Cisco has unveiled a series of security innovations designed to help organisations defend against increasingly sophisticated AI-enabled cyber threats which said are increasingly experienced by businesses worldwide.
The announcements, made at the security industry RSA Conference 2025 in San Francisco, include updates to Cisco XDR, deeper integration with Splunk Security, and a new partnership with ServiceNow to strengthen AI security governance.
"The cybersecurity threat landscape has never been more dynamic and complex, with adversaries constantly emboldened and enabled by AI to drive new attacks and exploits," Jeetu Patel, Cisco's executive chief product officer said.
Security teams are facing overwhelming challenges, processing thousands of threat alerts daily while battling persistent talent shortages. Cisco's new products and services aim to address these pressures by delivering "machine scale security and response" capabilities.
The enhanced Cisco XDR platform now includes Instant Attack Verification, which uses agentic AI to automatically create and execute tailored investigation plans by integrating data from multiple sources.
That system can then confirm threats and enable automated responses to quickly stop attacks.
Additional XDR enhancements include automated Forensics capabilities for deeper endpoint visibility and a new Storyboard feature that visually maps complex attacks to help security teams understand and respond to threats more effectively.
For industrial environments, Cisco has expanded its Industrial Threat Defense solution.
This has with new integrations between Cisco Cyber Vision and several security tools, including Cisco Vulnerability Management and Splunk Asset and Risk Intelligence.
These integrations aim to help organisations better protect operational technology systems that are increasingly targeted by cyber criminals.
One notable announcement was the launch of Foundation AI, a team of AI and security experts from Cisco's acquisition of Robust Intelligence.
The group has released what it claims is the first open-source reasoning large language model (LLM) built specifically for enhancing security applications, along with benchmarks and tools to evaluate cybersecurity models on real-world use cases.
Technically, the Foundation AI Security model is an eight-billion parameter, open weight LLM that’s designed from the ground up for cybersecurity.
It was pre-trained on carefully curated data sets that capture the language, logic, and real-world knowledge and workflows that security professionals work with every day.
Other specs for the model include five billion security-specific tokens distilled from 900 billion; the eight billion parameters are pre-trained on a Meta AI Llama model, so that anyone can download and train the Foundation AI Security AI.
Hardware-wise, the reasoning model can run on one to two Nvidia A100 cards as opposed to systems that require 32 or more of the H100s GPUs.
Cisco has also introduced AI Supply Chain Risk Management controls designed to identify and block malicious AI model files before they enter enterprise environments.
These tools can detect risky open-source software licenses and flag models from prohibited suppliers to help businesses accelerate AI adoption with greater confidence.
Frank Dickson, group vice president of security and trust at analysts IDC, said the effectiveness of these new features will depend on their real-world deployment and integration within existing security ecosystems.
Cisco's announcements reflect a growing industry recognition that AI is creating new security challenges while simultaneously offering potential tools to address them.
As organisations rush to adopt AI technologies, security teams must adapt to protect increasingly complex digital environments.
Splunk Enterprise Security 8.1 will be available in June, while Splunk SOAR [Security Orchestration, Automation, and Response] 6.4 is already generally available.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
