Cisco Live is here, and my calendar has been heavier with customer calls than usual. A few weeks ago, in three of them, I tried a small experiment. I asked the customers at the other end what Mythos meant to them.
One of them, a capable industrial security leader, had never heard of it. He started talking about ChatGPT instead, and about the fact that his company has not yet authorized employees to use it. That was his closest reference point for what “AI” means inside his world today.
That answer stuck with me. AI is not new in the industrial world: machine vision on the line, predictive maintenance, process optimization. Our customers have been putting AI to work on real problems for years. The conversation that is new is about AI and cybersecurity, both as a weapon and as a defense, and it is moving faster than anyone is comfortable with. Mythos Preview is the frontier AI model Anthropic unveiled earlier this year. It finds and exploits software vulnerabilities far faster than human researchers can. Patching vulnerabilities is getting harder. A recent Cisco post related to Project Glasswing, captures how the median enterprise patch cycle is 20-days while AI has reduced the exploit window to just 20-hours. It is one signal of how fast the attack side is moving, and how much pressure that puts on cyber defense.
Whatever your defense looked like last quarter, the bar is higher today. The threat is moving at AI speed. OT customers need a way to raise that bar in environments that are already complex to operate and upgrade.
That is the challenge our Cisco Live Americas 2026 launch was built to answer.
What is new in Cyber Vision
For years, Cyber Vision’s job has been visibility. Visibility is necessary to OT cybersecurity, but it can no longer be the end goal. Knowing what is connected, what is communicating, and where risk exists is only valuable if it helps teams act. Cisco Cyber Vision is designed for that purpose, unifying visibility, segmentation, and secure remote access to help customers move from awareness to protection.
Building real segmentation is like a rocket with several stages. Visibility was stage one, and it has been in the field for years. Stage two was auto-grouping at scale, which shipped last year: with tens of thousands of assets in a typical plant, visibility alone is very hard to act on. Auto-grouping was what made it legible, clustering assets into IEC 62443 zones and conduits and turning months of manual work into a guided workflow.
Stage three is launching now at Cisco Live. Two new capabilities on the same foundation:
- Auto-policy recommendation. Because we know the assets and the traffic, we can now recommend the policy itself: which conduits to allow, which to deny. You do not start from a blank page.
- Simulate before you enforce. A built-in simulation mode runs the proposed policy against real traffic. You see what would have been blocked, on which line, at which shift, before anything is enforced. No “deploy and pray”.
We built enforcement into the switch itself. Our Industrial Ethernet switches (IE3500 and IE9300) run policy at line rate, on Cisco’s own ASICs. We own the full stack, from silicon to switch to software. No extra appliances. No latency tax on critical safety traffic. This gives our customers a faster, simpler network without the need for extra hardware and still ensuring critical safety traffic remains lightning-fast and secure.
There are more rocket stages left. The next stages are very close as we continue to build upon the foundation of our best-in class hardware and deliver future rocket stages for Cyber Vision to further expand our OT security capabilities.
Modernizing secure OT remote access
Building on this momentum, Cisco is now revolutionizing how we secure network connectivity through both segmentation and remote access. Segmentation is how we control the paths between assets. Remote access is how we control the paths people use to reach them.
This is a daily problem that OT teams must solve. Operators, vendors, and integrators all need to reach specific assets, quickly, and only the assets they are authorized to touch. The old answer was a jump host, a VPN, and a long IT ticket queue. Or worse, a cellular gateway hidden inside a machine: a real backdoor into the whole infrastructure. None of that fits modern operations.
With the new Cyber Vision, the remote access solution is embedded directly into Cisco industrial switches and routers. OT teams grant least-privilege, zero-trust access to specific assets, for specific people, for specific time windows. No separate appliance. No parallel VPN. No waiting on IT for routine maintenance.
This matters because secure remote access is not separate from the segmentation journey. It is part of the same shift from visibility to control. Cyber Vision helps teams understand the industrial environment, segment it based on real operational behavior, and govern who can remotely access critical assets without creating unnecessary risk.
The new Cyber Vision comes standard with select Cisco switches, including the new IE3500, IE3500H Heavy Duty Series and IE9300 Rugged Series.
Build layers of defense for industrial environments
Mythos has put the spotlight on something most of you already knew. You need defense in depth. In industrial environments, building those layers takes time, and it is complicated. Incomplete inventories. Decades-old assets. Schedules that run 24/7. We are giving you the tools to start, with the visibility and auto-grouping capabilities that you already trust, while introducing segmentation with a new auto-policy recommendations and simulation tool. We finally moved secure remote access where it belongs: directly inside the network you already operate.
This is just the beginning. Cisco, and the full Industrial IoT team behind it, are on your side. The network is a key layer in getting you there.
Subscribe to the Industrial IoT Newsletter
