Enterprises don’t get to choose one cloud, one GPU, or one deployment model for AI. They’re running inference across the full NVIDIA accelerated computing family — from production clusters to proof-of-value labs and everything in between. They’re deploying customer-facing applications, internal productivity tools, operational workflows, and agentic AI systems, often all at once. 

And as AI architectures evolve from single-model applications to autonomous agents that call external tools, chain decisions, and cross trust boundaries, the attack surface has expanded well beyond the model itself. It now includes the entire runtime, the AI supply chain, enterprise toolchain and every agent-to-agent handoff in between. 

The security team is expected to protect all of its policies, same guardrails, same compliance posture regardless of what sits underneath. 

Until now, that wasn’t possible. AI security tools were tied to specific platforms, GPU types, and cloud providers. If your infrastructure didn’t match the tool’s requirements, your AI applications went unprotected. Security teams were forced to choose between the right deployment for the business and the right security posture — a trade-off that should never exist. 

Security That Follows Your Infrastructure 

Cisco AI Defense takes a fundamentally different approach. It is infrastructure-agnostic and application-agnostic by design, delivering a uniform security platform that works the same way regardless of the cloud, the GPU, the deployment target, or the AI application running on top. Instead of requiring enterprises to standardize their infrastructure to get security, AI Defense adapts to whatever the business has already chosen. 

Enterprises will always run across many deployment models: managed Kubernetes on AWS, Azure, or GCP; on-premises clusters on Red Hat OpenShift. The security layer above all of them stays constant. One policy engine. One set of guardrails. One operational model. The customer picks the infrastructure that fits their business — AI Defense adapts to it. 

Consistent AI Security Across Every Deployment 

Three capabilities follow the enterprise AI deployments wherever they deploy: 

• Supply chain security: Before an AI application runs, Cisco AI Defense scans the models, datasets, and Model Context Protocol (MCP) servers that power it catching malicious code, backdoors, and vulnerabilities before they reach production. The same scans run whether the application is destined for AWS, an on-premises Secure AI Factory with NVIDIA, or a neocloud.
• Runtime protection with guardrails: While AI applications or agents are running, guardrails enforce security, privacy, and safety policies on every request and response. The enforcement priority security first, privacy second, safety third is identical on AWS, GCP, Azure, and on premises. The policies travel with the application, not the infrastructure. 
• Agentic security: As AI systems evolve into multi-agent architectures, Cisco AI Defense extends protection across agent-to-agent communication, tool invocation, and cross-boundary execution utilizing NVIDIA OpenShell, a secure agent runtime. These trust boundaries exist regardless of where agents run, and the security controls must too. 

Any Cloud, Any NVIDIA AI Infrastructure 

Today, we’re removing the infrastructure constraint entirely. Cisco AI Defense now offers a hybrid deployment model, running as a pure software layer on any major cloud provider, Amazon Web Services, Microsoft Azure, and Google Cloud Platform and on-premises with Cisco Secure AI Factory with NVIDIA. 

Deployment is Kubernetes-native, with validated support for Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), and Cisco Secure AI Factory with Red Hat OpenShift. 

An enterprise can start with a 4-node production cluster on AWS, expand to a second region on Azure, and extend to an on-premises Cisco Secure AI Factory with AI POD all within the same security platform, the same policies, and the same operational model. No re-architecture. No re-validation. No gaps. 

This is a strategic shift, not just a compatibility update. By decoupling AI security from infrastructure, enterprises can protect their AI applications wherever they run and on whatever hardware they already have, without changing a thing to get coverage. 

Where to Start

Enterprises looking to protect their AI applications and agentic workflows can learn more at cisco.com/go/ai-defense. Joining us this week at Cisco Live Las Vegas? Come visit the AI Defense booth to see what’s new firsthand.