For Cisco, the networking behemoth, keeping on top of AI trends is not only essential, it’s part of the business model. So, when agentic AI became the hot new thing in 2025, the company’s SVP and GMr of Infrastructure and Security Tom Gillis knew another challenge was on the horizon.
At the peak of his powers after a career spanning nearly four decades, Gillis knows the ins and outs of the tech business well. And he’s aware that when a technological breakthrough like agentic AI bursts onto the scene there’s ample opportunity—and danger.
At this month’s Cisco Live, the company announced a slew of new tools aimed at addressing the potential for agentic AI misuse, including in its Universal ZTNA (zero trust network access) and Hypershield offerings.
IT Brew sat down with Gillis before the conference to talk about how Cisco is approaching agentic AI and identity access.
This interview has been edited for length and clarity.
I was at RSA in April and everybody was talking about agentic AI, but not about how it expands the threat surface. What do you think of that tension, and is it a concern?
AI agents are far more effective and useful than just prompts. That’s hopefully pretty self-evident, because, look, they actually do things. We’re going to see a rapid proliferation of agents.
So, here’s the security challenge. Networks are all built around the notion of access control...It’s all about who you are and what you get to access. Now, that’s well understood and kind of broadly available in the market—where we believe customers are focused right now, today, is not just putting least privileged policies in place for users, but you also have to think about the machines in your environment. Printers are people too, the idea is that a printer needs to be able to access the print server, and the telephones need to be able to access the call manager, but you don’t want a printer accessing a customer database, ever, under any circumstances.
So, that’s a little harder to implement, zero trust, because a printer isn’t going to log into a web proxy and do a multi-factor authentication. Cisco has a pretty unique capability here, where we can apply tags to both people and to things, and we can figure out, oh, this is a telephone, or this is a printer based on the tag that we applied at the point that it connects the network. And we’ve done that for a while.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
That’s zero trust, right? Is that effective with agentic AI?
This is what the industry calls universal ZTNA. Where we think the AI agents are creating immediate challenges is that if I have an agent running on a computer, it’s gonna look an awful lot like a human. It can log in and provide a password, an authentic date and look like a real person. And so, if I’ve got a printer with a simple software, it doesn’t; but if I’ve got a printer with an agent running on it, it could actually look quite human and could be capable.
What’s even more challenging is if I have a machine and agent running on a human managed device, so I’m running open AI’s operator on my laptop, and it is checking in source code. I know it’s Tom, and his machine is configured properly. It’s coming from a network we recognize, and it’s checking in source code.
But Tom’s on vacation in Mexico. Okay, so it’s not okay.
So, this comes down to agentic AI tooling to manage identity access?
Having the ability to even just identify an agent and distinguish an agent from a human is something that is really, really important.
Cisco’s unique advantage is we have always talked about an identity of three layers. There’s the identity of a user, the password; that’s kind of old news. There’s the identity of the machine that you’re running on, and a continuous risk assessment of the posture chain—not just a snapshot at the moment it connects, but continuously understanding what is this thing doing.
But the most interesting form of identity is process-level identity. A process on Tom’s machine is initiating this connection. And if you have process-level insight, you can actually tell an agent from a human.
For the first time in my career, I feel like I’m not constrained by engineering capacity, because we can build all this stuff. And it’s not only can we build it—we can build it in a way that we can pack intelligence into the solution.