At Partner Summit 2025, we didn’t just share a vision for Cisco IQ – we demonstrated the engine in action. Today, Liz Centoni announced that we are now shipping the enterprise-ready reality. Cisco IQ for the SaaS deployment mode is now generally available (GA). As the unified, AI-powered delivery engine for Cisco Services, it represents a structural shift in how complex enterprise IT environments are managed, secured, and optimized at scale.
Our mission for Cisco IQ was clear: we needed to move away from the fragmented, tool-centric approaches of the past, which perpetuate data silos, stifle innovation, and lead to alert fatigue. Enterprise operations require a seamless digital thread that connects every stage of the infrastructure lifecycle – from planning and design to operations and optimization. To achieve this, we built a deterministic, secure, and highly integrated data engine capable of reasoning over complex, bespoke environments.
Throughout our Early Field Trials (EFT), we put this architecture to the test. Here is a look under the hood at how we engineered the core capabilities of Cisco IQ, and how that architecture is translating into hard operational value for our customers.
1. Complete Landscape Clarity: Addressing the Data Reconciliation Problem
Security begins with awareness.
Talos 2025 “Year In Review” laid out the blind spots: 40% of the vulnerabilities directly impacted End of Life (EoL) devices – 32% of which are at least a decade old. How can we help organizations shine a light on these blind spots?
Historically, asset management has been a fragmented, manual nightmare because critical data lives in disconnected locations. You have static contract and licensing records in one place, Configuration Management Database (CMDB) entries in another, and live asset state, network telemetry, and topology data scattered across various operational tools.
To deliver Complete Landscape Clarity, we had to solve this data problem first. We engineered a foundational data fabric that continuously ingests, normalizes, connects, and reconciles this disparate data. It doesn’t just create a static list of devices; it yields clean, connected data across your asset inventory, license utilization, and physical or logical locations, ultimately building a stateful, real-time view of your infrastructure.
The impact of this architectural choice was immediate in our EFT. A major airline customer reported moving from the frustration of “multiple tools” with fragmented risk views to “one trusted inventory with consistent reconciliation.” Similarly, a higher education organization utilized this unified data model to track Last Day of Support (LDOS) milestones, noting that the AI-driven analysis allowed their team to stay ahead of lifecycle events with “total confidence.” By fixing the data layer, we transformed asset tracking from a forensic exercise into an automated, predictive capability.
2. Proactive Resilience: Engineering Determinism with Cisco IQ
Every outage has a trail. The mission of Cisco IQ is finding that trail before the business feels it. A good measure is how fast an outage was resolved. A better measure is how often an outage was avoided.
Large Language Models (LLMs) are probabilistic by nature – they generate what is statistically plausible, not what is operationally verified. In a complex IT environment, this means a generic AI might confidently list a set of conditions that should be remediated, but how does one know that the list is complete? Absence of evidence is not evidence of absence. A generic AI might also stitch together a remediation script using invalid CLI commands, generate a firewall policy that is syntactically perfect but disastrous for your specific network state, or suggest a localized fix that accidentally triggers a catastrophic downstream routing loop. You cannot run a mission-critical network with potential hallucination; enterprise operations demand strict determinism.
To deliver that determinism, we engineered a multi-domain assessment framework at the heart of our proactive resilience strategy, designed to deliver holistic, connected infrastructure assessments at scale.
Take Security Advisories as one example: When Cisco publishes a new Security Advisory or Field Notice, Cisco IQ springs into action. It analyzes dependencies across your environment, pinpoints exact vulnerable nodes, and automatically generates personalized remediation guidance, all contextualized to each asset’s criticality.
This is the power of practically combining knowledge graphs, classical machine learning, and generative AI – unlocking deeper comprehension of customer deployments at massive scale. The result? Contextualized findings, actionable insights, and tailored recommendations that actually matter to your infrastructure.
But proactive resilience also requires future-proofing against existential architectural shifts. Cryptography is the cornerstone of network security, and with threat actors already employing ‘Harvest Now, Decrypt Later’ tactics in preparation for the Quantum era, the urgency is here today. That is why we integrated Post-Quantum Cryptography (PQC) assessments into Cisco IQ.
Our structured approach rests on three complementary pillars: deep asset inventory to generate your Cryptographic Bill of Materials (CBOM), configuration analysis, and cryptographic risk modeling. Together, they allow Cisco IQ to identify quantum-susceptible algorithms, ensuring you have clear visibility into your exposure, mapping your path to crypto agility, and building a phased transition plan.
This deterministic approach is why a biotech EFT customer called our Hardening Assessments “high-impact” and the “exact solution we’ve been asking for to drive our automation and security forward.” It’s also how a manufacturing company reclaimed days of lost time, moving from manual remediation of security advisories to “strategic, data-driven action.” We are turning static security documentation into actionable, context-aware guidance.
3. Rapid Resolution: Engineering Agentic Root Cause Analysis
When an issue does occur, Mean Time to Resolution (MTTR) is the metric that matters. A complex Cisco Technical Assistance Center (TAC) service request used to mean hours of log collection, parsing, and manual data correlation. Delivering Rapid Resolution requires replacing that manual effort with machine speed.
We engineered Cisco IQ to perform intelligent troubleshooting and root cause analysis using hypothesis-driven and evidence-driven methods, just like an expert human engineer. It systematically narrows down root causes by analyzing telemetry against historical data and digitized internal knowledge. Furthermore, we integrated case management directly into the platform. If an issue requires escalation to Cisco TAC, Cisco IQ makes this effortless by capturing the troubleshooting context along with the relevant information from the data fabric, or the device itself, allowing the TAC engineer to hit the ground running.
Crucially, this architecture operates on a continuous improvement loop. Once an issue is resolved, its specific root cause and telemetry signatures are ingested back into the system’s knowledge graph. By continuously monitoring your environment for these exact failure patterns and leading indicators, Cisco IQ transforms today’s resolved incident into tomorrow’s proactive safeguard against future disruptions.
An IT company in our EFT highlighted the impact of this architecture, noting that Cisco IQ “significantly accelerated our analysis and troubleshooting workflows,” providing the clear, AI-driven insights they needed to manage their network with confidence.
4. Contextualized Professional Services: Putting Our Best Experts on Your Project Before It Even Starts
Complex technology deployments often stall when experts aren’t in the room, or when they lack context. We asked ourselves: How do we put every Cisco expert who ever delivered a similar project onto your project before it even starts? The answer is Contextualized Professional Services. By digitizing decades of institutional knowledge and embedding it into Cisco IQ’s reasoning engine, we deliver proactive, expert-level guidance tailored to your infrastructure throughout its lifecycle. Expect more on this in the near future.
Generating intelligence is only half the battle. The best outcomes are possible only when we seamlessly bridge the gap between our systems and your operational environments. We engineered such bridges to deliver a comprehensive experience:
a. The Human Bridge: Context-Aware Generative UI
Raw intelligence is only as valuable as our ability to consume it. While the data fabric and reasoning engines operate under the hood, the human-machine interface is where operational speed is ultimately won or lost. We knew a simple conversational text box was entirely insufficient for complex IT operations. When you are deep in a high-stakes investigation, you need spatial and temporal context, not just a wall of AI-generated text.
To solve this, we engineered Cisco IQ with a true Generative User Interface (UI) as a core architectural capability. Rather than forcing you to navigate static dashboards or parse dense chat logs, the system dynamically renders the optimal visual interface for the specific context. If the AI Assistant is reasoning through a routing loop, it doesn’t just describe the issue; it generates an interactive topology map. If it correlates a security anomaly, it constructs a visual timeline of relevant data. It also generates structured reports on the fly – something our EFT customers heavily utilized, praising the “crisp, exportable summaries” that could be instantly shared across teams. By engineering the UI to adapt to the investigation, we are dramatically reducing cognitive load and accelerating human decision-making.
b. The System Bridge: Engineered for API-First Extensibility
Finally, we know that an intelligent system that operates as a closed operational silo is useless to modern IT environments. From day one, Cisco IQ was engineered with an API-first architecture. Every capability, insight, and assessment exposed in the UI is built on top of a hardened programmatic foundation. During our EFT, a large financial services customer validated this design, praising the “API-first architecture, open and extensible for insight and automation integration,” which allowed them to seamlessly fit Cisco IQ into their existing multi-vendor environment and ITSM workflows.
As we enter General Availability, our initial rollout delivers this powerful intelligence directly through the Generative UI. With the API-first foundation already in place and validated, we are moving rapidly to expose these programmatic interfaces to all customers next quarter, unlocking deep, ecosystem-wide automation, with even more interfaces to come in the future.
Furthermore, we architected flexible deployment modes to meet strict data sovereignty requirements. Whether utilizing the SaaS modes or the On-Prem Tethered and Air-Gapped modes, customers retain absolute control over their operational data.
The Foundation is Set
General Availability is not the destination; it is our launchpad. We’ve deployed an extensible intelligence engine, and this launch sets the stage for an aggressive roadmap. In the coming months, you will see us expand the capabilities of Cisco IQ, continuing to automate and de-risk complex deployments, introducing continuous, ambient intelligence for proactive infrastructure health management, and broadening our assessment frameworks to future-proof your environments against emerging architectural threats. With every release, the intelligence of this platform will compound, acting as an ever-growing force multiplier for your teams.
I invite you to explore Cisco IQ to transform your operational reality today and scale for tomorrow.
