AI Agents Are Ready to Deploy, But Security Isn't

Cisco Systems is extending its Secure AI Factory with NVIDIA from central data centers to distributed edge sites, the company announced at the NVIDIA GTC conference in San Jose on March 16. The move targets a specific problem the enterprise AI market has been circling for months: as AI agents move from pilot programs into production workflows, security has become the thing that stops deployments dead.

The expansion adds Cisco AI Defense — the company's model and agent security layer — to NVIDIA's OpenShell runtimes, part of the NVIDIA Agent Toolkit. The integration puts guardrails on what agents can do when they interact with each other and with external systems. Cisco frames it as embedding security into the infrastructure fabric rather than bolting it on after agents are already running.

"The single biggest barrier to enterprise adoption of AI agents is security," Taylor Donner and Eugene Kim write in a Cisco blog post announcing the expansion. The post lays out the failure modes Cisco is targeting: a warehouse logistics agent hijacked through prompt injection authorising incorrect shipping priorities; an edge model going down and stopping an automated process mid-shift; a security breach exfiltrating proprietary predictive models or PII.

The technical architecture has three layers. AI Defense scans LLMs and SLMs through their exposed APIs, building what Cisco calls an "AI Bill of Materials" to track model supply chain integrity. At runtime, the system applies policies that sanitize prompts and responses in real time — detecting prompt injections, blocking toxic content generation, and enforcing data residency so PII, PHI, and PCI never leave a defined environment. On the hardware side, Cisco Unified Edge adds firmware roots of trust, intrusion detection, and Intel TDX/SGX confidential computing.

The edge extension builds on this with a specific multi-agent deployment example: a warehouse use case demonstrated at GTC using Vaidio for computer vision (watching for stockouts and safety events), Aible as the agentic orchestration platform running local SLMs on Cisco Unified Edge, and Cisco's AI POD in the data center for heavy predictive modeling against the enterprise data lake. When Vaidio detects a stockout, the edge agent reasons locally about whether to disrupt a pending shipment; if action is required, it pings the core agent, which calculates revenue impact and triggers an expedited order. The demo pulls in NVIDIA's Multi-Agent Intelligent Warehouse blueprint.

Chuck Robbins, Cisco's chair and CEO, put the enterprise case plainly in the announcement: "Most organizations understand the potential for AI to transform their businesses, but they're navigating how to deploy the technology safely and at scale." Jensen Huang, NVIDIA's founder and CEO, added: "Together, NVIDIA and Cisco are building the secure foundation for AI infrastructure — core to edge — so companies can scale intelligence with confidence."

According to a Storage Newsletter report, Cisco is also extending its Hybrid Mesh Firewall to NVIDIA BlueField DPUs embedded in Cisco Nexus One fabric servers, moving enforcement to the server level before threats reach an organization's data. The company says this covers network switches, workload agents, and AI-specific enforcement points with what it claims is zero performance trade-off.

The competitive context matters here. Enterprise AI infrastructure is getting crowded — every major vendor is positioning security as the reason to pick their stack over a collection of point solutions. Cisco's angle is that it has the network, the edge hardware, and now the agent security layer in one coherent architecture, rather than requiring customers to integrate a stack from multiple vendors.

The OpenShell runtime integration is worth watching. NVIDIA's open agent development platform is relatively new, and Cisco's positioning AI Defense as a governance layer on top of it is a deliberate bet on enterprise demand for runtime controls. Whether the integration is deep or superficial matters to anyone actually trying to deploy agentic workflows in regulated industries — financial services, healthcare, logistics — where the cost of an agent acting incorrectly is measured in compliance violations and supply chain disruption, not just compute costs.

Cisco's earnings call is scheduled for May. The edge AI infrastructure push will likely be a focal point for analysts asking about the company's AI revenue trajectory.