惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
博客园 - 三生石上(FineUI控件)
S
Securelist
U
Unit 42
The Cloudflare Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Simon Willison's Weblog
Simon Willison's Weblog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
B
Blog
T
Tenable Blog
The Hacker News
The Hacker News
The Register - Security
The Register - Security
IT之家
IT之家
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
P
Privacy & Cybersecurity Law Blog
博客园_首页
T
Tailwind CSS Blog
人人都是产品经理
人人都是产品经理
C
Cybersecurity and Infrastructure Security Agency CISA
Know Your Adversary
Know Your Adversary
NISL@THU
NISL@THU
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
T
Tor Project blog
C
CERT Recently Published Vulnerability Notes
Apple Machine Learning Research
Apple Machine Learning Research
Stack Overflow Blog
Stack Overflow Blog
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
V
Vulnerabilities – Threatpost
A
Arctic Wolf
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
V2EX
aimingoo的专栏
aimingoo的专栏
大猫的无限游戏
大猫的无限游戏
Scott Helme
Scott Helme
L
LINUX DO - 热门话题
Cyberwarzone
Cyberwarzone
V
Visual Studio Blog
月光博客
月光博客
爱范儿
爱范儿
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
美团技术团队
G
GRAHAM CLULEY
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
H
Heimdal Security Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

Cisco Blogs

Edge opportunity for service providers: Turn infrastructure into new services MRC and SRv6: How Foundational Networking Innovations Are Enabling the Next Generation of AI Supercomputers The SMB Marketing Reset: Winning Customer Trust in a Digital-First Economy Inside the SOC: AI-powered DNS defense against ransomware Our Path Forward Securing the Federal Digital Experience with Cisco ThousandEyes for Government Cisco at ONUG Dallas 2026: Securing the AI Data Center in the Agentic Era Cisco and Red Hat are powering intelligent core to edge: Red Hat Summit insights Building the Capabilities That Win: How Cisco Partners Can Lead in the SMB & Mid-Market Era How Two Hours Felt Bigger Than My To-Do List Announcing Foundry Security Spec Ace the CCIE Collaboration Lab: Success Tips from a TAC Engineer Turned CCIE Protecting Agents with Cisco AI Defense and Google Agent Development Kit Powering an Inclusive Future: Your guide to the Purpose Pavilion at Cisco Live Las Vegas The Infrastructure Behind the Mission: SOF Week 2026 Cisco Networking App Marketplace Partners at Cisco Live 2026 Beyond the Pilot: Building the Clinical Data Fabric for the Agentic Era Benchmarking scale-out AI fabrics with Cisco N9000 + AMD Pensando™ Pollara 400 NICs Month of Developer Productivity: Build and Forget The race to autonomous transport networks: A new study Lean IT, future-ready: How to save time and simplify wireless management with AI Reading Between the Pixels: Failure Modes in Vision Language Models Biochar’s triple win: Healthier soils, improved crops, and decarbonization Designing a Proactive Customer Journey Modernize your data center operations with Cisco Nexus Dashboard Why your automation stack needs Cisco Agentic Workflows Try Cisco AI Defense Explorer Edition in this hands-on lab From Bandwidth to Intelligence: How Cisco is Powering AI-Ready Networks Spotlight on digital transformation | FY25 Purpose Report Galaxy Mode is live: A limited-time look at what your Cisco AI Assistant and AgenticOps can already do Securing the Agentic Workforce: Cisco Announces Intent to Acquire Astrix Security Understanding CISA BOD 26-02: Mitigating Risk from End-of-Support Edge Devices Digging Deeper: The Future of Mining with Automation and Ultra-Reliable Wireless Voices from the field: Helping farmers build resilient local economies across rural America Built like a startup, scaled like Cisco: Transforming data center cooling for the AI era Defining Model Provenance: A Constitution for AI Supply Chain Safety and Security Introducing Model Provenance Kit: Know Where Your AI Models Come From Security Insights: A Threat-First View for the Platform That Enforces Access How I Turned My Curiosity into a Patent From Strategy to Architecture: How Cisco is Building a Quantum-Safe Future Maximizing Managed Security Services: A Strategic Guide to Optimizing Your Portfolio (Part 1 of 2) Simplify access control in five easy steps Trust: Why security is your next growth engine Cisco IQ is generally available. Here’s what that actually means. From Vision to Reality: Intelligence in Action with Cisco IQ How connectivity is shaping the future of surgical care The power of your network: Solving a physical security incident on Vision portal 5 signs your data center is holding your AI strategy back Stop Overthinking OT Security: The Total Cost of Ownership and Being Smart with Refreshes AI-Ready, Simpler, and More Secure WAN: Cisco SD-WAN Innovations Scaling the digital future: Why AI and skills investments matter for business and society Expanding our Product Organization Recap Scaling the Future: Reddit AMA on Network Automation at Scale Bringing Professional-Level Skills to Cisco Networking Academy Announcing Cisco Availability in Google Cloud Marketplace: A New Path to Scalable, Partner-Led Growth The Innovation Paradox: How We Reduced Incidents by 25% While Deploying Faster Funding the AI-ready data center: Why flexibility wins The switch that quantum networking has been waiting for From a Message I Couldn’t Believe to a Stage I’ll Never Forget The Hidden Bottleneck Slowing Down Manufacturing Transformation 30 Years as a CCIE: Why Certifications Matter in the AI Era Securing Enterprise AI: Cisco AI Defense Expands to Google Cloud How ThousandEyes Closed the Cloud Visibility Gap by Solving It Themselves First Energy Will Define the Scale of AI Introducing the AI Agent Security Scanner for IDEs: Verify Your Agents Stop Overthinking OT Security: People, Process and Technology Powering the Future of Research: Join Cisco at NLIT 2026 Building the Digital Foundation for a Smarter West Lincoln Memorial Hospital How Cisco built an AI-RRM that maximizes your wireless solution From Automation to Autonomy: Cisco and Rockwell Power a New Era for Manufacturing Unlocking the Future of Fan Engagement: The Power of VisionEDGE Find Yourself in the Future: AI Is the New Baseline—Here’s How to Build Your Skills One Day with Our Customers: Driving better outcomes through customer centricity What It Really Takes to Build an AI-First Workforce From Connectivity to Security: How E80 Future-proofed its AGV Operations with Cisco The Infrastructure of a Floating City: AIDA Cruises’ CX-Led Digital Transformation Scaling your network for AI without a forklift upgrade Why modern networks are moving DDoS defense to the edge Evolve IP Media to AI-Driven Media Fabrics: Future-Proof Broadcast with Cisco and NVIDIA Cisco and Generation are scaling AI-powered pathways to employment Reading Between the Pixels: Assessing Prompt Injection Attack Success in Images Lean IT, future-ready: Why Wi-Fi is your AI growth strategy Cisco Modeling Labs: Bringing the Network Digital Twin to Life AI on the Factory Floor: Why Manufacturing Requires a New Architecture with Cisco Unified Edge Designing for What’s Next: Securing AI-Scale Infrastructure Without Compromise Scaling the Future: Join Our Reddit AMA on Network Automation at Scale 5 wireless trends retail IT teams can’t ignore in 2026 Can your infrastructure management tools do that? Sustainability 101: Let’s talk about energy efficiency From Chai Breaks to Checkpoints: A Day at Cisco Bengaluru Preparing for Post-Quantum Cryptography: The Secure Firewall Roadmap Non-Obvious Patterns in Building Enterprise AI Assistants Making AI Trustworthy and Observable in Real-Time: Cisco Announces Intent to Acquire Galileo A simpler path to unified, AI-ready network operations Cisco Celebrates The Smart Industry Industrial Transformation Award Winners Mobile World Congress 2026: AI-powered Network Security Powering MWC Barcelona – Building a Unified SOC and NOC with Splunk in Record Time How New Data Streams Transformed Cisco Store’s Decision-Making AI-powered Network Security at the Mobile World Congress 2026 SNOC Inside the Mobile World Congress 2026 SOC: Detecting Shadow Traffic with Firepower 6100
A new model for infrastructure security: How Cisco defends against AI threats
Jason Lish · 2026-05-28 · via Cisco Blogs

Every CISO is being asked some version of the same question: are we ready for AI-powered attacks? Dive into how Cisco is reshaping its own network, not as a posture checked annually, but as a continuous operating model.

Most enterprises are managing risks based on a threat model built for a different era. You set a risk threshold. You focused on the vulnerabilities above that line — the ones critical enough to keep you up at night. Everything below it, you managed. That was a reasonable tradeoff. 

AI-powered cybersecurity tools have changed the model. They don’t just accelerate known exploits; they can find and weaponize everything below your threshold, including the vulnerabilities you decided weren’t urgent and the legacy devices you hadn’t gotten around to replacing. The bar hasn’t just moved. It’s been dropped. That realization is reshaping how we operate and defend our own network at Cisco, and we think it should reshape how every enterprise thinks about cyber defense.

The stuff we used to not worry about — thats now exactly what we worry about. The bar has been dropped, and we must rethink the whole model.           

What we’re up against

Cisco’s corporate network carries traffic for millions of devices, thousands of applications, and a fast-growing population of AI agents. It is a prime target for the same adversaries our products are built to stop.  

For years, we have operated on the same vulnerability-patching model most enterprises still use today: vulnerability disclosed, patch developed, change-window scheduled, manual approvals collected, fix deployed. That cycle — measured in weeks — made sense when adversaries needed months to weaponize a newly disclosed flaw. That window is now hours, with the trajectory pointing to minutes, and no amount of process improvement closes a gap that wide. 

With new frontier AI models, traditional approaches to defending the network are no longer sufficient. The same capabilities that help us find and fix vulnerabilities faster are also landing in the hands of threat actors who can now scan, exploit, and weaponize weaknesses at machine speed. This dynamic extends well beyond our own code: our broader supplier ecosystem is racing to patch vulnerabilities while adversaries leverage these same models to discover and exploit them, often in parallel. The result is a rapidly compressing window between disclosure and exploitation, forcing us to evolve just as quickly.

Our teams focus on finding and fixing vulnerabilities and use approved, commercially available AI coding agents governed by contractual and technical controls to scan complex products with millions of lines of code. This helps us surface vulnerabilities that humans alone might miss.

How we’re responding: See it. Prove it. Contain it. Replace it. 

Operationally, informed by our work with Anthropic’s Project Glasswing and OpenAI’s Daybreak, as well as other frontier models, we’ve reorganized our internal defense around four pillars, prioritized from the outside in — starting with the broader supplier and threat landscape and working inward to our own environment.   

In this model, tools and agents don’t operate as a checklist but as a continuous loop, reinforcing each other at machine speed. 

  1. Real-time visibility first. Visibility informs what we validate. Before we could accelerate anything, we needed a centralized, continuously updated picture of our complete attack surface — every asset, identity, service account, cloud entitlement, and API. Real visibility isn’t just an asset inventory. It’s knowing who owns each asset, how critical the asset is, and exactly how bad things can get if it’s compromised. That’s the foundation for every decision. 
  2. Continuous exposure validation, not periodic review. Validation informs where we deploy runtime protections. AI-powered adversaries don’t prioritize by the Common Vulnerability Scoring System (CVSS) score. They chain lower-severity vulnerabilities into working exploits faster than any periodic review cycle can catch. We stopped chasing vulnerability lists. This will allow us to simulate real attacks at machine speed to fix what’s actually exploitable, not what’s theoretically risky. Attack path analysis tells you what’s at risk; severity scores alone don’t. 
  3. Runtime protection as a bridge, not a destination. Runtime telemetry feeds back into visibility. Runtime protection contains threats while you fix the root cause. It buys time until the actual fix is ready. The goal is a production environment resilient enough to keep operating safely even under partial compromise. 
  4. Modernization as a strategic security imperative. Modernization keeps the whole loop running on infrastructure built for change. Our focus is on hardening the foundation — retiring end-of-life systems, eliminating insecure legacy services, and positioning our infrastructure for faster patching and greater resilience. That modern foundation is what unlocks advanced runtime defenses like Hypershield-class segmentation, Live Protect, and the eBPF-powered Tetragon agent, which delivers real-time vulnerability shielding without reboots or binary changes — capabilities that simply can’t run on legacy.  

How we’re prioritizing: Outside in 

One of the most concrete shifts we’ve made is how we sequence our response. When the scope of exposure is large and you can’t do everything at once, triage structure matters as much as technical capability. 

Our approach: work from the outside in. Internet-facing edges carry the greatest exposure risk and move fastest, so that’s where we’ve focused patching velocity and shielding first. As we move toward the core, the pace becomes more deliberate — the boundaries there are among our most critical. The segments separating our largest security zones — the firewalls protecting our most sensitive assets — get prioritized because protecting them limits lateral movement and contains blast radius if something gets through. 

From there, every decision runs through the same risk-based logic: determine what is most exposed, most vulnerable, and what is the proper response — remove it from the network, segment it, apply runtime protection, or accelerate the patch. End-of-life and unsupported assets get eliminated or isolated. Externally exploitable vulnerabilities get addressed first. Assets that can’t be patched within operational windows get runtime-first protection while remediation proceeds. 

The Bigger Shift 

All of this points to something more fundamental than a faster patch cycle. The model were building toward isnt a hardened fortress. Its an agile and adaptable system that can move continuously to a more secure state without taking a time-out to do it. 

“The game is always being ready to redeploy new, secure technologies. This notion that Ive got to take a time-out and do patching work — thats the game of the past. 

As the industry is entering a period of intense infrastructure evolution, businesses must adapt security practices and operational models to build and maintain resiliency. Our participation in trusted initiatives like Project Glasswing and Daybreak provides us with the deep insights necessary to navigate this shift, yielding immediate changes in how we operate. But we aren’t done. As we continuously mature our operating model, we will continue to prove every capability internally — at scale and in production — sharing our learnings and best practices that help our customers evolve their own security operations. 

The window to get ahead of AI threats is still open. The organizations that build this operational muscle will compound their advantage. Those that wait compound their risk. 

“We don’t just sell the network; we defend every minute of every day with the same tools we offer to our customers.”

Jason Lish is Senior Vice President, Chief Information Security Officer at Cisco where he provides strategic leadership and oversight for Cisco’s Information Security functions, including enterprise information security, data protection, attack surface management, and security operations. He also oversees value chain security and the Security and Trust Organization’s mergers and acquisitions service.

Watch the webinar replay

Glasswing: Mythos demands a new model for infrastructure

Event by Cisco Security

Watch the replay > 

More resources