Jeetu Patel, Cisco’s President and Chief Product Officer, sat across from a small group of journalists in Las Vegas this month and was asked, fairly directly, how much companies should trust AI agents to act on their behalf. The question came after a week of keynotes at Cisco Live, where the headline announcement was Cloud Control, a platform that puts human operators and AI agents into the same management environment, working from the same data across networking, security, compute, and observability. Cisco is calling the operating model AgenticOps. Patel has close to a million customers and said Cisco is shipping product capabilities daily; Cloud Control is partly his answer to that communication problem, a single scaffold so customers can see what they have without being overwhelmed by the pace of it.
One of the first questions was about the risk of not moving on AI at all. Patel had come from a cybersecurity panel earlier that day, held in Section 7 of the conference, where OpenAI’s Drew had made an argument Patel found worth repeating: right now, people who distrust AI avoid it; in the future, those same people will be less secure than those who adopted it, because AI will be the primary mechanism for detecting and countering AI-enabled threats. Cisco’s own research grounds this locally. The company’s 2025 Cybersecurity Readiness Index for South Africa found that only 5% of South African organisations are fully prepared for the current threat environment, and 78% say they lack the staff to manage AI-enabled attacks. Those numbers describe an industry where capacity is already stretched before the next generation of tooling arrives. Whether AI adoption helps close that gap or adds to the complexity depends entirely on how deliberately it’s done, which is most of what the rest of the conversation was about.
The most substantive exchange was about what enterprises actually need in place before they start delegating work to agents. Patel’s answer was specific. He talked about starting with things like checking your emails in the morning, pulling your calendar, and generating a prep document for every meeting before you walk into it. Those are the kinds of tasks, he said, that you delegate before you hand over anything with real consequences. The comparison he kept coming back to was a bank account: nobody gives an agent their account number and tells it to go handle everything. The question is what you give it before you get to that point, and whether you’ve watched it work carefully enough to know what it can handle.
The house key analogy was his own. You don’t give everyone who comes to your home the door code, and you give the door code to different people than you give a key to. Agents work the same way. The access level should match the demonstrated capability, not the theoretical one.
Patel described three phases of getting there. Phase one is familiarity: the first time you use an agent, you’re not good at it, and you shouldn’t expect to be. Phase two is competence through repetition. Phase three is efficiency, where you’re getting outcomes from the agent that are measurably better than what you’d produce working alone, partly because you’ve learned to use tokens well. He was clear that most people haven’t reached phase two yet. They’re still using AI transactionally, asking a question and getting an answer, rather than setting tasks before a meeting and returning to completed work.
Drew from OpenAI had made a related observation at Section 7: he’s shifted from using ChatGPT to using Codex because that’s where OpenAI’s agent actually lives. You task it before you go into a meeting, and when you come back, the prep is done. That’s not how most people are working yet, and Patel wasn’t pretending otherwise.
His framing of human oversight was more precise than the keynote version. In the keynote, he’d called autonomous agents “diligent teenagers.” In the roundtable, he drew a distinction between a human being “in” the loop and “on” the loop. Human in the loop means the agent stops and waits for approval before proceeding. Human on the loop means the agent acts and the human monitors, able to intervene but not required to sign off on each step. The cycle times of being constantly in the loop, he said, will eventually make it prohibitive. But you can’t skip to “on the loop” until you’ve seen the agent perform well enough, across enough repetitions, to have an evidence base for trusting it.
His proposal for how platforms should handle this was also specific: start with human-in-the-loop as the default, then let the system surface patterns. After 50 times doing a task, the platform should be able to say: the agent has handled this consistently, do you want to let it carry this out without checking in? The trust becomes data-driven rather than assumed.
A journalist asked at what point that human oversight becomes a liability, specifically whether constant approval cycles would prevent Cloud Control from defending an enterprise fast enough against a real threat. Patel’s answer was that the answer varies by use case, industry, and country, and that the technology’s job is to make human oversight optional rather than required, while keeping non-deterministic guardrails that can halt agent behaviour even if the human has already granted permission. The agent should be able to be intercepted by the system itself if it starts doing something wrong, regardless of what access it’s been given.
The air-gapped question came from a journalist thinking about hospitals and fire departments. Patel pointed to Galileo, a small language model Cisco demonstrated at the conference, which he said achieves higher accuracy in constrained environments because it examines every action rather than sampling, and does so at a fraction of the cost of a larger model. For environments that genuinely can’t connect to cloud infrastructure, he named DefenseOn as the current downloadable product: you download it, run it locally, no cloud connection required.
He also confirmed that Cloud Control itself will not be available on-prem. The platform is cloud-native and will stay that way, because moving at the speed Cisco needs to move on product development is incompatible with on-prem constraints. Nexus remains on-prem and will continue to, with the option of a cloud connector for customers who want telemetry in the cloud without full cloud dependency. Customers who need a fully air-gapped environment with no cloud contact won’t be using Cloud Control.
That matters for South Africa. Cisco brought its Sovereign Critical Infrastructure portfolio to the local market earlier this year, aimed at organisations navigating POPIA and sector-specific data residency obligations. The tiered sovereignty model Patel described at the roundtable, where different workloads require different degrees of isolation rather than a blanket air-gapped approach, is the architecture those conversations are being built around. Checking restaurant reviews can go to the cloud. A hospital’s critical infrastructure probably shouldn’t. The practical question for South African public sector and healthcare organisations is which of Cisco’s products actually apply in their environment, given that the flagship platform requires cloud connectivity.
On the competitive picture: Cloud Control is currently in controlled availability in the United States. ServiceNow, Microsoft, and several observability vendors are building toward the same unified management plane. Cisco’s argument for why it’s better positioned than a software-only platform comes down to the network hardware underneath. Patel’s claim is that AI workloads generate sustained, continuous infrastructure demand that a software layer sitting on top of someone else’s hardware can’t fully address, because the performance and security decisions happen at the network level. It’s also the argument that keeps Cisco from being bypassed by a cheaper platform and commoditised into a box vendor again, which is the fate the company has spent years trying to avoid.
Patel noted that five years ago, Cisco’s customer conversations were mostly with IT departments. Now CEOs and board members are standard participants. His explanation was straightforward: if you don’t have the right infrastructure for AI workloads, you won’t be a relevant company. Cisco’s sales motion has shifted accordingly, and that shift is showing up in who picks up the phone.
South Africa’s enterprise landscape isn’t moving uniformly. The larger banks and retailers are already in detailed conversations about agentic deployments. Many organisations are still working through earlier problems around cloud governance, skills shortages, and data architecture.
The last question in the session was about the wrong way to deploy agents in mission-critical consumer-facing services. Patel’s answer: over-permissioning or under-permissioning. His framing was a 13-year-old: don’t treat them like a five-year-old, don’t treat them like a 25-year-old. Treat them like what they are. As agents mature, the permissions should evolve with the demonstrated capability, not race ahead of it. “We have a lot to learn together in this thing,” he said. “This is a gradual step process, and you have to be very pragmatic and very deliberate when you go about doing this.”
Keyphrase: AI agents enterprise adoption
Meta description: Cisco’s Jeetu Patel spoke candidly about AI agent trust, delegation, and enterprise readiness at Cisco Live 2026. Here’s what he actually said.
Tags: Enterprises Want AI Agents. Cisco’s Jeetu Patel Says They’re Not Ready to Trust Them Yet.
Jeetu Patel, Cisco’s President and Chief Product Officer, sat across from a small group of journalists in Las Vegas this month and was asked, fairly directly, how much companies should trust AI agents to act on their behalf. The question came after a week of keynotes at Cisco Live, where the headline announcement was Cloud Control, a platform that puts human operators and AI agents into the same management environment, working from the same data across networking, security, compute, and observability. Cisco is calling the operating model AgenticOps. Patel has close to a million customers and said Cisco is shipping product capabilities daily; Cloud Control is partly his answer to that communication problem, a single scaffold so customers can see what they have without being overwhelmed by the pace of it.
One of the first questions was about the risk of not moving on AI at all. Patel had come from a cybersecurity panel earlier that day, held in Section 7 of the conference, where OpenAI’s Drew had made an argument Patel found worth repeating: right now, people who distrust AI avoid it; in the future, those same people will be less secure than those who adopted it, because AI will be the primary mechanism for detecting and countering AI-enabled threats. Cisco’s own research grounds this locally. The company’s 2025 Cybersecurity Readiness Index for South Africa found that only 5% of South African organisations are fully prepared for the current threat environment, and 78% say they lack the staff to manage AI-enabled attacks. Those numbers describe an industry where capacity is already stretched before the next generation of tooling arrives. Whether AI adoption helps close that gap or adds to the complexity depends entirely on how deliberately it’s done, which is most of what the rest of the conversation was about.
The most substantive exchange was about what enterprises actually need in place before they start delegating work to agents. Patel’s answer was specific. He talked about starting with things like checking your emails in the morning, pulling your calendar, and generating a prep document for every meeting before you walk into it. Those are the kinds of tasks, he said, that you delegate before you hand over anything with real consequences. The comparison he kept coming back to was a bank account: nobody gives an agent their account number and tells it to go handle everything. The question is what you give it before you get to that point, and whether you’ve watched it work carefully enough to know what it can handle.
The house key analogy was his own. You don’t give everyone who comes to your home the door code, and you give the door code to different people than you give a key to. Agents work the same way. The access level should match the demonstrated capability, not the theoretical one.
Patel described three phases of getting there. Phase one is familiarity: the first time you use an agent, you’re not good at it, and you shouldn’t expect to be. Phase two is competence through repetition. Phase three is efficiency, where you’re getting outcomes from the agent that are measurably better than what you’d produce working alone, partly because you’ve learned to use tokens well. He was clear that most people haven’t reached phase two yet. They’re still using AI transactionally, asking a question and getting an answer, rather than setting tasks before a meeting and returning to completed work.
Drew from OpenAI had made a related observation at Section 7: he’s shifted from using ChatGPT to using Codex because that’s where OpenAI’s agent actually lives. You task it before you go into a meeting, and when you come back, the prep is done. That’s not how most people are working yet, and Patel wasn’t pretending otherwise.
His framing of human oversight was more precise than the keynote version. In the keynote, he’d called autonomous agents “diligent teenagers.” In the roundtable, he drew a distinction between a human being “in” the loop and “on” the loop. Human in the loop means the agent stops and waits for approval before proceeding. Human on the loop means the agent acts and the human monitors, able to intervene but not required to sign off on each step. The cycle times of being constantly in the loop, he said, will eventually make it prohibitive. But you can’t skip to “on the loop” until you’ve seen the agent perform well enough, across enough repetitions, to have an evidence base for trusting it.
His proposal for how platforms should handle this was also specific: start with human-in-the-loop as the default, then let the system surface patterns. After 50 times doing a task, the platform should be able to say: the agent has handled this consistently, do you want to let it carry this out without checking in? The trust becomes data-driven rather than assumed.
A journalist asked at what point that human oversight becomes a liability, specifically whether constant approval cycles would prevent Cloud Control from defending an enterprise fast enough against a real threat. Patel’s answer was that the answer varies by use case, industry, and country, and that the technology’s job is to make human oversight optional rather than required, while keeping non-deterministic guardrails that can halt agent behaviour even if the human has already granted permission. The agent should be able to be intercepted by the system itself if it starts doing something wrong, regardless of what access it’s been given.
The air-gapped question came from a journalist thinking about hospitals and fire departments. Patel pointed to Galileo, a small language model Cisco demonstrated at the conference, which he said achieves higher accuracy in constrained environments because it examines every action rather than sampling, and does so at a fraction of the cost of a larger model. For environments that genuinely can’t connect to cloud infrastructure, he named DefenseOn as the current downloadable product: you download it, run it locally, no cloud connection required.
He also confirmed that Cloud Control itself will not be available on-prem. The platform is cloud-native and will stay that way, because moving at the speed Cisco needs to move on product development is incompatible with on-prem constraints. Nexus remains on-prem and will continue to, with the option of a cloud connector for customers who want telemetry in the cloud without full cloud dependency. Customers who need a fully air-gapped environment with no cloud contact won’t be using Cloud Control.
That matters for South Africa. Cisco brought its Sovereign Critical Infrastructure portfolio to the local market earlier this year, aimed at organisations navigating POPIA and sector-specific data residency obligations. The tiered sovereignty model Patel described at the roundtable, where different workloads require different degrees of isolation rather than a blanket air-gapped approach, is the architecture those conversations are being built around. Checking restaurant reviews can go to the cloud. A hospital’s critical infrastructure probably shouldn’t. The practical question for South African public sector and healthcare organisations is which of Cisco’s products actually apply in their environment, given that the flagship platform requires cloud connectivity.
On the competitive picture: Cloud Control is currently in controlled availability in the United States. ServiceNow, Microsoft, and several observability vendors are building toward the same unified management plane. Cisco’s argument for why it’s better positioned than a software-only platform comes down to the network hardware underneath. Patel’s claim is that AI workloads generate sustained, continuous infrastructure demand that a software layer sitting on top of someone else’s hardware can’t fully address, because the performance and security decisions happen at the network level. It’s also the argument that keeps Cisco from being bypassed by a cheaper platform and commoditised into a box vendor again, which is the fate the company has spent years trying to avoid.
Patel noted that five years ago, Cisco’s customer conversations were mostly with IT departments. Now CEOs and board members are standard participants. His explanation was straightforward: if you don’t have the right infrastructure for AI workloads, you won’t be a relevant company. Cisco’s sales motion has shifted accordingly, and that shift is showing up in who picks up the phone.
South Africa’s enterprise landscape isn’t moving uniformly. The larger banks and retailers are already in detailed conversations about agentic deployments. Many organisations are still working through earlier problems around cloud governance, skills shortages, and data architecture.
The last question in the session was about the wrong way to deploy agents in mission-critical consumer-facing services. Patel’s answer: over-permissioning or under-permissioning. His framing was a 13-year-old: don’t treat them like a five-year-old, don’t treat them like a 25-year-old. Treat them like what they are. As agents mature, the permissions should evolve with the demonstrated capability, not race ahead of it. “We have a lot to learn together in this thing,” he said. “This is a gradual step process, and you have to be very pragmatic and very deliberate when you go about doing this.”