s sessions were organized around a single architectural claim, “platform advantage through a co-designed full stack,” depicted as six layers from Silicon and optics through Network, Compute, Data, and Model up to Applications and agents, with Observability and Security spanning the full structure. Customer guests from Starbucks, AMD, and others grounded the messaging in enterprise implementation reality.

The headline launch was undeniably Cisco Cloud Control, entering controlled availability in the United States. The platform brings Meraki, Catalyst, Nexus, Security Cloud Control, Intersight, Splunk, and Webex Control Hub under a single interface with unified sign-on and a natural-language AI canvas. A scripted live demo traced the prompt “Why isn’t Jeetu’s phone connecting to the network?” through networking, security, and firewall domains to a root cause, a missing OSPF route exchange, completing in well under a minute without leaving the platform.

Cloud Control launched with more than 50 marketplace partners on day one. Cloud Control Studio, which embeds Codex for custom agent and application building, is targeted for late 2026. The AgenticOps model that Cloud Control enables rests on three capabilities: cross-domain telemetry, purpose-built models, and trusted agents.

On the infrastructure side, Cisco introduced the Silicon One G300, running at roughly 100 terabits per second on a 3nm process node with around 250 billion transistors, for scale-out AI cluster networking, and the Silicon One P200 for scale-across connectivity, enabling geographically separated data centers to operate as a single logical compute unit via coherent optics. G300-based systems, the Cisco N9300 for enterprise and the Cisco 8100 for hyperscalers, are targeted for Q4 2026 availability. The campus and branch hardware refresh, described as the largest in Cisco history, was anchored by the new Catalyst 9550 core switch. The Cisco Secure AI Factory with Nvidia and full Spectrum-X integration was confirmed as shipping.

Network security announcements were organized around the frame “fusing security into the network,” with two operational pillars for the post-Mythos environment. The first is vulnerability shielding via Live Protect, which deploys runtime compensating controls without device reboots, available now on N9000 switches with broader support coming. The second is exploit containment via the Hybrid Mesh Firewall, which combines identity services, firewalls, smart switches, and Hypershield agents to stop lateral movement. Cisco’s argument is that Mythos has compressed the window from vulnerability announcement to active exploit from months to minutes, a claim that, if it holds at enterprise scale, makes patch-cycle-only strategies operationally inviable.

The agentic security stack received its own set of announcements. AI Defense now offers three more capabilities: adaptive testing and guardrails, security for agentic supply chains, and support for any agent platform. DefenseClaw, an open-source harness that integrates with OpenClaw, Claude Code, and Codex, recently launched and has grown to roughly 4,000 GitHub stars.

On the keynote stage, Zero Trust was formally reframed: from access control, proving identity and trusting the user, to action control, verifying behavior and controlling the agent. The pending acquisition of Astrix Security addresses non-human identity. The Galileo Technologies acquisition, which closed the week of the event, anchors Splunk agent observability with behavioral evaluation, performance monitoring, and guardrail enforcement.

Liz Centoni’s keynote positioned Cisco IQ as the delivery vehicle for Cisco’s support and professional services, fully integrated into Cloud Control. The platform reached around 2,000 customers in five weeks, with most onboarding without assistance. Its core value proposition is real-time, always-current visibility into hardware, software, and cryptographic assets, replacing what Centoni described as the spreadsheet-based guesswork that characterizes most enterprise environments today.

Four additions are coming in July: quantum readiness assessments, on-premise air-gap deployment, peer benchmarking, and Resilient Infrastructure Services for the Mythos era, available within standard and signature support tiers.

Cisco Live 2026: Platform, Silicon, and Security for the Agentic Era

Analyst Take: Cisco Live 2026 was a different kind of event from most vendor conferences. The announcements were substantive, the demos were working software, and the financial backdrop, a record revenue quarter, surging AI orders, and a market cap that has roughly doubled in two years, gave the messaging a credibility that roadmap-heavy events rarely achieve. As with any ambitious platform story, the distance between what was shown on stage and what lands in production environments will vary by organization, and some of the most useful signals came from the conversations and briefings that happened away from the main stage. That is where this note focuses.

Does Cloud Control close the platform argument?

The central claim of Cisco Live 2026 is that Cisco has completed its transformation from a collection of products into a fully integrated platform. Cloud Control is the evidence offered. By any reasonable measure, it is impressive: a single interface spanning Meraki, Catalyst, Nexus, Splunk, Intersight, and Webex Control Hub, with a natural-language canvas, cross-domain troubleshooting, and an open marketplace. The live demo was scripted, as all keynote demos are, but it was not smoke and mirrors. The root cause analysis traced a real networking and firewall failure across domains in a single workflow, which would have taken hours by conventional means.

The platform direction is also well-timed. Futurum’s 1H 2026 Cybersecurity Decision Maker Survey found that vendor consolidation intent has clearly outpaced expansion intent for the first time in the series, with 42% of organizations planning to reduce their vendor count, up more than seven points from the prior period. Integration with existing tools ranked second-highest among vendor selection factors at 29%, and improved integration was the leading driver of consolidation decisions. Buyers are telling vendors, in plain terms, that they want fewer tools that work better together.

Where Cloud Control will face scrutiny, particularly for security use cases, is in the composition of its launch marketplace. The 50-plus partners span IT service management, identity, infrastructure, and AI-native platforms, and several well-known names in network monitoring and security operations are represented. What is notably absent is deep integration with the broader security vendor ecosystem that most large enterprises already run alongside Cisco infrastructure. Cisco has opened the marketplace and made the integration model accessible, and the expectation is that the partner list will grow. But for organizations with significant non-Cisco security investments, the platform story today is more complete in some domains than others. That gap is worth tracking over the next several quarters.

On naming, “Cloud Control” drew candid reactions from practitioners at the event, with some noting that it reads as narrower than what the product actually does. It is a reasonable observation, and one Cisco may revisit as the platform matures. What matters more is whether the underlying capabilities earn adoption, and the early signal there is encouraging.

The Mythos moment: durable architecture, not a single model

Mythos was cited in almost every session across two days, partly because of its genuine technical significance and partly because of effective messaging discipline. It is worth acknowledging that Mythos arrived with almost perfect timing as a cultural artifact: a phenomenally named frontier model, operating at the intersection of AI and cybersecurity, two domains that generate more organizational anxiety than almost any others. The name alone did considerable work at this event, and separating the signal from the atmosphere requires some effort.

The more precise framing is this: Mythos is a frontier model with particular strength in code analysis and vulnerability research. Project Glasswing gave Cisco early access to it, and that access enabled Cisco to run it against its own codebase at a scale: nearly 2 billion lines of code across 50 products in a timeframe that would not have been operationally feasible before. That is what Glasswing was designed to enable: a trusted environment where infrastructure vendors could apply frontier AI capabilities to their own defensive posture before broader availability. Different model architectures will prove more suited to different security use cases, and Cisco has been explicit that its approach is harness-first and model-agnostic. Foundry Security Spec, Code Guard, and DefenseClaw are all open-sourced and designed to run against whatever frontier capability is most appropriate for a given task. That is the durable investment, and the roughly 4,000 GitHub stars at launch suggest the security community recognizes it.

Live Protect deserves particular attention in this context. Deploying runtime compensating controls without reboots addresses a real operational constraint: most organizations take 40 or more days to complete a patch cycle, and the expectation is that Mythos-class models can compress the time from vulnerability disclosure to active exploit, making that gap increasingly dangerous. Live Protect bridges it. The nuance worth noting is that Live Protect currently applies to Cisco’s own network infrastructure, which is precisely where Cisco’s visibility and control are deepest. The broader question, how Cisco’s defensive capabilities extend to the non-Cisco components that coexist in most enterprise environments, is one the company will need to answer convincingly as the platform story matures. It is not a criticism so much as the natural next question for any vendor whose security narrative is built partly on the strength of its own installed base.

The networking supercycle is real, but the timeline is nuanced

Cisco’s supercycle framing is well supported by the data points available. The claim that agentic workloads generate roughly 450% more network traffic than humans performing equivalent tasks is a Cisco-sourced figure, but it is directionally consistent with what the infrastructure sessions described: front-end to back-end network ratios shifting from roughly 10:1 toward 4:1 as agentic workloads grow, a new category of desk-side computing emerging as enterprises deploy local agent fleets, and service providers seeing genuine demand increases that are beginning to show up in capital spending. The silicon announcements are technically substantive. The G300 at roughly 100 terabits per second on a 3nm process node is a meaningful step forward for scale-out AI cluster networking, and the P200’s scale-across capability, enabling geographically separated data centers to operate as a single logical compute unit, addresses an infrastructure pattern that hyperscalers are already deploying at scale and that enterprises will need to understand.

The Nvidia partnership is a meaningful part of this picture. Cisco switches are now fully integrated into the Nvidia Spectrum-X architecture, and the Cisco Secure AI Factory with Nvidia provides a validated, full-stack reference architecture for enterprise AI infrastructure. The partnership is genuine and commercially significant. It also coexists with areas where the two companies’ roadmaps will naturally overlap, particularly as Nvidia continues to expand its own networking capabilities. Cisco’s position, as a neutral infrastructure provider committed to customer choice and open ecosystems, is the right framing for navigating that dynamic, and the Silicon One portfolio gives it a credible independent silicon story to stand on.

The caveat worth noting is one of timing. G300-based systems target Q4 2026 availability. The campus and branch refresh, while described as the largest in Cisco history, is still in early stages. For organizations evaluating infrastructure investment decisions, the supercycle is not a future projection so much as a wave that is already forming. Those who use the next 12 to 18 months to assess their network readiness for agentic workloads, particularly across campus and branch environments that were not designed with this traffic profile in mind, are likely to find themselves with more options and more lead time than those who wait for the demand to become impossible to ignore.

Agentic security: a strong foundation, with more to come

To us, the reframe from access control to action control is the week’s most important, if underrated, conceptual contribution. It is also a reframe that the industry as a whole has not yet operationalized, and Cisco is further along than most in at least naming the problem correctly and building toward an answer. The non-human identity work via the pending Astrix Security acquisition, the agent observability architecture via Galileo, and the DefenseClaw harness collectively represent a coherent security approach for this agentic era. The Zero Trust evolution slide, showing the explicit transition from “prove identity, trust the user” to “verify behavior, control the agent,” was one of the cleaner pieces of conceptual work shown at the event.

Several components of the agentic security stack are still maturing, which is not surprising given how recently the problem space itself crystallized. Better MCP gateway and LLM gateway capabilities are on the near-term roadmap. The semantic enforcement challenge, determining the intent of an agent action rather than simply its source, destination, and protocol, is a fundamentally harder problem than traditional policy enforcement, and one that remains open across the industry. Cisco’s combination of AI Defense, the AI gateway work in Secure Access, and Galileo’s behavioral evaluation capabilities points in the right direction. The question for buyers is less whether the architecture is sound and more which components are available now versus which require patience.

The marketplace observation from the Cloud Control section applies here as well. An agentic security architecture that deeply covers Cisco infrastructure but selectively integrates with the broader security ecosystem is a partial architecture for the typical enterprise environment. Futurum’s 1H 2026 Cybersecurity Decision Maker Survey found that integration with existing tools ranked as the second-highest vendor selection factor at 29%, and that non-human identity compromise emerged as a notable new concern, with 13.5% of respondents citing it as a top-three threat, a category that did not exist in this form in the prior survey period. That data point aligns almost exactly with what Cisco is building toward. The timing is right; the execution completeness will determine how much of that opportunity Cisco captures versus the point specialists who are also moving quickly in this space.

Cisco IQ and the orchestration argument

The pace of operations in this agentic era places a premium on something that rarely gets its own headline: knowing precisely what you have. An enterprise that cannot maintain accurate, always-current visibility into its hardware, software, and cryptographic assets cannot effectively deploy agents, cannot prioritize intelligent vulnerability remediation, and cannot build the operational context that makes AI genuinely useful rather than merely expensive. As organizations invest in new agentic capabilities, the returns on those investments will increasingly depend on a shared, accurate understanding of the environment in which those capabilities operate. Cisco IQ is positioned to provide exactly that, with the caveat that it focuses on Cisco offerings rather than third-party technologies.

The roughly 2,000-customer onboarding figure in five weeks is notable less as a growth metric and more as a signal that enterprises recognize the gap it fills. Centoni’s framing, that the era of guesswork is over, points toward something larger than a support tool refresh. It points toward a services model in which Cisco’s decades of installed base knowledge becomes a compounding advantage difficult to replicate from outside the network. Pure-play software vendors can build observability dashboards. They cannot easily replicate four decades of presence inside enterprise network infrastructure, nor the contextual understanding of how that infrastructure behaves under real operating conditions.

The integration of Cisco IQ into Cloud Control is also worth noting as a structural decision rather than a product convenience. By making asset visibility, lifecycle management, and support context available within the same interface as network operations and security, Cisco is collapsing a workflow that has historically required multiple systems and multiple handoffs. For organizations that have accepted the friction of that fragmentation as unavoidable, the combined offering represents a meaningful operational simplification. Whether that simplification translates into faster response times, better patch prioritization, and more confident infrastructure decisions will depend on adoption depth, but the architecture for it is now in place.

Tokenomics and the trust deficit

Tokenomics emerged at this event as one of the more consequential emerging concepts in enterprise AI, and not in the abstract. Token spend at enterprise scale, depending on adoption depth, could run into hundreds of millions of dollars annually per large organization. That is a budget line that did not exist two years ago and that most finance teams have not yet modeled. The conversation about AI value realization is beginning to shift from “what can agents do?” toward “what do agents cost, and is that cost justified by the outcomes?”

Cisco is well-positioned to address both sides of the resulting problem. The cost visibility side is addressed through Galileo and Cloud Control’s token monitoring, which gives operators a view of which agents are consuming tokens, at what rate, and whether that consumption is producing intended outcomes. The trust side is addressed through behavioral guardrails and the graduated autonomy model demonstrated in the Day 2 operations demo, where operators can incrementally delegate specific categories of remediation to agents, building confidence through observed behavior rather than a binary trust decision.

The insight worth carrying forward is that these two problems are not independent. Enterprises that cannot observe and control agent behavior will not delegate meaningful work to agents, and enterprises that do not delegate meaningful work to agents will not generate the returns that justify the token spend. Cisco’s portfolio is structured to address the observability, trust, and cost dimensions together rather than sequentially, and that positioning matters more than it might appear on a feature comparison slide.

What to Watch:

• Does the Cloud Control marketplace grow to include the broader ecosystem partners? The launch partner list is strong, but broader ecosystem depth will determine how broadly the platform story lands in heterogeneous enterprise environments.
• How quickly does the agentic security enforcement stack mature? MCP gateway, LLM gateway, and semantic inspection capabilities are on the near-term roadmap; the pace of delivery will shape buyer confidence in the action-control architecture.
• Will Live Protect’s compensating control model expand across the infrastructure landscape? The compensating control approach addresses a real operational gap; how it evolves beyond Cisco infrastructure is worth tracking.
• How do enterprises navigate the tokenomics reckoning? Token spend is becoming a real and largely unmodeled budget line; how organizations instrument and govern that spend will influence agentic adoption trajectories.
• Does Cisco IQ become the shared environmental context layer that Centoni described? Early adoption is encouraging; whether the platform sustains that momentum and delivers on the asset visibility promise at scale remains to be seen.

For more information, see the Cisco Live 2026 event recap here.

Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.

Other Insights From Futurum:

Does Cisco Put an Astrix on the Agentic Identity Race?

Cisco To Acquire Galileo: AI Agent Observability Can’t Run at Human Speed

Is 2026 the Turning Point for Industrial-Scale Agentic AI?

Cisco Q3 FY 2026: AI Networking Momentum Drives Raised Outlook

Anthropic Glasswing: AI Vulnerability Detection Has Crossed a Threshold

Author Information

Fernando Montenegro

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.