Written by Garrett Gross, Field CISO at Portnox
I just got back from Cisco Live 2026 in Las Vegas. I attend a lot of industry events, but this one left me with more to think about than most. Not because of the scale, though the scale was significant, but because a handful of conversations and demonstrations crystallized something I’ve been watching develop across the industry for a while.
This isn’t a recap or a highlight reel. It’s simply what I took away from the week.
The biggest takeaway wasn’t any individual product announcement. It was watching an industry try to close the gap between a compelling AI-driven future and the operational realities most organizations face today.
The Vision Is Coherent. The Distance to It Is the Real Conversation.
Cisco’s thesis at this year’s show was clear: AI-native infrastructure, autonomous network operations, and security delivered as a continuous fabric rather than a collection of disconnected controls. The keynotes were polished, and the direction is technically sound. These aren’t vaporware promises. Cisco is shipping products that move toward this vision and has the engineering depth to continue doing so.
But I spent a lot of time talking to practitioners on the floor, and the conversation I kept having wasn’t about whether the vision was right. It was about the distance between the stage and Monday morning.
The architecture Cisco is building toward makes the most sense for organizations with a mature, unified stack, a capable team to operate it, and the budget and timeline to pursue it deliberately. That organization exists. It’s just not the median customer in any room I’ve ever been in. Most security and IT teams are operating heterogeneous environments, constrained headcount, and pressure to demonstrate outcomes faster than a multi-year platform consolidation allows.
This isn’t a Cisco-specific challenge. It’s the structural tension running through the entire enterprise security market. Vendors build for the organizations at the highest levels of operational maturity because that’s where the vision is most achievable. The question everyone else has to answer is how to move in the right direction from where they actually are.
That gap doesn’t disappear by ignoring it. And it became even more apparent as conversations shifted toward the topic that dominated nearly every keynote, breakout session, and hallway discussion: AI.
AI Needs a Way Into Your Stack
If AI-native operations are the destination, then the industry’s next challenge is figuring out how AI actually interacts with the environments it’s supposed to help manage.
The concept that surfaced most consistently throughout the week was MCP, the Model Context Protocol. The short version is that it’s a standardized way for AI agents to interact with technology platforms, allowing them to read data, take action, and integrate across systems through a common interface.
When this works, it fundamentally changes what’s possible for a security team. Natural language interaction with infrastructure. Automated investigations. Workflows that previously required dedicated engineering effort built in hours instead of months. The organizations that get this right will operate at a materially different speed than those that don’t.
But there’s an important reality check that didn’t get enough attention. Exposing a platform through MCP only works if there’s a mature, reliable API underneath it. A lot of vendors, including some of the largest names in the industry, are still building toward that reality. The gap between “AI-enabled” on a slide and “robust enough for an autonomous agent to depend on” can be substantial.
Security leaders evaluating these capabilities should be asking hard questions about what’s available today versus what’s still on the roadmap. The direction is right. The readiness varies.
The most compelling example of where this is heading wasn’t a keynote slide or an architecture diagram. It was a live demonstration of what happens when AI has enough context, access, and autonomy to participate directly in solving problems.
The Most Impressive Thing I’ve Seen in 25 Years of This Industry
I want to spend a moment on a demo I watched during the week because I think it represents something genuinely important.
It was an agentic AI troubleshooting in a support system. Not a chatbot. Not a search interface with a better user experience. An AI capable of forming hypotheses, designing diagnostic tests, executing those tests, interpreting results, and iterating based on what it learned.
In other words, it was performing the same diagnostic loop that experienced engineers perform every day without requiring step-by-step instruction.
I’ve spent 25 years in this industry on both the customer and vendor side. I’ve seen countless demos. This one was different.
Traditional support troubleshooting suffers from an information problem. A customer opens a ticket and the first 30 to 45 minutes are spent rebuilding context: re-explaining the environment, re-describing the symptoms, and repeating work that’s already been done.
One comment I heard during the week stuck with me: “When was the last time a support experience started with your context instead of from zero?”
For most organizations, the honest answer is never. The context exists. It’s just scattered across systems, logs, dashboards, and people with no practical way to assemble it into a complete picture.
The framing I heard that captures the opportunity best was simple: “You’ve been solving problems with maps when you really needed a GPS.” A map shows the territory. A GPS knows where you are within it, adapts when conditions change, and continuously guides you toward an outcome.
That’s what made this demonstration so compelling. The AI wasn’t simply retrieving information. It was actively navigating uncertainty. It proposed a hypothesis, gathered evidence, adjusted its understanding, and repeated the process until the problem space became clearer.
That’s not an incremental improvement to support. It’s a fundamentally different operating model.
This Isn’t Really About Support
What made the demo significant wasn’t troubleshooting itself. It was the reasoning model underneath it. The same ability to hypothesize, test, and iterate applies directly to threat investigations, compliance validation, incident response, and policy management.
The phrase “the era of guesswork is over” appeared more than once during the event and probably qualifies as marketing language, but it points toward something real. Security operations have always involved making decisions under uncertainty. You rarely have complete information. You have limited time, incomplete visibility, and competing priorities. You make the best decision you can with the information available.
AI doesn’t eliminate uncertainty. What it does is compress the time required to reduce it while exploring a broader range of possibilities than any individual analyst can realistically hold in their head at once. For security leaders, the relevant question is no longer whether these capabilities are real. I saw them work. The question is how quickly your organization can position itself to take advantage of them, and what that requires from your data, tooling, and operational processes.
The Takeaway I’m Bringing Back
What Cisco Live reinforced for me is that the industry has largely aligned on the destination: AI-native operations, agentic workflows, and dynamic security controls. These are no longer experimental concepts. They’re becoming real products with real deployments and real customers behind them.
The more important debate now is not about where we’re going, but how organizations get there from where they are today. That requires an honest assessment of current stack maturity, hard questions for vendors about what’s shipping versus what’s still on the roadmap, and a practical plan for delivering incremental value instead of waiting for a complete transformation before anything improves.
The access control and zero trust challenges facing organizations today are real, and the approaches to solving them are more nuanced than any keynote can fully capture. That’s the conversation I find most useful: not the vision itself, which most people broadly agree on, but the path between today’s reality and tomorrow’s architecture.
If Cisco Live was any indication, the next few years are going to provide plenty to talk about.
—
Garrett Gross is the Field CISO at Portnox, where he works with security and IT teams navigating zero trust and network access control in the real world. He has 25 years of experience across SOC leadership, threat intelligence, and enterprise security operations.