A unified, AI-native operating platform that lets human operators and AI agents jointly manage, monitor and defend infrastructure across networking, security, compute, observability and collaboration under one login and shared context.

• Cisco's framing: brings platforms together with a single login and shared operational context across multiple domains; the foundation for Cisco's AgenticOps operating model.
• Patel: "AI agents reason and act continuously at software speed, and that changes everything about how we scale, manage, and defend our critical infrastructure."
• Distinct from the existing Cisco Security Cloud Control — that security-management product remains a separate offering and is one of the consoles Cloud Control spans (see below); Cloud Control is the broader cross-domain operating layer, not a rename or replacement of it. (Cisco’s own materials reference both; an earlier "replaces" framing traced only to TechTarget.)
• Surfaced estate includes Meraki, Splunk, Security Cloud Control, Intersight, Control Hub and Cisco IQ; broader messaging adds Catalyst, Nexus and Webex (full product list not enumerated in the primary release).
• Pricing: three tiers — Essentials / Advantage / Premium — plus a la carte token packs (TechTarget); Cisco says it is included with most platform licenses.

The human-AI interface of Cloud Control: a multiplayer generative workspace where operators and AI agents investigate and resolve cross-domain issues together using the same live evidence.

• Network World: a multiplayer workspace where humans and agents work "using the same live evidence, with context persisting across handoffs, shift changes, and escalations."
• Takes a natural-language prompt, builds a multi-agent investigation plan, gathers cross-domain evidence and returns a sourced answer — with the operator approving the path forward.
• Powered by the Deep Network Model; two modes — Default (quick answers) and Deep Reasoning (operator reviews/approves the plan before any agent runs).
• Pulls cross-domain data (ThousandEyes, Meraki, Control Hub and more); first previewed at Cisco Live 2025.

The Splunk-powered cross-domain data layer that ingests and normalizes log/telemetry data so Cloud Control's agents and models reason over shared context.

• TechTarget: components connect to cross-domain log data in the Splunk-based Cisco Data Fabric, "launched last year and set to reach general availability over the next two months."
• SiliconANGLE: Cloud Control is "built on Cisco Data Fabric, leveraging the Splunk platform Cisco acquired in 2024."
• The reasoning/context substrate the Time Series Model and AgenticOps agents operate against; described by Cisco as the platform's central ingestion point.

Three Cisco-built models underneath Cloud Control: a Deep Network Model (operational networking), a Foundation Security reasoning model, and a Time Series model for telemetry/observability.

• Deep Network Model: purpose-built LLM on Cisco U courseware and CCIE-level knowledge built on 40+ years of operational insight; ~40M training tokens, 3,000+ reasoning traces; claimed up to 20% more accurate reasoning for troubleshooting/config/automation vs leading general LLMs. Powers AI Canvas.
• Foundation Security Model: Cisco's Foundation-sec reasoning lineage (Foundation-sec-8B-Reasoning), an 8B-parameter cybersecurity model integrated via Cisco XDR.
• Time Series Model: a zero-shot time-series foundation model extending TimesFM 2.0; trained on 300B+ data points; released as Cisco's first open-weights model (~Dec 2025).
• Note: the briefing's "small language model on ~30 yrs networking data" is imprecise — Cisco documents an LLM grounded in 40+ years.

The developer/customization layer of Cloud Control: an Agent Builder to create agents wired to 50+ platforms via native connectors or MCP, and a low-code App Builder for building apps from natural-language prompts with OpenAI Codex embedded.

• Cisco newsroom: Agent Builder = "Create agents connecting to 50+ third-party platforms via native connectors or Model Context Protocol"; App Builder = "Build applications from natural-language prompts with OpenAI Codex integration."
• TechTarget: Cloud Control Studio is added "later in 2026" with an Agent Builder and a low-code App Builder with OpenAI's Codex assistant built in.
• Cisco frames Studio as where "operational knowledge becomes executable"; built agents/apps can be published to the Cloud Control Marketplace.

A catalog of apps, agents and integrations from Cisco, customers and partners spanning ITSM, identity, monitoring and AI-native platforms.

• Network World enumerates 50+ ecosystem partners including AWS, Google Cloud, Microsoft, Okta, PagerDuty, ServiceNow, Slack, Snowflake, Tenable and Wiz.
• Launch-partner taxonomy (ITSM / identity / monitoring / AI-native incl. Anthropic, OpenAI, NVIDIA, Collibra) is reported via Fierce Network coverage, not the primary release.
• Connector count: newsroom says "50+"; a SiliconANGLE snippet said "40+" — treat 50+ as the primary figure.

An AI/agentic data product that turns Cisco Support and Professional Services into a continuously updated, single current view of every Cisco asset (hardware, software, cryptographic), fully integrated into Cisco Cloud Control.

• Built on four pillars: landscape clarity, proactive resilience, rapid resolution, contextualized professional services; combines knowledge graphs, classical ML and generative AI with a generative UI (topology maps, timelines, exportable reports).
• Onstage claim: AI routes ~88% of TAC cases to the right engineer and pre-populates topology, config history, prior cases and logs so "TAC briefs itself," eliminating the first 35–40 minutes of data collection (vendor-stated).
• Liz Centoni cited 2,036 customers onboarded "as of this morning" vs an ~800 forecast — a fast-climbing stage figure (90 → 1,500 → 1,700 → 2,036).
• Deployment modes: SaaS (GA), On-Prem Tethered, and Air-Gapped (regulated/sovereign), the latter July 2026.
• Included for existing Support/Professional Services customers ("not something you need to budget for").

A Cisco IQ capability that evaluates cryptographic agility per device and identifies the assets most exposed to "harvest now, decrypt later" quantum attacks, plus where to begin remediation.

• Cisco newsroom: identifies "the assets most exposed to harvest now, decrypt later attacks — and where to start"; global availability July 2026.
• Integrates Post-Quantum Cryptography (PQC) assessment with Cryptographic Bill of Materials (CBOM) analysis under the proactive-resilience pillar.
• Part of the July 2026 Cisco IQ capability wave (distinct from Cloud Control's own availability timeline).

A Support and Professional Services offering with a three-step approach to reduce risk from AI-accelerated ("frontier model") vulnerability discovery, plus an AI-driven remediation Playbook inside Cisco IQ.

• Three steps: (1) Exposure Assessment, (2) Infrastructure Modernization, (3) Defense Resiliency.
• Resilient Infrastructure Playbook is "built with AI-driven insights and Zero Trust principles" and delivers rapid-response recommendations including compensating controls, surgical fixes and focused upgrades (Fierce Network).
• Phase one of the Playbook is available now; broader Services availability tied to July 2026.
• Also in the July 2026 wave: Peer Benchmarking — comparing LDOS risk, advisory/vulnerability status and telemetry connectivity against anonymized peer cohorts.

A runtime "compensating control" that shields infrastructure from newly disclosed vulnerabilities with no reboots, upgrades or maintenance windows, buying time until a permanent patch is deployed.

• Cisco calls it "a digital immune system for Cisco products"; Tom Gillis: "a compensating control does not eliminate the need to patch; it's a bridge between patches."
• Automatically identifies affected devices from new advisories and deploys protective controls; built on eBPF (Isovalent lineage).
• Cisco partnered with red-team firm Armadin to adversarially test the shields against real exploit techniques.
• Directly tied to the disclosure-to-exploit compression thesis ("post-Mythos"); analysts note it is limited to Cisco's own network at launch.

Nexus N9300 smart switches use Silicon One ASICs plus on-board DPUs to host a stateful L4 firewall directly in the data plane — no separate appliances, no traffic hairpinning — under a Hybrid Mesh Firewall umbrella.

• SiliconANGLE: Nexus 9K smart switches "host stateful firewall functions directly in the data plane — eliminating external appliances and traffic hairpinning."
• N9300 embeds stateful security powered by Cisco Hypershield, uses the Silicon One E100 ASIC plus DPUs, and provides distributed L4 security on every port.
• Hybrid Mesh Firewall "extends unified protection across networks, applications, and Cisco and third-party firewalls — limiting the blast radius," combined with Splunk Enterprise Security for analytics and workload context.

An AI-driven SOC where purpose-built agents cover the detection-and-response lifecycle, triaging the vast majority of false positives and orchestrating containment, with a reasoning/evidentiary trail on every decision.

• Six specialized Splunk Enterprise Security agents: Detection Builder, Triage, Guided Response, Standard Operating Procedures (SOP), Malware Threat Reversing, Automation Builder.
• Instant Attack Verification produces structured reports with MITRE ATT&CK mappings, confidence scores and prioritized recommendations; each decision carries a reasoning log.
• Foundation is Cisco Data Fabric powered by Splunk; Cisco claims it can cut incident response from hours/days to minutes.
• Complemented by Agentic IAM in Cisco Secure Access (ephemeral, task-scoped "just-in-time, just-enough, just-long-enough" access) and expanded Talos Proactive Threat Hunting.
• Note on figures: the widely-repeated "~92% of false positives" is uncorroborated. The real, primary-sourced number is 97% (176 of 179 incidents) and it is from Cisco Live EMEA Amsterdam (Feb 2026), not the US event (see Verify).

A commitment to enable quantum-safe communications across the majority of Cisco's core portfolio by December 2026, ship new routers/switches/firewalls quantum-safe by default, and provide a Quantum Resilience Framework.

• Confirmed wording: "enable quantum-safe communications capabilities across the majority of Cisco's core portfolio by December 2026" — a commitment/target, not delivered capability.
• All newly introduced enterprise/data-center routers, switches and firewall series ship quantum-safe by default.
• New Quantum Resilience Framework offers a structured approach to adopting post-quantum cryptography; Quantum Ready Assessments (via Cisco IQ) arrive July 2026.
• Note: the exact phrase "quantum-safe secure boot" is not primary-confirmed.

Cisco is moving from ad-hoc emergency patching to a scheduled, twice-monthly security disclosure cadence to give customers predictability in the AI-accelerated vulnerability era.

• Confirmed: "Starting in July... we are moving to a scheduled, twice-monthly security disclosure model" on the first and third Wednesday of each month, with seven days of advance notification of covered technologies.
• CVEs bundled by Common Weakness Enumeration (CWE).
• Core network-OS products (IOS XE, IOS XR, NX-OS, Firepower/ASA, SD-WAN) follow a quarterly schedule; Cisco will not release multiple core NOS products the same day.
• Author: Russ Smoak (VP, Information Security, Security Assurance & Response).

Cisco's free, open-source framework to secure and govern local AI coding agents (Claude Code, OpenAI Codex, Cursor, Gemini CLI) — scanning and sandboxing agent skills, verifying MCP servers, inventorying AI assets and enforcing runtime policy.

• Origin: DefenseClaw launched at RSAC 2026 (March 23), not net-new at Cisco Live; at the show it was made enterprise-ready and integrated into Cisco Secure Client; Cisco also cited the Astrix Security acquisition for non-human identity.
• Component tools: Skills Scanner, MCP Scanner, AI BoM (bill-of-materials), CodeGuard, plus an A2A (agent-to-agent) Scanner; connects to Splunk for observability.
• Runs on NVIDIA OpenShell — a kernel-isolated, deny-by-default sandbox with YAML policy enforcement; repo: cisco-ai-defense/defenseclaw.
• Built in response to OpenClaw's ungoverned adoption (reported ~500,000 instances, no enterprise kill switch).
• Scenario nature: DefenseClaw/OpenClaw/OpenShell/"ClawHavoc" sit in a largely illustrative/fictionalized agentic-threat ecosystem; the specific "AMD uses DefenseClaw" linkage is uncorroborated (see Verify).

Cisco's "post-Mythos" framing centers on Anthropic's withheld frontier model Claude Mythos, which autonomously discovered thousands of zero-days — the premise for Cisco's entire security rearchitecture.

• "Mythos" is specifically Claude Mythos, Anthropic's frontier model placed in a new fourth risk tier ("Copybara"), officially disclosed April 7, 2026 (after a leak ~March 26).
• Its Preview identified thousands of zero-days, including bugs decades old (e.g. a 27-year-old OpenBSD bug).
• Anthropic withheld it over offensive-cyber concerns and gave defensive access via Project Glasswing (partners include Amazon, Apple, Broadcom, Cisco, CrowdStrike, Linux Foundation, Microsoft, Palo Alto Networks, plus 40+ others).
• Cisco: "The Mythos moment has shown how frontier models can accelerate vulnerability discovery and dramatically compress the time for defenders to... act."

Cisco's 102.4 Tbps scale-out switching ASIC on TSMC 3nm — the data-center flagship of the shared Silicon One architecture, first shown at Cisco Live EMEA (Feb 2026).

• 102.4 Tbps, TSMC 3nm; 512x 200Gbps SerDes; up to 1.6T ports; fully shared packet buffer, path-based load balancer, P4 programmable.
• Claims 28% lower job-completion time and up to 33% better link utilization vs packet-spraying; enables 128,000-GPU clusters with ~750 switches vs ~2,500.
• Correction: the 8100 and Nexus 9300 are system families built on shared Silicon One — not silicon SKUs. The shared silicon is the G300/P200/E-series ASIC family.
• Competitive set: Broadcom Tomahawk 6 and NVIDIA Spectrum-X, both also 102.4 Tbps; Cisco's differentiation is the co-designed full stack spanning campus to hyperscale.

A 51.2 Tbps full-duplex deep-buffer routing processor that enables "scale-across" — connecting AI training clusters across distances up to ~1,000 km using 800G coherent optics.

• 51.2 Tbps deep-buffer (also a 28.8 Tbps line-card variant); powers the Cisco 8223 router and N9000 systems.
• "Scale-across" via 800G ZR/ZR+ coherent optics links data centers up to ~1,000 km apart.
• Some Silicon One systems include quantum-safe line-rate encryption (e.g. N9364E-SP2R with 64x 800G).
• First two P200 design wins were cited at Q3 FY2026 earnings, with a third early in Q4.

Cisco's new fixed core campus switch built on Silicon One E100/E104, billed as its most powerful core switch ever and the backbone for the agentic campus.

• Patel: "the most powerful core switch we've ever created" — addressing bottleneck risk in agentic workloads.
• Built on Silicon One E100/E104 (campus-class, distinct from the data-center G/P series); up to 6.4 Tbps and 3.9 Bpps.
• Top model C9550-96L4D: 96x50G + 4x400G in 2RU; up to 1M routes / 128K MACs — ~8x the IPv4 routing scale of the 9500H; brings 400G to the campus core.
• Anchors what Cisco/Futurum called the largest campus and branch refresh in Cisco history (with Catalyst 9350 access switches and Wi-Fi 7 9177 APs).

AI-driven, governed network operations that move from insight to autonomous remediation via a closed-loop workflow, delivered through Cloud Control.

• Five-stage closed loop: sense → diagnose → remediate → validate → deploy (the primary Cisco release uses softer "signal to action" language).
• Experience Metrics convert raw device telemetry into real-time user-experience measurements; Deep Reasoning applies Cisco's purpose-built models to multi-step root-cause analysis.
• Operators promote AI-recommended fixes to autonomous actions as agents earn trust, with audit trails and approval queues.
• Reported, not primary: the "Meraki beta June 2026" timing comes from trade press (Network World), not the primary Cisco newsroom release.

An emulated replica of the production network that runs actual Cisco software images (not a math model), letting agents test changes before live deployment and "earn trust."

• Network World: the Digital Twin "runs an emulated replica of the production network using actual software images" and enters alpha July 2026.
• Operators can describe tests in natural language, have the AI generate scenarios, and validate changes in the twin before deploying live.
• The mechanism for agents to "earn trust" maps to Cloud Control's autonomy dial.
• Reported, not primary: the July 2026 alpha date comes from trade press, not the primary Cisco release (which lists Digital Twin without the date).

A Cisco-built-and-operated, cloud-delivered fabric providing secure site-to-cloud and cloud-to-cloud connectivity with nothing for the customer to install.

• Cisco deploys/operates virtual points of presence (vPoPs) across cloud providers and regions; delivered through Cloud Control.
• Primary Cisco blog names AWS, Microsoft Azure and Google Cloud; the neocloud framing appears only in trade coverage (reported).
• Zero-Trust routing: nothing connects by default; security policy follows the traffic, with cloud firewall service-chaining per connection.
• Initial onramp targets Cisco SD-WAN deployments, starting with Cisco Meraki MX.

A networking approach that bridges Kubernetes and the network fabric with synchronized security, built for the shift from AI training to large-scale inference.

• Frames the move into the "age of inferencing" — the pivot from training-heavy buildouts to inference at scale; cites ~66% of orgs using Kubernetes for some/all inference.
• Via the Isovalent (Cilium/eBPF) acquisition, integrated into Cisco Nexus One, for real-time workload-to-workload visibility "from pod to fabric to external service."
• Synchronizes security policies across the network fabric and Kubernetes so policy moves with workloads.
• Aligns with the silicon story (G300 scale-out for clusters, P200 scale-across between data centers) as the physical underlay.

Agent-level token observability through Cloud Control that shows which agents consume tokens, at what rate, and whether spend produces outcomes — even terminating runaway agents.

• Cisco pitched token spend as a mainstream operational KPI; Cloud Control's token view lets operators track consumption by agent in real time and kill "runaway" agents.
• Splunk confirms Splunk Platform, ITSI and Observability Cloud "will be available in Cisco Cloud Control"; deeper agent-behavior observability traces to the Galileo acquisition.
• Underlying driver framed around Jevons' Paradox; reasoning/chain-of-thought workloads can consume up to ~100x more tokens than traditional inference.
• Caveat: a dedicated per-token/per-agent monitoring feature is described mainly by analyst/trade recaps, not pinned to a primary Cisco page.

A refreshed collaboration hardware family on custom Cisco+NVIDIA Jetson compute modules with on-device AI for camera framing, speaker tracking and agentic workflows, running RoomOS 26.

• Custom Cisco+NVIDIA Jetson compute module delivering "25 times the AI processing power of the previous generation."
• On-device Agentic Director auto-switches between Frames mode and group overview (up to 7 cameras / 8 mics), processed locally for latency and privacy.
• Room Kit Pro G2 (large-room, AVoIP single-cable, up to 8K HDMI) and Desk Pro G2 (27" 4K, dual-lens camera) are confirmed in the main launch; Board Pro G3 is reported (absent from the main launch post).
• Webex agents tie in: Prep, Notetaker, Translator, AI Receptionist; agent observability ties to the Galileo acquisition; managed via Control Hub / Cloud Control.

A frontline/mobile wireless handset (PhoneOS) launched alongside the collaboration device refresh.

• PhoneOS; Wi-Fi 6E; man-down detection; AI noise removal — targeted at frontline/mobile workers.
• Part of the same June 2026 collaboration wave as the Room Kit Pro G2 / Desk Pro G2 devices.
• Managed via Control Hub / Cloud Control.

A production-ready agentic harness from Itential to design, deploy and run governed AI agents on enterprise infrastructure — an independent third-party product, not a Cisco product.

• THIRD-PARTY: built by Itential, not Cisco; showcased at Cisco Live (World of Solutions) and at the Network Automation Forum's AutoCon 5 (Munich).
• Combines AI reasoning with governed, deterministic execution and built-in governance/security/audit controls.
• Components: FlowAgents (auditable reasoning agents), FlowAgent Builder, FlowMCP Gateway (extends governance to external agents and MCP tools).
• Reached GA after ~six months of validation across telecom, financial services and utilities; extends Itential's MCP Server (open-sourced May 2025).
• Chris Wade (Co-Founder & CTO): "agentic AI cannot succeed in production without the deterministic execution and governance foundation."

Cisco extended its agentic-security stack — AI Defense, "Zero Trust for agents," and an Agent Gateway with multi-turn LLM controls — alongside non-human-identity protection from the Astrix Security acquisition.

• Agent Gateway adds multi-turn LLM controls so security can evaluate the back-and-forth between agent and model.
• Cisco reframes Zero Trust from access control to "action control" — verifying behavior and controlling the agent itself, not just granting access.
• Non-human identity protection leverages the Astrix Security acquisition.
• Analysts (Futurum) note semantic enforcement (judging agent intent) and MCP/LLM-gateway controls are "fundamentally harder" problems still maturing.

Jeetu Patel's argument that proliferating AI agents fundamentally change network demand — triggering a multi-year upgrade cycle across data center, campus and security.

• Core stat: agents generate roughly 450% more network traffic than a human doing the same task, with "trillions of agents" proliferating.
• The 450% figure traces to Cisco's published report "AI Impact on Wide Area Networks" (~May 22, 2026; authors Gurudatt Shenoy & Javier Antich), stated on stage by Patel — confirmed attribution, but a single-vendor measurement.
• Supercycle spans higher-capacity data-center fabrics (G300/P200), campus refresh (Catalyst 9550/9350, Wi-Fi 7) and machine-speed security, unified under Cloud Control.
• Maps to Robbins' companion line: "the network is more important than the node."