Companies rushing to deploy agentic AI are discovering that the gap between what these systems can do and what organisations are actually willing to let them do is wider than most vendor roadmaps anticipated. Cisco’s Jeetu Patel put it plainly: the difference between trusting an AI delegation and not trusting it is, in his view, the difference between market leadership and bankruptcy. That’s a dramatic framing, but the underlying problem it points to is real.
Agentic AI operates differently from earlier AI tools. It doesn’t wait for a prompt. It takes actions, chains tasks, interfaces with live systems, and in some configurations makes decisions without a human reviewing each step. That autonomy is the whole point. It’s also exactly what makes organisations hesitate. The risk exposure isn’t theoretical anymore; it scales with the capability.
What Cisco is arguing in its Shields Up guidance is that this gap doesn’t close by itself. Organisations have to close it deliberately, starting with infrastructure basics that many enterprises haven’t yet got right: phishing-resistant authentication, identity verification that extends to AI agents themselves, least-privilege access that doesn’t get quietly expanded once a system is running, and Zero Trust architecture applied consistently rather than as a checkbox exercise. These aren’t new ideas. The novelty is that agentic systems make the cost of skipping them significantly higher.
The next layer is structural. Devices, software, and end-of-life systems that can’t be patched or upgraded create attack surfaces that sophisticated threat actors actively target. The guidance from Cisco isn’t just to patch aggressively but to replace components that can’t be made safe and to build in exploit mitigations and memory safety mechanisms as baseline features rather than add-ons. This is an infrastructure refresh argument dressed as a security argument, and the two aren’t mutually exclusive.
Where the framework gets more interesting is on the question of speed. The argument that human-speed defence is no longer adequate against AI-powered threats is well-supported. Security teams operating in organisations with complex environments are dealing with alert volumes, lateral movement patterns, and identity-based attacks that move faster than any manual triage process can keep up with. Automated detection, automated containment, and continuous monitoring of identity and data activity aren’t aspirational; for organisations at meaningful scale, they’re operational requirements.
The embedded defence point is related but distinct. Analysing an attack after it has happened gives you a post-mortem, not a defence. Inline enforcement, runtime protections, and independently updateable exploit shields that act within the workload rather than at the perimeter are the direction the industry has been moving for several years. Agentic AI accelerates the need because the attack surface inside an organisation now includes AI systems themselves. As we’ve explored previously, security teams increasingly have to trust systems they can’t fully inspect, and that creates a specific kind of institutional vulnerability.
The fifth element is the most commercially convenient for Cisco to recommend but is also genuinely defensible: using AI to run your security operation. Threat hunting, conformance testing, digital twin validation, and compressed deployment cycles are all real applications. The honest caveat is that this capability isn’t evenly distributed. Large enterprises with existing Cisco footprints and mature security operations can compress deployment from months to days. Smaller organisations and under-resourced teams get the same slide deck but a much harder path to the same outcome.
For South African organisations, that gap matters. Local enterprises are operating in an environment where the skills shortage in cybersecurity is severe, where budget constraints are real, and where infrastructure investment cycles are longer than the threat landscape is moving. The POPIA compliance requirements add a layer of data governance obligation that agentic AI deployment has to navigate carefully, particularly around what data these systems access, how long they retain it, and who is accountable when something goes wrong.
None of this is a reason to delay AI adoption. The productivity case is solid, and Patel’s point about shelved projects becoming viable again is credible. But the framing of trust as something built into the foundation rather than layered on later is the part worth holding onto. Organisations that treat security as a downstream compliance task are deploying agentic AI with a structural deficit they’ll eventually have to pay for. The ones that get this right earlier are doing the unglamorous work first.