Enterprise adoption of AI agents has hit a critical bottleneck: security. While 85% of major companies are experimenting with autonomous AI agents, only 5% have moved them into production environments. The gap isn't about capability or cost,it's about trust. Cisco's announcement at RSA Conference 2026 reveals why this matters and what's finally being done about it. What's Actually Stopping Companies From Deploying AI Agents? The problem sounds simple but has proven devilishly hard to solve: AI agents act on behalf of organizations, making decisions and executing tasks without human intervention. Unlike chatbots that answer questions, agents can access tools, modify systems, and move money. If an agent gets compromised or goes rogue, the damage scales instantly across an entire operation. Traditional security tools were built for human users with predictable behavior patterns. Agents operate differently, making thousands of decisions per minute across distributed systems, accessing resources in ways that legacy security infrastructure simply cannot monitor or control. According to the 2025 Cisco Talos Year in Review, attackers are already focusing on the weak points in agent deployments. Adversaries overwhelmingly target components that authenticate users, enforce access decisions, or broker trust between systems. As agentic workloads proliferate, this attack surface will only expand. How Cisco's New Framework Addresses the Three Pillars of Agent Security Cisco's approach breaks agent security into three distinct challenges, each requiring different solutions. The company introduced multiple tools designed to work together as an integrated platform rather than point solutions. - Protect the World From Agents: Ensure agents can only act as intended by establishing verified identities, mapping them to accountable human owners, and enforcing strict access controls that limit what each agent can do and for how long. - Protect Agents From the World: Safeguard agents from manipulation and corruption by testing their resilience against adversarial attacks before deployment and embedding guardrails directly into agent workflows at runtime. - Detect and Respond at Machine Speed: Enable security operations teams to identify and stop AI-related incidents as they happen, using automation to match the speed at which agents operate. The first pillar addresses what Cisco calls the "identity problem." Most enterprises today don't even know which agents are running in their environment, let alone who is responsible if something goes wrong. Cisco extended its Zero Trust Access framework,a security model that verifies every request, regardless of source,to cover AI agents. This means agents now get registered in Duo Identity and Access Management (IAM), mapped to specific human owners, and assigned fine-grained permissions for only the exact tasks they need to perform. "Organizations are eager to embrace AI, but they need to do so without creating security coverage gaps. Cisco's Zero Trust Access for AI agents gives visibility into agentic identities and restricts access to exactly what's needed," stated Jeremy Nelson, CISO North America at Insight. Jeremy Nelson, CISO North America, Insight For the second pillar, Cisco launched AI Defense: Explorer Edition, a self-service platform that lets developers and security teams red-team their AI models before deployment. Red teaming means simulating real-world attacks to find vulnerabilities. The platform conducts multi-turn adversarial testing, validates resistance to prompt injection and jailbreaks, and provides exportable security reports for compliance reviews. This is significant because traditional security scanning tools cannot simulate the threats agents actually face, which involve longer conversations and access to multiple tools and resources. Cisco also introduced DefenseClaw, an open-source secure agent framework that automates security enforcement and inventory management. The company plans to integrate DefenseClaw with NVIDIA's OpenShell sandbox environment, which would eliminate manual security configuration steps and accelerate deployment timelines. What Does This Mean for the Broader Agentic AI Market? The agentic AI tools market remains highly fragmented, with the top 10 players accounting for just 5% of total market revenue in 2024. This fragmentation reflects both low entry barriers and intense technological competition. Major players include Microsoft Corporation, OpenAI, Alphabet (Google), NVIDIA, Anthropic, Salesforce, Amazon Web Services, Oracle, ServiceNow, and IBM. However, the market is also seeing specialization emerge. XMPro, for example, has been recognized by LNS Research as a key vendor in the emerging "Agentic Operations" category, which focuses specifically on multi-agent orchestration and autonomous decision-making in industrial environments. This suggests that while the broader market remains open, vendors are beginning to differentiate by vertical or use case rather than competing on general-purpose agent frameworks alone. "The market is moving beyond dashboards and predictive analytics toward autonomous, multi-agent coordination of industrial operations. This is not a rebrand of what existed before. It is a fundamentally different approach, agents that reason, coordinate, and execute within governed boundaries," explained Pieter van Schalkwyk, CEO of XMPro. Pieter van Schalkwyk, CEO, XMPro Cisco's announcement signals that security infrastructure vendors are now treating agent deployment as a distinct category requiring purpose-built solutions. The company's integration of agent discovery, identity management, policy enforcement, and runtime protection suggests that enterprises will increasingly expect security vendors to offer end-to-end agent governance rather than adapting legacy tools. Steps to Prepare Your Organization for Secure Agent Deployment - Inventory Existing Agents: Use agent discovery tools like those in Cisco Identity Intelligence to identify all AI agents currently running in your environment, understand their purpose, and map them to responsible owners. - Establish Identity and Access Policies: Implement Zero Trust Access principles for agents by assigning verified identities, defining fine-grained permissions based on specific tasks, and setting time-bound access windows that automatically expire. - Red-Team Before Production: Use platforms like AI Defense: Explorer Edition to conduct adversarial testing on your agent models and applications, identifying vulnerabilities to prompt injection, jailbreaks, and other attacks before deployment. - Embed Runtime Guardrails: Integrate policy enforcement directly into agent workflows at build time using tools like Cisco's Agent Runtime SDK, which supports major frameworks including LangChain, AWS Bedrock, Google Vertex, and Azure AI Foundry. - Monitor at Machine Speed: Deploy security operations tools that can detect and respond to AI incidents automatically, matching the speed at which agents operate rather than relying on human-speed incident response. The 5% production deployment rate reflects a real security challenge, not a lack of interest. Cisco's framework suggests that the next wave of enterprise AI adoption will be driven not by better models or cheaper compute, but by security infrastructure that makes agents trustworthy enough to deploy at scale. Organizations that establish these governance foundations now will have a significant advantage as agentic AI becomes mainstream across industries.
