Field Brief IT Leadership June 2026

Cisco Live US 2026: Cloud Control and the New Operating Model for IT

Cisco Live US 2026 covered a lot of ground, but the biggest takeaway is clear: Cloud Control is becoming the secure harness for the agentic era. That matters because your infrastructure now needs to support human operators, AI agents, custom workflows, and runtime defenses without losing governance, identity, policy, or control.

Jack Riebel
Jack Riebel June 2026
Cloud Control Secure harness for humans and agents
AI Canvas Operators and agents investigate together
Live Protect Runtime shields before the patch window
PQC Quantum-safe planning moves into the roadmap
Platform Harness Governed access, policy, telemetry, and action
Workspace AI Canvas Operators and agents work from shared evidence
Build Layer Studio Build custom apps and agents; discover extensions in Marketplace
Defense Faster Live Protect, Cisco IQ, and PQC planning support the shift
Source Trail Cisco Newsroom Cloud Control Live Protect PQC Anthropic / TechRadar
What to Take Away Cloud Control is the main story: a governed operating harness for human teams, AI agents, custom workflows, and cross-domain action. AI Canvas, Cloud Control Studio, Cisco IQ, PQC, and Live Protect show what that harness makes possible.

This is a longer read by design. Cisco Live US 2026 had a lot of exciting announcements, and the important part is how they fit together for your team: better visibility, safer agentic operations, faster context, and a more continuous way to manage risk.

What Happened at Cisco Live

The short version: Cisco Live 2026 was not just a product-news cycle. It was a signal that infrastructure needs a new operating layer for the agentic era.

The pressure is easy to understand. Your business depends more heavily on the network, applications, collaboration tools, cloud services, and security stack every year, but the team running all of it usually does not grow at the same pace. The result is not just tool sprawl. It is context sprawl.

A branch complaint might look like a wireless issue, but the real problem could be a WAN path, a SaaS dependency, a firewall change, a DNS delay, or an application problem. The evidence may be split across Webex quality data, ThousandEyes tests, Splunk events, help desk tickets, security policy, and device lifecycle information. Historically, the engineer became the integration layer: logging into tools, stitching evidence together, and translating the answer for the business.

That is why Cisco Cloud Control is the announcement to focus on first. It brings networking, security, AI infrastructure, observability, and collaboration into one operational environment, so people and trusted AI agents can work from the same data layer and operational context. The important point is not "one more dashboard." Dashboards are passive. Cloud Control is about giving humans and agents a governed harness for seeing, reasoning, building, and acting across the estate.

AI Readiness Gap

Only a minority of organizations say their networks are flexible enough for AI at scale.

The Tempo Problem

The operating model has to move from annual reviews and ticket queues to continuous signal and response.

The two charts above are the reason the announcements matter together. Networks need to become more flexible for AI, and operations need to move faster than annual reviews, static refresh planning, and ticket-by-ticket troubleshooting. The message from Live was that infrastructure should be continuously visible, continuously understood, continuously governed, and continuously defended.

For your team, the takeaway is this: Cloud Control is the secure harness. AI Canvas is where operators and agents investigate together. Cloud Control Studio is where custom apps, agents, and workflows can be built and extended. Cisco IQ, PQC, and Live Protect matter because lifecycle intelligence, future cryptographic risk, and runtime protection all become more valuable when they connect back into a governed operating model.

Cloud Control: The Secure Harness for Agentic Operations

The value is not just a unified dashboard. It is a governed control layer where your team, AI agents, custom workflows, and Cisco telemetry can work from the same operational truth.

Cloud Control brings the portfolio into one operational environment with one login, unified inventory, real-time topology, and cross-domain intelligence. Cloud Control and AI Canvas are also included with existing product subscriptions for supported Essential and Advantage tiers at no additional cost. Licensing and feature availability always depend on what is deployed and supported, but the direction is important: the agentic operating model is intended to be practical for your team, not reserved for organizations with unlimited staff.

The harness matters because agents need more than model intelligence. They need trusted access, normalized APIs and MCPs, identity and policy in the control path, live telemetry, enforcement points, and governance that makes actions transparent, auditable, bounded, reversible, and subject to human approval. That is the difference between letting AI look at infrastructure and giving AI a safe way to help operate it.

For lean IT teams, that matters. You may not have a CCIE-level expert for every domain sitting on the bench. Cloud Control and AI Canvas are designed to put an AI-assisted specialist layer next to your team, grounded in telemetry, purpose-built models, operational context, and the policies you define. That does not replace engineers or guarantee a perfect answer. It gives your team a stronger starting point and a safer path to action.

Secure Harness What Cloud Control brings together

One governed environment for the people, agents, apps, workflows, and controls operating across your estate.

  • Trusted access to infrastructure, users, workloads, and applications
  • Normalized APIs and MCPs across Cisco and supported third-party domains
  • Identity, policy, and zero trust in the control path
  • Live telemetry and operational context
  • Enforcement points for runtime action where supported
  • Governance for transparent, auditable, bounded, reversible actions
Cisco Cloud Control AI Canvas workspace showing a network health dashboard, assistant response, telemetry widgets, path health, topology, and security signals.
AI Canvas in Cloud Control: operators and agents can work from shared evidence across network, application, security, and data center signals.

Cloud Control Studio extends the operating model into building. Think of Studio as the creation layer: the place to build custom applications, agents, and workflows on top of the Cisco data, policy, and control plane. Within that idea, App Builder is about creating Cloud Control apps and workflows, while Agent Builder is about creating agents that can work inside the governed Cloud Control environment.

The Cloud Control Marketplace is different. It is the discovery and extension layer where teams can find connectors, apps, and partner capabilities that extend what Cloud Control can bring into the operating model. Studio and Marketplace work together, but they are not the same thing: Studio is where you build; Marketplace is where you discover, add, and extend. The value is not waiting for every connector or workflow to arrive on a vendor roadmap. It is having a governed way to build and connect around the systems your business is already adopting.

Cisco Cloud Control Marketplace showing partner and workflow connectors including Auvik, Endace, Linear, Workato, DataDog, PagerDuty, Airtable, and AppOmni.
Cloud Control Marketplace: the catalog for connectors, apps, and partner capabilities that can extend the Cloud Control operating model.
Interactive Briefing Room

Ask the Business Question. Frame the Investigation.

Pick a persona to see representative questions Cloud Control and AI Canvas are designed to support. The answers below are illustrative examples, not live product output or guaranteed diagnostics.

Question

How is the new customer portal rollout going across our branches?

Asked by: COO / CIO
EN Campus / Branch Switching, wireless, SD-WAN
SEC Security SASE, firewall, identity
COL Collaboration Webex, voice, user experience
DC Data Center Compute, apps, fabrics
OBS Observability Splunk, ThousandEyes, logs
Illustrative Sourced Answer

Example answer: Most branches look healthy, but one site is the outlier. Meraki client and access health show normal onboarding and LAN performance. ThousandEyes path tests show packet loss after the local ISP handoff toward the portal endpoint, beginning around the same time users reported failures. No relevant security policy change is detected. Likely owner: provider escalation, with IT monitoring user experience until the path stabilizes.

Signals behind the answer ThousandEyes path tests Meraki client and access health Security policy and change history Help desk or incident records

That is powerful for IT, but it is also powerful for leadership. Today, a business question often turns into a manual reporting exercise: someone checks dashboards, exports data, compares baselines, asks another team for logs, waits on ticket context, and comes back days or weeks later with a summary. Cloud Control and AI Canvas point toward something new: a leader with appropriate access can ask a plain-English question and, where the right data and permissions are in place, get an operational answer with supporting evidence without first knowing which tool, dashboard, CLI command, or SPL query to use. IT still governs the data, access, and actions, but leadership gets a new path to real-time feedback on impact, risk, ownership, and what needs attention next.

The Operating Model Shift

This is the biggest operating shift underneath Cloud Control: infrastructure operations can no longer run on a refresh-calendar rhythm. They have to run on a governed, continuous evidence rhythm.

The old model was built for stability first. Buy the infrastructure. Configure it. Keep it running. Review lifecycle dates once or twice a year. Patch during approved windows. Modernize when the refresh project finally arrives. That rhythm made sense when uptime was the main pressure, most action was human-driven, and the threat landscape moved at human speed.

That is not the environment you are operating in now. Vulnerabilities are being discovered faster. Exploit research is getting help from AI. Infrastructure has more dependencies across cloud, SaaS, security, collaboration, and data center systems. A device that is technically still running can still be the wrong risk to carry if it is exposed, out of support, missing telemetry, or blocking your ability to respond quickly.

The Cisco Live announcement explicitly connects AI-assisted security research to a faster vulnerability-to-exploit window. Anthropic's Project Glasswing is a good example of the shift: Cisco is part of a select charter-member group using frontier models to stress-test critical software and find weaknesses before attackers can use the same class of capability. The lesson is simple: if a controlled research program can accelerate vulnerability discovery, attackers will chase that same acceleration. Waiting until the last day of support, the next annual review, or the next refresh budget cycle leaves too much exposure sitting in the environment.

Old Rhythm

Set, Wait, Refresh

  • Configure policy and revisit it only when something breaks
  • Treat LDOS and end-of-life dates as future cleanup items
  • Wait for a refresh project before modernizing weak spots
  • Patch only inside slow maintenance cycles
  • Translate exposure, lifecycle, and outage risk into executive language by hand
New Operating Loop AgenticOps Harness Inventory, telemetry, policy, lifecycle, vulnerability exposure, runtime protection, and human approval move together as risk changes.
New Rhythm

See, Govern, Act, Prove

  • Use Cloud Control as the governed harness for humans, agents, apps, and workflows
  • Use AI Canvas to investigate supported signals with sourced evidence
  • Use Cisco IQ to keep LDOS, vulnerability, and resilience gaps visible before they become urgent
  • Use PQC planning before long-lived data becomes tomorrow's problem
  • Use Live Protect where supported to reduce exposure before the patch window

This is the shift: refresh, lifecycle, patching, vulnerability exposure, custom workflows, agentic actions, and business impact cannot be separate conversations anymore. They are one operating loop. Know what you have. Govern who and what can act. Understand what is exposed. Prioritize what matters to the business. Reduce risk where you can. Prove what changed. Then keep doing it as the environment changes.

Cloud-managed visibility, AI-assisted investigation, SASE and Zero Trust policy, segmentation, Cisco IQ, PQC readiness, and Live Protect are all pieces of that larger pattern. Cloud Control is the place those signals and actions start to become a platform instead of a pile of separate tools. Your environment has to keep getting safer while the business is running, not only when a platform is out of support or a major incident forces the issue.

That is a huge change for your team. The goal is no longer just to keep the lights on until the next refresh. The goal is to run infrastructure as a living system: continuously visible, continuously prioritized, and continuously defended.

Why Executives Should Care

The executive story is not simply "AI for IT." It is a safer way to connect business questions to operational evidence, with Cloud Control acting as the governed control layer underneath.

You may run lean. The same few people may own switching, wireless, firewalls, collaboration, identity, servers, SaaS integrations, and executive reporting. When the business rolls out a new application, opens a new site, changes a call center workflow, or launches an AI tool, the question from leadership is simple: "Is it working?" Today, that answer is usually buried in specialist tools, tribal knowledge, and manual reporting cycles.

Business Question Are users adopting the new app, and where is it failing? Asked in plain English by a COO, CIO, line-of-business leader, or IT executive.
Supported Evidence Plane AI Canvas Investigation
Network Security Observability Collaboration Workflow Lifecycle
Sourced Answer Impact, risk, ownership, and next action IT governs data, permissions, and actions; leaders get faster feedback without waiting for a manual report.

This is where AI Canvas becomes more than a troubleshooting feature. It is the workspace inside the Cloud Control harness where operators and agents can investigate from the same live evidence. Instead of asking IT for a report, waiting for teams to pull baselines from different tools, and reviewing a stale summary two weeks later, leadership can start closer to the truth: ask the question, see the supporting context, and understand what needs attention.

This does not mean executives bypass IT or approve risky actions on their own. The value is governed visibility. IT still controls access, policy, data quality, and remediation. Leadership gets a faster way to understand impact and priority, while the technical team keeps the guardrails, approval paths, and evidence trail intact.

Cisco IQ fits here as the resilience planning layer. Cloud Control and AI Canvas help your team understand what is happening operationally. Cisco IQ helps turn lifecycle, vulnerability, peer benchmarking, and services insight into a more continuous conversation about what should be modernized, protected, or prioritized next.

PQC: Quantum Is Not Just an Enterprise Problem

You may not be planning around quantum yet. That is understandable. It is also risky if your data needs to stay confidential longer than your current encryption is expected to stay safe.

The quantum-safe roadmap from Cisco Live US 2026 included a commitment to enable quantum-safe communications capabilities across the majority of Cisco's core portfolio by December 2026. The point is not that you need to rip and replace cryptography tomorrow. The point is that PQC planning has to start before the data is at risk, because migration takes inventory, vendor readiness, testing, maintenance windows, and policy decisions.

The PQC risk shows up in two practical ways. Harvest now, decrypt later means encrypted data can be captured today and decrypted later if quantum capability catches up. Trust now, forge later means future systems could threaten the signatures, certificates, and trust relationships your infrastructure depends on. The question is not "Will we own a quantum computer?" It is "Which data, systems, and trust paths still need to be safe years from now?"

Confidentiality Risk Harvest now, decrypt later

Data captured today may become readable later. Long-lived customer, legal, health, financial, or intellectual-property data deserves earlier planning.

Planning Question What must still be trusted in 5, 10, or 20 years? Start with data shelf life, cryptographic inventory, vendor readiness, and systems that carry sensitive information.
Trust Risk Trust now, forge later

Signatures and certificates that prove identity or software integrity may need a migration path before the risk becomes urgent.

The practical takeaway is not "replace everything tomorrow." It is: know what data needs long-term confidentiality, identify the systems that encrypt, transport, authenticate, and store it, track where cryptography exists in the environment, and start asking vendors where their products are on the quantum-safe roadmap. Cisco IQ's announced Quantum Ready Assessments are especially relevant here because most organizations do not have dedicated cryptography specialists waiting for a quantum planning project. In the broader Cloud Control story, PQC is a reminder that the harness has to manage tomorrow's risk, not only today's tickets.

Live Protect: Reduce Exposure Before the Patch Window

Live Protect addresses the operational gap between vulnerability disclosure and patch completion: the risk is real now, but critical infrastructure cannot always be patched immediately without business impact.

Live Protect is not a reason to avoid patches. It is a way to reduce exposure while the right patching process happens. When Cisco validates runtime protection for a supported product, software release, policy, mode, delivery path, and management surface, your team can apply a Cisco-provided Vulnerability Shield as a temporary compensating control while preparing and deploying the permanent software fix.

That matters because patching infrastructure is not the same as updating a laptop app. Network and security platforms often sit directly in the path of revenue, branch operations, collaboration, data center access, or customer experience. Live Protect gives your operators another option: monitor first where supported, enforce when appropriate, continue operations without a reboot during the protection action, then disable or retire the shield after the fixed software is deployed.

From Advisory to Protection to Patch

Why runtime protection matters when maintenance windows, uptime, and security risk collide.

1 Advisory Guidance identifies exposure and the fixed-software path
2 Validated policy Cisco validates whether a supported shield can reduce exposure
3 Monitor or enforce Teams observe impact and apply enforcement where supported
4 Patch and retire Deploy the permanent fix and retire the temporary control
Live Protect is

Runtime protection for supported Cisco infrastructure, using Cisco-provided and Cisco-validated compensating controls tied to supported policy, mode, and lifecycle behavior.

Live Protect is not

A replacement for patching, a universal shield for every vulnerability, a generic third-party workload control, or a feature that is universally available across the entire portfolio.

Why does this matter now? Because the AI-assisted research shift discussed earlier is compressing security timelines. The Cisco Live message was direct: the window between vulnerability and exploit is moving from weeks to minutes. The separate Apple M5 example shows the same acceleration from another angle: researchers using Anthropic's Mythos Preview reportedly helped build a working macOS kernel exploit in about five days. The lesson is not that AI makes security automatic. The lesson is that expert researchers now have a faster loop, and attackers will pursue the same advantage.

This means "we will address it during the next refresh" is becoming a risky security strategy. LDOS risk, advisory exposure, compensating controls, and patch operations need to become ongoing operating metrics, not annual cleanup projects. Live Protect fits the Cloud Control story because runtime defense is only useful when it is governed, visible, temporary, and tied back to permanent remediation.

What To Do Next

You do not have to act on every announcement immediately. Use Cloud Control as the organizing question: what should your infrastructure harness be able to see, govern, build, defend, and prove?

Inventory
1
Map the Estate
Know what products, subscriptions, lifecycle dates, telemetry sources, APIs, and management planes you already have.
Harness
2
Pick One Agentic Workflow
Start with one business question or custom integration and define the evidence, permissions, policy, and approval path it needs.
Exposure
3
Move Past Static Security
Track advisory exposure, patch SLAs, runtime controls, and LDOS risk as ongoing metrics.
Future Risk
4
Start PQC Discovery
Identify long-lived sensitive data and the systems that encrypt, transport, authenticate, and store it.
The Bottom Line

Run Infrastructure Through a Secure Harness

Cisco Live US 2026 was a signal that infrastructure operations are moving from tool-by-tool administration to agentic, governed operations. The center of that story is Cloud Control: the secure harness that can connect inventory, topology, telemetry, policy, agents, workflows, and action.

AI Canvas is where the work happens. Cloud Control Studio is where new apps, agents, and workflows can be built, while Cloud Control Marketplace is where teams can discover and add extensions. Cisco IQ turns lifecycle and security posture into an ongoing resilience conversation. PQC reminds you that future risk needs planning before it becomes urgent. Live Protect can reduce exposure while patching happens the right way.

Your team will be best positioned by moving past static policy, LDOS-driven refresh, and one-off tool administration. The teams best prepared for this next cycle will build a harness that lets people and agents see, govern, act, and prove as the environment changes.

Source Trail View the References Behind This Brief Cisco sources are used for Cisco product claims. External research is labeled separately.

Cisco Live US 2026 Announcements

Used for the Cisco Live US 2026 announcement context around Cloud Control, AI Canvas, Live Protect expansion, Cisco IQ capabilities, and PQC roadmap items.

Cisco Newsroom: Agentic Platform

Cloud Control, AI Canvas, and Studio

Used for the Cloud Control platform basics: one login, inventory, topology, cross-domain intelligence, AI Canvas, Cloud Control Studio, and the Cloud Control Marketplace ecosystem.

Cisco Cloud Control

AI Canvas Controlled Availability

Used for AI Canvas availability and capability context, including natural-language, multi-agent investigations, generated widgets, multimodal context, and knowledge bases.

Cisco Blogs: AI Canvas

Live Protect

Used for Live Protect scope: runtime protection for supported products and releases, validated compensating controls, permanent remediation, and availability limitations by platform, software release, policy, mode, delivery path, management surface, and lifecycle support.

Cisco Live Protect

Post-Quantum Cryptography

Used for the December 2026 quantum-safe communications roadmap and planning guidance around HNDL and TNFL risks.

Cisco PQC Trust Center

Cisco AI Readiness Index

Used for AI readiness data, including the share of organizations that say their networks are fully flexible for AI and the share planning to deploy AI agents.

Cisco AI Readiness Index 2025

Project Glasswing and Mythos

Cisco is a charter member of Anthropic Project Glasswing. The Apple M5 example is treated as a reported external security research story, not as a Cisco claim.

Anthropic Project Glasswing | TechRadar M5 report
Join the thread

React or leave a comment.

Public reactions and comments help keep the conversation attached to the brief.