When we spoke to Jeetu Patel, Cisco’s Chief Product Officer, a few years ago about Cisco’s security ambitions, he promised a rolling thunder of announcements. Those have certainly come in recent years. Today’s announcement is potentially a very important one. With AI Defense, Cisco wants to make it possible for organizations to adequately secure the AI it uses. We spoke with Patel about this latest addition to the security portfolio.
There has been very significant investment in recent years in the infrastructure needed to bring AI to consumers and organizations. It has made Nvidia the most valuable company in the world. However, adoption in the enterprise market is not yet very widespread. Patel cites a few figures in conversation with us. According to him, $225 billion is invested in setting up the infrastructure, but the revenue that companies get from inferencing at and by customers is only $10 billion. That’s a pretty lopsided ratio. One of multiple reasons for this is that many organizations are concerned about the security of deploying AI. That’s what AI Defense is supposed to solve.
Cisco and AI security
Today’s announcement of AI Defense is in itself not surprising. That is, Cisco (and specifically Jeetu Patel) has been talking about it for years. Before AI Defense could get there, however, Cisco had to take the necessary other steps. In recent years, Cisco has increasingly been positioning itself as a “serious” security player. Not that it didn’t also have security solutions before 2020, but there wasn’t nearly as much focus on them then as there has been since Patel’s arrival that year.
In addition to big announcements such as the creation of the Cisco Security Cloud and related launch of Cisco XDR, last year there was the launch of Cisco Hypershield. In all the solutions, Cisco is using AI. That was step one, Patel points out. The company had to take that first in order to then take today’s step. Cisco built AI Defense, like previous recent security products and services, from the ground up within Cisco. As usual, Cisco does integrate an acquisition into this. In the case of AI Defense, that’s Robust Intelligence, a startup it acquired a few months ago that focused specifically on securing AI.
What is Cisco AI Defense?
Those who have followed Cisco’s security developments to some extent will recognize much in AI Defense from Hypershield. By this we do not mean that it is a further development of that, but it does have a similar approach. Like Hypershield, AI Defense is a layer (a substrate, as Patel calls it) that Cisco has built as an overlay, spanning the AI that organizations use.
Right now, things like security and guardrails still take place primarily at the level of the models that organizations use. That in itself is a good thing, Patel points out. However, it also means the models force organizations to use the capabilities and security that the the developers of the models build in. “You can’t rely on that alone,” he believes. “You have to have an overall layer that goes across all models and applications,” he continues. For that, Cisco is obviously pretty well positioned. The platform approach it has for virtually its entire portfolio lends itself very well to that, at least in theory.
AI Defense is going to do two things for organizations, Patel points out. “It enables organizations to secure AI applications and provides secure access to those applications,” he promises. Cisco’s other security components, by the way, play a role in this as well. Think in particular of Secure Access, the SSE product, and, of course, Hypershield. After all, the latter is Cisco’s underlying security architecture.
How does Cisco plan to secure AI with AI Defense?
The above sounds very interesting, but what specifically does Cisco AI Defense do to secure AI? Patel lists three components of AI Defense. First, it provides insight into how AI applications work. That’s the foundation; without knowing how applications work, you can’t adequately secure them either. This component makes it possible to discover the use of AI within organizations. Even if employees are using AI that is not formally approved by organizations, which therefore also poses a risk, that can be made insightful with AI Defense.
The second component of AI Defense is that it provides services around validating AI that organizations deploy. An application works a certain way, but it must continue to do so. That is, companies generally don’t want so-called model drift. After all, that could make an application no longer safe to use. You can think of this as an AI-driven red team. An algorithm that continuously automatically tests whether AI models work as intended. This component also provides advice to security teams to be able to curb certain behaviors.
The third component of AI Defense is a runtime engine. Whereas the previous two engines focus primarily on things like validation and providing insight into application operation, this one is about securing AI applications in real time. With this engine, organizations can ensure that users always use applications according to predefined rules and within predefined limits. Consider also detecting things like prompt injection, denial of service and leakage of sensitive data.
Security in a multi-model world
With AI Defense, Cisco is taking what we think is a big, necessary and, in our opinion, extremely important step in the world of AI. Applications that use AI are still often seen as magical applications that can add a lot of value. However, the somewhat hidden operation of those applications also causes many (justified) doubts about putting them into use.
In particular, GenAI is non-deterministic. That means that while models provide predictive answers to questions, their actual contents of those answers is unpredictable. Cisco has now come up with something to address that with AI Defense, which should at least allow you to ensure that those models arrive at their answers in a safe manner. Even if organizations use multiple models, which they undoubtedly will in the future. With the runtime engine, AI Defense can also make sure that even while organizations use the models and applications, nothing unacceptable happens.
AI Defense, as indicated, consists of three components/engines. These obviously do not operate in a vacuum. They are built on top of custom AI models for security. These were created and trained by Cisco itself. So here again we see AI becoming somewhat more focused on a specific use case. We wrote about this a few months ago when SentinelOne came out with its own security AI models.
All in all, Cisco spent about nine months building AI Defense. However, the vision is a lot older. AI Defense is a logical next step for the security platform Cisco has been building over the past few years.
The availability of AI Defense is also yet another motivation for customers to choose Cisco’s platform and thus say goodbye to the necessary point solutions that organizations use. At least that’s what Patel hopes and expects from it. Ultimately, other considerations will also come into play here, of course. While many organizations generally accept some degree of lock-in, they also do not want to be completely dependent on a single vendor. Hence Patel’s emphasis toward the end of our conversation that Cisco’s platform is also open, so customers can also use it on top of or alongside other security solutions.
Cisco AI Defense is available for customers in March of this year (2025).
Here are some screenshots of Cisco AI Defense for illustration purposes:


