惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Spread Privacy
Spread Privacy
P
Palo Alto Networks Blog
P
Proofpoint News Feed
AI
AI
Help Net Security
Help Net Security
S
Securelist
T
Troy Hunt's Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
C
Cisco Blogs
Scott Helme
Scott Helme
Hacker News - Newest:
Hacker News - Newest: "LLM"
Vercel News
Vercel News
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
B
Blog
GbyAI
GbyAI
Recent Commits to openclaw:main
Recent Commits to openclaw:main
D
Darknet – Hacking Tools, Hacker News & Cyber Security
P
Proofpoint News Feed
S
Security Affairs
Cisco Talos Blog
Cisco Talos Blog
AWS News Blog
AWS News Blog
T
Tenable Blog
H
Help Net Security
NISL@THU
NISL@THU
F
Fortinet All Blogs
博客园_首页
G
GRAHAM CLULEY
L
LINUX DO - 最新话题
P
Privacy International News Feed
G
Google Developers Blog
博客园 - Franky
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Security Archives - TechRepublic
Security Archives - TechRepublic
The Register - Security
The Register - Security
L
LangChain Blog
aimingoo的专栏
aimingoo的专栏
T
Tor Project blog
P
Privacy & Cybersecurity Law Blog
量子位
C
Cyber Attacks, Cyber Crime and Cyber Security
Forbes - Security
Forbes - Security
S
Secure Thoughts
Simon Willison's Weblog
Simon Willison's Weblog
D
Docker
Recorded Future
Recorded Future
博客园 - 三生石上(FineUI控件)
L
Lohrmann on Cybersecurity
T
Tailwind CSS Blog

Security @ Cisco Blogs

We third-party tested our firewall built for AI-scale. The test tools hit their limit first. SharpHound Recon Attack - How AI enhanced the threat hunt Machine Speed, Human Judgement: How AI Changed the SOC in 2026 Elevating Expertise in the SOC Educate at Event Speed: Cisco Live Security Operations Center What Working the Cisco Live SOC Taught Me About AI, Detection, and Response Cable to Cloud - A Product Engineer's Journey Through the Cisco Live AMER 2026 SOC The Experience Dividend: How Better Digital Experience Protects Revenue, Trust, and Growth AIM: Building an Agentic Tier-2 SOC Analyst at Cisco Live AMER 2026 Building the Agentic SOC at Cisco Live Americas 2026 Ten Years in the SOC at RSAC: What We Learned in 2026 Uplevelling Black Hat Threat Hunters Making Workflow Runs Explain Themselves: AI-Powered Run Summaries in Cisco XDR Automate Independent Testing Confirms Secure Email Threat Defense’s Email Security Strength Defenseclaw for On-Prem AI SOC Workflow at Black Hat Asia Cisco Secure Access with MCP Infrastructure at Black Hat Asia 2026 The Essence of Black Hat – Collaboration with Partners Black Hat Asia 2026: A Decade in Singapore Black Hat Asia 2026: Threat Hunters’ Corner Unveiling the Power of Integration: XDR, Splunk, Corelight, Arista and Palo Alto Networks in Action at Black Hat Asia Security in the Post-Mythos Era Cisco SASE with Meraki: Get in the Fast Lane to SASE Extending Zero Trust Across the Agentic AI Workflow Quantum Resilience Needs a Common Language. Here’s Where to Start. Security at Cisco Live: Going Shields Up for the Agentic Era Identity Elevated: A New Unified Identity Experience in Cisco Cloud Control Security Needs a New Operating Model Cisco Secure Access and Microsoft Purview Integration for Simplified Data Protection Cisco Secure Access and Island Browser Enable Zero Trust Everywhere Finding what lives between the alerts: Announcing Cisco Talos Threat Hunting From Log Flood to Threat Signal: Cisco and Splunk Bring Context to Modern Defense Cisco Secure Access and Microsoft Edge for Business Integration Why Network Segmentation Projects Fail: Four Patterns Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI Enhancing Cisco Secure Email Gateway: Safer Clicks and Cleaner Files AI-generated reporting: Lessons learned from Cisco Talos Incident Response Inside the SOC: AI-powered DNS defense against ransomware Security Insights: A Threat-First View for the Platform That Enforces Access From Strategy to Architecture: How Cisco is Building a Quantum-Safe Future AI-Ready, Simpler, and More Secure WAN: Cisco SD-WAN Innovations Designing for What’s Next: Securing AI-Scale Infrastructure Without Compromise Preparing for Post-Quantum Cryptography: The Secure Firewall Roadmap Mobile World Congress 2026: AI-powered Network Security Powering MWC Barcelona – Building a Unified SOC and NOC with Splunk in Record Time AI-powered Network Security at the Mobile World Congress 2026 SNOC Inside the Mobile World Congress 2026 SOC: Detecting Shadow Traffic with Firepower 6100 Data Optimization in Security: A Splunk Architect’s Perspective Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders Zero Trust for Agentic AI: Safeguarding your Digital Workforce The Agent Trust gap: What Our Research Reveals About Agentic AI Security Meet Your Incident Responders
Strengthening the Foundation: A Predictable, Customer focused Response to AI-Accelerated Vulnerability Discovery
Russ Smoak · 2026-06-02 · via Security @ Cisco Blogs

Why we are changing our cadence

The fundamental scale of vulnerability discovery has shifted. Frontier AI models and agentic analysis harnesses are now surfacing bugs across large code bases at a rate that the traditional, ad-hoc disclosure-and-patch model was never designed to absorb, not by Cisco, and not by the operators who run our gear. At the same time, the window between disclosure and exploitation has effectively closed. Manual, one-off advisories at unpredictable intervals are no longer the right tool for the job.

Starting in July, and for the foreseeable future, we are moving to a scheduled, twice-monthly security disclosure model, paired with seven days of advance notification of which technologies will be covered in each release. This is a deliberate, engineered response to a structural change in the threat landscape, not a reaction to any single incident. This is a hardening program run at scale, with the discipline customers expect from infrastructure they depend on.

What is changing

Scheduled disclosures — 1st and 3rd Wednesdays. Beginning in July, Cisco is reserving the first and third Wednesday of each month for security hardened software publications.

Seven-day advance notice. Seven days before each release, PSIRT will publish the list of technologies and platforms included in that drop. If nothing is planned, there will be no communication. You will know what is coming, on which products, before it lands — so you can pre-stage change windows, lab validation, and maintenance approvals. Cisco is committed to thoughtfully bundling products to minimize overlap in upgrades.

Our core Network Operating Systems products (NOS) are being scheduled as the first products to be released. Core operating system products include Cisco IOS XE, IOS XR, NX-OS, Firepower/ASA, and SD-WAN. Our plan is for the NOS products to be released quarterly. Cisco will not release multiple core NOS products on the same day. Other products may be released more often.

Systemic fixes, not just point patches. Our agentic discovery framework — multiple specialized agents covering static code analysis, live system testing, configuration review, and exploit simulation — runs portfolio-wide. That breadth lets us identify recurring architectural patterns and remediate the underlying class of defect across products, not just the instance that was reported. Security engineers remain in-the-loop for validation, prioritization, and verification.

Bundled and streamlined CVEs. The security hardened releases will not have individual CVEs assigned to each bug as they have pervasive fixes and should be qualified and deployed urgently. Individual CVE assessment and corner-case workarounds will not be manageable. Cisco PSIRT will provide ‘bundled’ CVEs (Common Vulnerability Exposures) tied to CWE categories (Common Weakness Enumerations). For example:

  • CVE-2026-20xxx – Multiple fixes for Input Validation – CWE-20
  • CVE-2026-20xxx – Multiple fixes Access Control – CWE- 284

This change to how we assign CVEs is not about sweeping issues away or reducing transparency; it reflects a shift in what keeps customers secure. Assessing security risk CVE-by-CVE and applying point mitigations is no longer fit for purpose. Any release predating our security-hardened versions carries materially higher risk, and that gap will only widen as adversaries use AI to develop exploits at machine speed. The most effective protection is running a current, hardened release, not patching individual findings across older ones.

We remain committed to disclosure and transparency. When a vulnerability warrants an individual CVE assignment, (e.g., requiring compensating controls, known exploitation, or otherwise demands defender action), Cisco will assign a CVE and provide robust details. We recognize this shifts emphasis from per-issue detail toward release-level assurance, but this is where the infrastructure industry must move towards defending against this new landscape.

What this means for you

We’ve listened to and understood the concerns: more findings, more patches, more operational load, and the fear of being exposed to the gap between discovery and deployment. The new model is designed specifically to reduce that pressure, not add to it.

  • Predictability replaces surprises. A fixed cadence and a 7-day pre-announcement mean patch management becomes a planned activity, not a fire drill. You can align it with your existing change-control process.
  • Batched, not buried. Consolidating fixes into scheduled releases reduces the number of separate maintenance events, the volume of one-off advisories to triage, and the regression-test surface for each deployment.
  • Risk is going down, not up. AI-accelerated discovery means vulnerabilities that previously sat latent in the code base for years are being found and fixed by us, on a clock we control, before they are weaponized against you. The release volume reflects debt being cleared, not new fragility being introduced.
  • You are not behind. If a finding is being addressed in a scheduled release, upgrading should negate the need to implement corner-case mitigations that do not scale.

What PSIRT will publish

For each release window, PSIRT will provide:

  • The 7-day advance notice listing affected technologies and platforms
  • The release-note contents on publication day, including bundled CVE details correlated to fixed software releases.
  • Summary details on what has been addressed

What stays the same

Our disclosure principles, our coordination with the broader security community, and our obligations to customers under existing support contracts are unchanged. The Cisco PSIRT is the gold standard for vulnerability disclosure and will drive this revolution – with significantly expanded tooling and cadence built for the new rate of discovery.

Emergencies will happen. Our process will remain unchanged for responding and working out of our normal release cycles to address security incidents, active exploitation and external discovery of zero-day vulnerabilities.

How we are prioritizing engineering capacity

We are explicitly placing focus on key AI-discovered findings and the resulting systemic hardening ahead of new feature work in the affected platforms. That is a direct trade-off, and it is the right one. Resilient, well-maintained infrastructure is the product. Hardening our software is, for this period, the highest-value engineering work we can deliver to customers.

Furthermore, we are integrating advanced agentic capabilities in secure and responsible ways into our development and testing environments. By leveraging AI-driven testing and automated patching workflows (with security engineers firmly “on-the-loop”) we are accelerating our ability to identify, validate, and deploy fixes with greater speed and precision.

Easing the Patching Process

We continue to prioritize efforts to make patching easier across our product portfolio. Our controller platforms include capabilities to deploy patches at scale. Our investment in Live Protect is specifically designed to help organizations bridge the gap between when a vulnerability is uncovered, and the organization can patch.

Cisco IQ provides organizations with the information necessary to understand the security state of their installed base – CVE exposure, hardening, and provides guidance to allow organizations to address the related risks. Additionally, Cisco Services is available to assist organizations in evolving security processes for the AI-era.

Closing

This is a transition we have prepared for. The engineering teams, the PSIRT organization, the release infrastructure, and the customer-facing tooling are aligned behind it. The goal is straightforward: get fixes into your hands faster, on a schedule you can plan against, with enough advance notice to deploy them on your terms.

We will continue to refine the cadence, the notification format, and the supporting tooling based on what we hear from you in the first several cycles. Direct feedback from operators has shaped this model, and it will continue to shape how it evolves.

Thank you for the partnership. The work ahead is substantial, but it is the right work, and we are ready to partner with our customers to drive a new standard of security and resiliency.