Cisco Live 2026: Security Innovation Highlights and What WWT's Team Brought to Las Vegas
In this blog
Cisco Live 2026 landed in Las Vegas under the banner of "Leading the AI and Digital Revolution", and from the moment the show floor opened at Mandalay Bay, the theme was impossible to miss. World Wide Technology was on the ground in full force as a Premier-Level Sponsor on the World of Solutions floor and a Presenting Sponsor of the IT Leadership Program. We did not come just to witness the announcements, WWT showed up ready to help our clients understand what to do about the announcements and how they fit into the greater cybersecurity and AI ecosystem.
What WWT brought to Las Vegas
World Wide Technology came to Cisco Live 2026 as Cisco's number-one enterprise partner, a title that reflects not just deal volume but depth of collaboration in AI, security, networking, data center, and federal markets. Our team ran sessions, hosted conversations, and activated across the show floor all week. Here are some highlights of what we were up to.
Kicking it off with the NVIDIA live stream
The week started Sunday evening at Flanker Kitchen and Sports Bar at the Shoppes at Mandalay Bay, where WWT co-hosted a kickoff event with NVIDIA and Cisco. The highlight: a live stream of NVIDIA CEO Jensen Huang's GTC Taipei keynote, a fitting start to a week centered on AI at scale. It set the tone for what followed across the show floor.
World of Solutions: proving AI before you deploy it
Our booth was built around a single idea: you prove it before you trust it. The centerpiece was the AI Proving Ground putting green activation, where each hole on the course represented a stage of the AI deployment lifecycle: Ideation, Validation, Integration, and Deployment. The talking track: "You don't step onto the course without practicing your stroke. You shouldn't deploy AI without proving it first."
Alongside the green, WWT ran an AI Capture the Flag lab, a 72-hour solo on-demand challenge accessible via QR code from the booth welcome desk. WWT was also featured as a partner in NVIDIA's Partner Bingo, which drove significant additional engagement throughout the week, particularly during the Cisco Secure AI Factory theater session.
Mythos-ready infrastructure
On day 2, Robert Geis (Field CTO, Global Cyber) presented both a booth theater session on Mythos-Ready Infrastructure and a hosted interview that was broadcast live to all virtual Live attendees. The question every company CEO is now asking: what do we do about this new threat? The CISO and CIO are now feeling more pressure than ever - how to design and operate infrastructure that is resilient in an era where AI has collapsed the time between vulnerability and exploit?
Robert shared WWT's 12 point mythos response framework as a guide to address the threat strategically, practically and with urgency. Additionally, WWT is offering a response service to ignite the response framework and accelerate action to address mythos and other frontier AI model threats.
The Cisco announcements this week included Live Protect, Hybrid Mesh Firewall, Cloud Control, Cloud IQ that provides innovation that can be turned into action with WWT's response services and mythos response framework.
Securing AI at scale: the ARMOR framework
Jillian Anderson-Nix (AI Security Strategist) presented WWT's AI Readiness Model for Operational Resilience (ARMOR) framework at a World of Solutions session in the Solutions Village 1 Theatre, turning the framework into something clients could see applied directly to their own environments. ARMOR addresses AI security across six domains: Governance, Risk and Compliance; Secure AI Operations; Model Protection; Secure Development Lifecycle; Infrastructure Security; and Data Protection.
Operationalizing ARMOR and Cisco frameworks for AI resilience
The framework was also center stage in the IT Leadership Program, where Istvan Berko (Global Head of AI Security and Cyber Innovation) delivered a joint session with Amy Chang, Head of AI Threat Intelligence and Security Research at Cisco, titled Securing AI at Scale: Operationalizing ARMOR and Cisco Frameworks for AI Resilience (ITLGEN-2023).
The talk showed how each ARMOR domain maps cleanly onto Cisco's Secure AI Factory and SAIF, with one message landing throughout: we're not asking clients to assemble a second security stack, we're operationalizing the one they're already deploying. Grounded in Cisco's latest threat research and ARMOR's real world application at Texas A&M University System SuperPOD deployment, the session closed with three actions teams could take Monday morning, starting with treating agent configuration, the memory files, hooks, MCP servers, and skills directories, as a genuine trust boundary.
The framework resonates directly with what Cisco announced this week. AI Defense, DefenseClaw, Zero Trust for Agents, and Cloud Control all map cleanly to ARMOR domains, and WWT's validated Cisco Secure AI Factory deployments give clients a tested path from framework to production.
Building a trusted agent
Jon Duren, Practice Manager for AI and Data Solutions, co-presented with NVIDIA's Sam Pastoriza on Monday in the Building a Trusted Agent with NVIDIA NemoClaw session. The session walked through WWT's hands-on lab work with autonomous agent deployment, the design choices that separate an agent that impresses in a demo from one that is trustworthy in production.
The AI Proving Ground Podcast, live from the show floor
WWT's AI Proving Ground Podcast recorded five episodes live from the showroom floor across the week, featuring guests from Cisco, NVIDIA, NetApp, Everpure, and WWT executive leadership. Topics spanned AI infrastructure and networking, AI-native software engineering, agentic operations, and data intelligence as the path to production AI. Subscribe to catch all episodes as they become available.
AIPG - Operationalizing secure AI
On Thursday morning, Brian Feldt and Istvan Berko joined Vikram Varakantam (Portfolio Owner, AI Defense at Cisco) and Trevor Caulder (Principal Technologist at NVIDIA) on the AI Proving Ground Podcast stage for a live recording on operationalizing secure AI, covering what it takes to move AI from experimentation to production with the governance and security controls that make the difference between a demo and a deployment that works at 2am without a human watching.
Bringing clients into the conversation
Beyond the show floor sessions, WWT hosted an executive reception on Monday evening at Apex 64 on the 64th floor of Mandalay Bay, a gathering of C-suite and VP-level clients and partners to discuss what the week's announcements mean for their organizations. The SLED team hosted a separate customer reception at Flight Club for state, local, and education clients. The energy from both events confirmed what the show floor showed all week: clients are not asking whether to invest in AI-era infrastructure and security. They are asking how to do it right.
Cisco's top 3 security imperatives
Cisco's security narrative this year centered on three imperatives:
- Harden infrastructure and eliminate the vulnerability-to-patch gap;
- Govern the AI agents now flooding into enterprise environments; and
- Put AI to work for defenders so they can match the speed of modern attacks.
Every major security announcement this week maps back to one of those three ideas. And every one of those ideas had a corresponding use case based on Mythos response, a fitting focus considering the global attention since April on the disruptive threat from frontier AI models.
Here is why it matters.
Going shields up in the agentic era
The framing Cisco used throughout the week, "Shields Up," is more than a slogan. It reflects a genuine shift in the threat landscape. The Mythos moment demonstrated how frontier AI models can dramatically compress the time between vulnerability discovery and active exploitation. What used to take a skilled attacker days or weeks now takes hours or less. Defenders who are still operating on patch cycles measured in weeks are operating with a structural disadvantage.
Cisco's response is to embed security directly into the network, infrastructure, and operating model, so that protection does not depend entirely on human reaction speed. The announcements this week put that philosophy into practice across multiple fronts.
Cisco Cloud Control: a single pane of glass for the agentic enterprise
The headline platform announcement of the week was Cisco Cloud Control, a unified environment where humans and AI agents can manage, monitor, and defend IT infrastructure from one place. With a single login, Cloud Control brings together networking, security, compute, observability, and identity in a shared data layer, with consistent governance and people staying in control.
What makes this more than a dashboard consolidation story is the integration depth. Cloud Control connects to more than 50 third-party tools via native connectors or MCP (Model Context Protocol), which means the agents and analysts working inside it have the cross-domain telemetry they need to understand what is actually happening, not just what each silo reports in isolation.
This is the platform layer that makes Cisco's AgenticOps model real. Security investigations that previously required context-switching across multiple consoles can now be handled in a unified environment where AI agents assist with correlation, recommended actions, and policy changes. Identity is now integrated as a cross-domain anchor for security response, because so many security responses start with understanding who or what is taking action.
Live Protect: operators can now buy time for patching
One of the most practically impactful announcements this week was the general availability of Live Protect on the Cisco Nexus 9000 series. This is a capability WWT has been watching closely, and its Generally Available status is genuinely exciting.
The problem Live Protect solves is one that every infrastructure and security team knows well. When a critical vulnerability is disclosed, the permanent fix requires a patch cycle: testing, change control, maintenance windows, coordination across teams. In a high-velocity threat environment, that process takes time an organization may not have. Live Protect inserts Cisco-validated runtime protections immediately, closing exposure while the permanent remediation proceeds through its normal workflow. No reboots required. No disruption to operations.
Cisco also announced a new red-teaming partnership with Armadin, an AI-native offensive cybersecurity firm, to validate Live Protect shields against real-world exploit techniques. That partnership matters, because it means the runtime protections are being stress-tested against the kinds of attacks they are designed to stop. Expansion to campus and branch smart switches is planned for summer 2026, followed by secure routers later in the year.
Hybrid Mesh Firewall: unified policy enforcement across a heterogeneous estate
Hybrid environments are a security reality, not a choice. Most enterprises operate a mix of Cisco and third-party firewalls, and maintaining consistent policy across that estate has historically required significant manual effort or accepting policy drift.
The Hybrid Mesh Firewall announcement addresses this directly. The new Mesh Policy Engine allows customers to define a single intent-based policy that is enforced consistently across Cisco and third-party firewalls, implemented through Cisco's Cloud Control management platform. The result is a zero-trust security fabric that follows workloads across network, cloud, and branch, limiting blast radius when something goes wrong.
The integration with Splunk Enterprise Security brings firewall intelligence, workload context, and security analytics together in one environment, so security teams can detect anomalies, investigate events, and respond without losing time reconstructing context from disconnected systems.
Agentic security: governing AI agents as enterprise workers
The shift Cisco has been building toward over the past year accelerated significantly this week. AI agents are no longer just interfaces to generative AI, they are actors. They use tools, call APIs, access systems, move data, and trigger workflows. The OpenClaw moment made this concrete: powerful local agents were operating inside enterprise environments before enterprise controls had fully caught up.
The urgency shows up in the data. In Cisco's own session on securing the agentic workforce, 85% of organizations are experimenting with or adopting agents, but only 5% have reached broad production, held back by concerns over access control, data exfiltration, and autonomy. Closing that trust gap is exactly the problem our clients are wrestling with. Cisco's response spans three areas.
AI Defense extended
Cisco AI Defense got meaningfully expanded this week with customer-specific security tests and guardrails, automated supply chain risk checks across the full agent lifecycle, and broader environment coverage. For organizations building their own agents, this gives them a structured way to discover, red-team, and protect agents before they go into production.
Zero trust for agents
For agents that organizations are adopting, tools like Claude Code, OpenAI Codex, and similar local agents, the controls now extend through two key mechanisms. Duo identity management brings agentic identity into the same framework as human identity, while enforcement through MCP in Cisco Secure Access SSE constrains what agents can actually do. Cisco extended Secure Access this week to enforce controls across more of the agent workflow chain, including agents that access data and act through APIs directly. Multi-turn LLM controls were also added, so security teams can evaluate the reasoning chain between agent and model as it unfolds. The shift is from access control for people to action control for agents.
DefenseClaw goes enterprise-ready
DefenseClaw, released as open source at RSAC to help detect threats from local agents, is now integrated into Cisco Secure Client. That puts agent protection into a platform organizations already use for visibility, posture, and trusted access, and connects local agent protection directly to Secure Access SSE for traffic inspection and enforcement. The bridge from protecting agents from the world to protecting the world from agents is now a single, managed surface. The community response speaks to the need: the open-source project picked up more than 500 GitHub stars in its first three weeks.
Astrix Security acquisition: tackling non-human identity at scale
Cisco announced a pending acquisition of Astrix Security, addressing one of the most underappreciated attack surfaces in modern enterprises: non-human identities. API keys, service accounts, OAuth tokens, and similar credentials often proliferate without governance, outlive their intended scope, and become a persistent entry point for attackers.
Astrix's technology discovers, governs, and secures these non-human identities at scale. Integration with Cisco Identity Intelligence, Secure Access, and Duo means non-human identity governance becomes part of the same fabric as human identity, not a separate, manually managed gap.
Expanded Talos Proactive Threat Hunting: finding what lives between alerts
Alert volume is not the problem most security teams face. The harder problem is the threat activity that does not generate an alert: adversaries who have established persistence, are moving laterally, or are staging for an attack using techniques that individually look unremarkable.
Cisco's expanded Talos Proactive Threat Hunting service uses telemetry across endpoint, firewall, and identity to surface threat actor activity that lives between alerts, the kind of activity that requires human expertise and cross-domain correlation to identify. For teams that are stretched thin or lack dedicated threat hunters, this is a meaningful addition to the defensive stack.
Quantum readiness: preparing for harvest-now, decrypt-later
Quantum computing's threat to current cryptography is a matter of timeline, not theory. Harvest-now, decrypt-later attacks are already a concern for organizations handling sensitive long-lived data. Cisco's Quantum Ready Assessments, available through Cisco IQ, identify the specific assets and data flows most exposed to this risk. The Quantum Resilience Framework provides a structured path to post-quantum cryptography planning. Global availability is planned for July 2026.
WWT has been building our quantum readiness advisory practice, and we see this announcement as a strong complement to the assessments we are already conducting with clients. If you have not yet started a quantum readiness conversation, now is the right time.
What comes next
Cisco Live 2026 confirmed something WWT has been telling clients for the past year: the security challenge of the agentic era is not a future problem to prepare for. It is a present problem to address now. AI has compressed the attack timeline, agents are already operating inside enterprise environments, and non-human identity is already a significant attack surface.
The good news is that Cisco's announcements this week give organizations practical tools to respond, not promises of future capability. Live Protect is generally available. DefenseClaw is in Secure Client. AI Defense has been extended. Cloud Control is shipping. Quantum assessments are available through Cisco IQ today.
WWT's role is to take these capabilities from announcement to deployed, validated, and governed production environments. Our Advanced Technology Center and AI Proving Ground exist to test these architectures against real enterprise constraints before you commit to them. We are the number-one Cisco partner for a reason, and this week showed it. If you want to work through what any of these announcements mean for your environment, your WWT team is ready.