85 percent of enterprises are running AI agent pilots, but only 5 percent have moved those agents into production. In an exclusive interview RSA Conference 2026Cisco President and Chief Product Officer Jeetu Patel said the gap comes down to one thing: trust – and closing it separates market dominance from bankruptcy. He also unveiled a mandate that will reshape Cisco’s 90,000-person engineering organization.
The problem is not rogue agents. The problem is the lack of trust architecture.
Confidence deficit behind 5% production rate
A recent Cisco survey found that 85% of major enterprise customers have ongoing AI agent pilot programs. Only 5% transferred these agents to production. This 80-point gap defines a security problem that the entire industry is trying to close. It doesn’t close.
"The biggest barrier to scaling adoption for business-critical tasks in enterprises is building enough trust," Patel told VentureBeat. "Reliable delegation of tasks by delegating to agents. The difference between the two is that one leads to bankruptcy and the other leads to market dominance."
He compared agents to teenagers. "They are extremely intelligent, but they are not afraid of consequences. They are quite immature. And they can easily be sidetracked or influenced," Patel said. "All you need to do is make sure you have guards around them, and you need some training on the agents."
The comparison carries weight because it captures the exact failure mode that security teams face. Three years ago, a chatbot that gave the wrong answer was embarrassing. An agent acting incorrectly can cause irreversible consequences. Patel pointed to a case in which an AI coding agent deleted a live production database during a code freeze, tried to cover his tracks with fake data, and later apologized in his keynote. "Apologies are not protective," Patel said in his speech main blog. The shift from information risk to operational risk is the main reason the pilot-to-production gap persists.
Defense Claw and open source speed play with Nvidia
Cisco’s response to the lack of trust at RSAC 2026 covered three categories: protecting agents from the world, protecting the world from agents, and detecting and responding at machine speed. The product announcements AI Defense Explorer Edition (a free, self-service red clustering tool) includes the Agent Runtime SDK to incorporate policy enforcement into agent workflows at build time, and the LLM Security Leaderboard to evaluate model resilience against adversarial attacks.
The open source strategy moved faster than them. Nvidia launched OpenShell, a secure container for open source agent frameworks, at GTC a week before RSAC. Cisco has bundled the Skills Scanner, MCP Scanner, AI Bill of Materials tool, and CodeGuard into a single open source framework. Defense claw and joined OpenShell within 48 hours.
"Every time you activate an agent in an Open Shell container, you can now automatically start all the security services we’ve built through Defense Claw." Patel told VentureBeat. The integration means that security protection is activated when the container is launched without manual configuration. This speed is important because the alternative agent asks the developers to provide security after it is already running.
This 48-hour turnaround was not an anomaly. Patel said several of the Defense Claw capabilities that Cisco has launched are set up within a week. "Open Shell came out last week because you couldn’t install it for more than a week." he said.
A six- to nine-month yield lead and information asymmetry above it
Patel has made a competing claim worth investigating. "In terms of product, we can be six to nine months ahead of most of the market," he told VentureBeat. Added a second layer: "And for everybody else, I’d say we have an asymmetric data advantage of three to six months because, you know, because we’re in the ecosystem with all the model companies. We see what comes from the pipe." The 48-hour Defense Claw backs up its sprint speed claim, though the leading margin is Cisco’s own characterization; no independent criteria were presented.
Cisco also extended zero trust with new tools to the agent workforce Duo IAM and Secure Login capabilities grant time-bound, task-specific permissions to each agent. On the SOC side, Splunk announced Exposure Analytics for continuous risk assessment, Detection Studio for simplified detection engineering, and Federated Search for research in distributed data environments.
Zero human code engineering mandate
Cisco’s AI Defense product, launched a year before RSAC 2026, is now built with 100% artificial intelligence. Zero lines of human-written code. By the end of 2026, half a dozen Cisco products will reach the same milestone. By the end of the calendar year 2027, Patel’s goal is to have 70% of Cisco products powered entirely by artificial intelligence.
"Just process it for a second and go: a $60 billion company will have 70% of its products without human code." Patel told VentureBeat. "The concept of a legacy company no longer exists."
He attributed this mandate to a cultural shift within the engineering organization. "There will be two types of people: those who code with AI and those who don’t work at Cisco," Patel said. This was not discussed. "Changing 30,000 people to change the way they work at the core of what they do in engineering can’t happen if you just make it a democratic process. It should be a top-down thing."
Five moats for the agency era and what CISOs can check today
Patel laid out five strategic advantages that will separate winning businesses from unsuccessful ones. VentureBeat has mapped every moat against the moves that security teams can start checking today.
|
trench |
Patel’s claim |
What CISOs Can Check Out Today |
Then what to confirm |
|
Constant speed |
"Working with an extreme obsession for speed over a sustained period of time" creates a merge value |
Measure deployment speed from pilot to production. Track how long it takes to review agent management. |
Pair speed measurements with telemetry coverage. Rapid positioning without observation creates blind acceleration. |
|
Trust and delegation |
Credible delegation separates market dominance from bankruptcy |
Audit representative chains. Note agent-to-agent handovers without human authorization. |
Agent-to-agent trust verification is the next primitive the industry needs. OAuth, SAML and MCP don’t cover it yet. |
|
Token efficiency |
A higher yield per token creates a strategic advantage |
Monitor token consumption by workflow. Compare cost per action across agent deployments. |
Token performance indicators are available. Token security metrics (what the token has acquired, what it has changed) are the next construct. |
|
Human judgment |
"Just because you can code doesn’t mean you should." |
Track decision points where agents prefer humans and act autonomously. |
Invest in input that differentiates agent-initiated human-initiated actions. Most configurations still can’t. |
|
AI flexibility |
"10x – 20x – 50x productivity difference" between AI and fuzzy workers |
Measure adoption rates of AI coding tools among security engineering teams. |
Combine agility training with management training. One without the other increases the risk. |
The telemetry layer industry is still building
Patel’s framework operates at the level of identity and politics. The next layer below, telemetry, is where verification happens. "With an agent running your web browser, it seems indistinguishable when you run your browser," CrowdStrike CTO Elia Zaitsev told VentureBeat in an exclusive interview at RSAC 2026. To distinguish between the two, you need to navigate the process tree, watching if Chrome is launched by a human from the desktop or created by an agent in the background. Most enterprise access configurations cannot yet make this distinction.
The CEO’s AI agent rewrote the company’s security policy. Not because he compromised. Because he wanted to solve the problem, he didn’t have permissions and removed the restriction himself. Each passed an identity check. CrowdStrike CEO George Kurtz announced this event and a second event at both Fortune 50 companies and the RSAC launch. In the second, a 100-agent Slack team delegated code editing between agents without human authorization.
Both cases were caught by accident
Etay Maor, vice president of threat intelligence at Cato Networks, told VentureBeat in a separate exclusive interview at RSAC 2026 that enterprises have abandoned basic security principles when deploying agents. Maor ran a live Censys scan during the interview and counted about 500,000 internet-connected agent frame instances. A week ago: 230,000. It doubles in seven days.
Patel acknowledged the delegation’s risk in an interview. "The agent makes a wrong move, and worse, some of those moves may be critical moves that cannot be undone," he said. Cisco’s Duo IAM and MCP gateways enforce policy at the authentication layer. Zaitsev’s work works at the kinetic layer: tracking what the agent does after identity verification. Security teams need both. An ID without telemetry is a locked door without a camera. Depersonalized telemetry is unsuspecting imagery.
Token generation as a currency for national competition
Patel sees the infrastructure layer as crucial. "Every country and every company in the world wants to make sure they can create their own tokens." he told VentureBeat. "The token generation becomes the currency for success in the future." Cisco’s job is to provide the most secure and efficient technology to generate tokens at scale by providing the GPU layer with Nvidia. The 48-hour Defense Claw integration demonstrated what this partnership can do under pressure.
Safety director action plan
VentureBeat identified five steps security teams can take today to start building toward Patel’s framework:
-
Check out the difference from pilot to production. Cisco’s own survey found 85% of enterprises in testing and 5% in production. Mapping the specific trust deficits that keep agents stuck is a starting point—the answer is rarely technology. Management, identity and delegation control are what are missing. Patel’s credible delegation is designed to bridge this gap.
-
Test Defense claw and AI Defense Explorer Edition. Both are free. Group your agent workflows before they go into production. Check the workflow, not just the model.
-
Map delegation chains end to end. Record each agent-to-agent transmission without human authorization. Here it is "parenthood" Patel described. No product fully automates it yet. Do this manually every week.
-
Establish the basics of agent behavior. Before any agent reaches production, define what normal looks like: API call patterns, data retrieval frequency, systems touched, and hours of activity. Without a base, there is nothing to compare to the observational power that Patel’s trenches require.
-
Close the telemetry loophole in your login configuration. Verify that the SIEM can distinguish agent-initiated actions from human-initiated actions. If it fails to do so, the phenomena described in Kurtz cannot be captured by a single layer of personality RSAC. Patel built the identity layer. A telemetry layer completes it.
