The shift from conversational AI to autonomous agents is forcing a rethink of enterprise security architecture. As AI agents take on real business tasks at scale, the industry’s long-held assumptions about access control, identity and trust are no longer sufficient. Instead, agentic AI security requires a new approach.

A recent Cisco Systems Inc. survey of large-scale enterprises found that 85% of respondents are experimenting with AI agents, yet only 5% have moved those agents into production environments. The gap between experimentation and deployment underscores how agentic AI security has become the defining barrier to enterprise-scale adoption, according to Jeetu Patel (pictured), president and chief product officer of Cisco.

“These agents [are] kind of like teenagers,” Patel told theCUBE. “They’re superbly and supremely intelligent, but they have no fear of consequences. They do stupid stuff all the time. The difference between delegation and trusted delegation is equivalent to the difference between bankruptcy and market leadership. It is literally that stark.”

Patel spoke with theCUBE’s Dave Vellante at the RSAC 2026 Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed agentic AI security, the shift from access control to action control and Cisco’s open-source DefenseClaw framework. (* Disclosure below.)

Agentic AI security and the rise of action control

The core problem is that agents operate at a fundamentally different scale and risk profile than humans. Enterprises could eventually support 10 to 1,000 agents per worker, running around the clock and creating an effective workforce expansion into the trillions, Patel estimated. At RSAC 2026, there has been a definite change in topic as the world has been shifting from conversational AI to agentic AI, moving from AI that answers questions to AI that takes actions, he added.

“In the chatbot era, what happened when they did something wrong?” Patel said. “The risk of something going wrong in a chatbot is that you got the wrong answer. The risk of something going wrong in agents is they’ve taken the wrong action — that potentially could be irreversible damage.”

That irreversibility is precisely why zero trust must evolve from access control to action control. Every agent action should be observable, interceptable and subject to dynamic guardrails, with permissions granted just in time, scoped to the minimum required and revoked immediately upon task completion, Patel explained.

“When you’re thinking about an agent identity, the permissioning that you do against that identity has to be far more temporal than a human identity and has to be far more granular,” Patel said. “Just in time [permissioning] means as soon as the agent wants to do something, you have to give it permission. Just enough permissioning [means] you only give it permission for the scope that they’re going [need] to do something and no more.”

To operationalize this vision, Cisco launched DefenseClaw at RSAC 2026, an open-source security framework built to integrate with Nvidia Corp.’s OpenShell container for OpenClaw agents, Patel explained. Cisco says developers can install DefenseClaw in about five minutes, and from there, the tool searches for cybersecurity issues across Model Context Protocol tools, plug-ins and other technical resources that an AI agent uses to perform tasks, tracking how those resources change over time.

“Every single time an OpenClaw agent runs in OpenShell, you automatically have all of our security services activated against that agent. You don’t have to worry about it,” Patel said. “Agent security is a multi-hundreds-of-billions-of dollars market. And by the way, we have no concept right now on how grave the consequences can be if you don’t deploy this.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSAC 2026 Conference:

(* Disclosure: TheCUBE is a paid media partner for the RSAC 2026 Conference. Sponsors of theCUBE’s event coverage do not have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE