Cisco AI cybersecurity launch touts shadow AI defense
Cisco wields the power of incumbency to weave AI security into existing cloud access management tools, including algorithmic validation testing on AI models.
A product rolled out in early access by Cisco this week looks to bring AI cybersecurity into the enterprise SecOps fold and prevent its malicious use on enterprise networks.
Cisco AI Defense, expected to ship in March, is meant to bridge gaps in AI cybersecurity as mainstream enterprises put generative AI apps into production. The product will inspect web traffic to detect which AI applications and services are in use within a corporate network and whether that use is malicious. AI Defense will detect and block malicious large language model prompts and outputs, features the tool has in common with other recently announced AI gateway products.
Where Cisco claims differentiation is with automatic, algorithmic security validation on LLMs as they're fine-tuned within an enterprise and the automatic generation of appropriate security guardrails.
"You [must] validate whether a model, before you start taking that application into production, is in fact working the way that you expected it to work, and then put the right guardrails around it," said Jeetu Patel, executive vice president and chief product officer at Cisco, during a livestreamed keynote presentation at Cisco AI Summit in New York this week. "The issue that we have in this industry right now is, unlike classical applications, there is no central vulnerability database for AI."
Cisco AI Defense will tackle that problem with IP from Robust Intelligence, a company backed by Cisco Investments and acquired by its Security Business Group in September. The startup issued a research paper on a technique for algorithmically assessing the security of LLMs, which Cisco implemented to create one of the key features of its new product, according to Patel.
"Robust Intelligence created this mechanism called tree of attacks with pruning," Patel said. "They were able to go out and systematically … figure out [how] to attack [a] model until it breaks. … When it breaks, you know what's not working, and then you provide the necessary guardrails."
Cisco AI Defense will automatically suggest such guardrails and continuously update them as models are fine-tuned and updated. Otherwise, any fine-tuning an organization does on an LLM might break built-in security safeguards -- but retraining the model would be prohibitively expensive.
"If you can patch the model with the help of guardrails … at the network level, then you're still getting the benefits of AI safety and security in a much more efficient manner," said DJ Sampath, vice president of AI software and platform in Cisco's Security Business Group, in an interview with Informa TechTarget this week.
The algorithmic approach is also faster and more effective than a manual approach to model validation, Patel said, since there's no upper limit of potential questions a person would need to feed into an LLM to find its breaking points.
"On average, it takes about seven to 10 weeks for most companies to go out and validate a model," he said. "We can do it within 30 seconds."
Cisco flexes incumbent muscles
Cisco AI Defense combines Robust Intelligence IP with LLMs enriched by Cisco partner Scale AI to steer its AI cybersecurity automation features, along with threat intelligence data from Talos and Splunk. Users can carry out guardrail enforcement through the Cisco cloud platform; dashboards for AI Defense are built into the Cisco Secure Access SaaS tool.
"You don't have to have yet another standalone point solution that you have to use, because this is completely baked with the fabric of the network, with the same management tools," Patel said.
This is potentially a strong selling point for AI Defense, according to analysts, particularly because Cisco has visibility into the enterprise networks where LLMs are used.
"It's not wise to rely on an LLM provider to build guardrails as they lack [awareness of the] enterprise context," said Chirag Mehta, an analyst at Constellation research. "[LLM providers] also don't understand organizations' security policies."
Cisco's attention to ongoing guardrail updates in AI Defense also shows a good understanding of enterprise IT's needs as AI apps evolve, said Krista Case, an analyst at The Futurum Group.
"That jumps out to me as providing significant value," Case said. "Because there's that push and pull … between … developers needing to be able to have flexibility and agility, but at the same time the security team needs not only visibility, but control, as applications and AI models evolve over time."
A truly determined shadow AI user could still access unauthorized AI apps and models on a personal device without Cisco's Secure Access agent, but in that scenario, AI Defense could still prevent such a user from accessing highly sensitive data within corporate networks, Case said.
Cisco AI Defense targets SecOps practitioners rather than developers, but Case said she's interested to see how the tool might be used by Cisco customers to inform DevSecOps collaboration as AI cybersecurity evolves.
Coming soon: Hypershield tie-ins, on-prem support
Cisco AI Defense will be SaaS-only at launch, but Sampath said it will eventually support on-premises workloads, along with edge computing and IoT devices. The tool will also integrate with Cisco's Hypershield network security fabric, which would add agentless eBPF-based support for guardrail enforcement on east-west traffic.
North-south traffic is where most LLM usage occurs right now, according to Sampath, but east-west traffic will come to the fore as agentic AI enters mainstream use, Sampath said.
"That's where Hypershield becomes incredibly relevant," he said. "It can leverage eBPF to enforce guardrails … at Layer 7 [where] you really need to have SSL termination and peer into the packet. … Cisco [has] been doing networking plumbing as long as the company's existed, and so we're really good at those kinds of functions."
Still, while Cisco draws on some longstanding strengths with this launch, the Robust Intelligence IP is very new, Mehta said.
"It's not that I don't think highly of a startup, it's just that it's not proven [where] there are obviously more deployment complexities," he said. "We haven't seen how easy this thing is to deploy, how easy this thing is to run. What are the false positives? What are the false negatives? ... Cisco will have to prove that this thing actually works."
Beth Pariseau, senior news writer for Informa TechTarget, is an award-winning veteran of IT journalism covering DevOps. Have a tip? Email her or reach out @PariseauTT.
