When I talk with partners about advanced frontier AI models, it reaffirms how I think about Cisco’s role in the partner ecosystem.
Partners are already patching customer systems on accelerated schedules and anticipating that speed to increase over the coming months. They are already running end-of-life upgrades at an increasing pace. They are already building vulnerability operations practices because their customers are demanding them. One of our most capable partners presented their work and the room went quiet. The work is happening.
This meeting was the starting point for the Partner Maturity Model for Vulnerability Operations. This blog is your introduction.
Why we built it
AI frontier models have compressed the time between vulnerability discovery and active exploit from weeks to minutes Customer security teams cannot absorb this new pace alone, and they are turning to partners. In turn, we are seeing a clear market signal. The largest partners we spoke with at Cisco Live are all building vulnerability operations practices because they see what is coming. Managed services demand for security is on a trajectory we have not seen since the early COVID era. Carrying this load alone is no longer something customers are willing to do.
This maturity model gives partners a structure for understanding where their vulnerability operations practice sits today and what investment can move it forward. It gives Cisco field teams a structure for having the right conversation with the right partner about the right next step. The whole point is to make the partner ecosystem visible so we can match capability to customer need with intention.
The five levels
Level 1: Foundational Defender (Reactive and Manual). Manual patching, CVSS-based triage, ad-hoc incident response. Vulnerability response is measured in days or weeks. Many partners new to the security practice live here. The conversation at this level is about basic tooling, training, and process discipline.
Level 2: Automated Responder (Standardized). Automated endpoint isolation, ITSM-integrated patching, IR retainer services. The partner has invested in foundational tooling and is building repeatable processes. Response times measured in hours.
Level 3: Proactive Defense (Orchestrated). Continuous runtime protection, exploitability validation, active threat hunting. The partner has dedicated capacity and a real practice. Response measured in minutes for known threat categories.
Level 4: Agentic Innovator (Autonomous). Secured AI agents, automated red-teaming, defensive AI orchestration. The partner is operating at machine speed for the threats that matter most. A small number of Cisco partners are here today.
Level 5: AI-Optimized Vanguard (Frontier-Ready). Machine-speed exposure management, unified AgenticOps, board-level frontier advisory. Deep customer integration. A handful of partners are operating at this level. They are doing world-class work.
How to use the model
There are two ways partners and Cisco field teams will use the maturity model.
The first is self-assessment. A self-assessment tool is in development and will be available on July 8. It will let partners evaluate where they sit across the capability dimensions of the model and produce a maturity profile as well as recommendations for what investment could move the practice forward. The tool will live on the partner landing page when it ships.
The second is conversation. Cisco partner account managers, systems engineers, and field sellers will use the maturity model to start a substantive conversation with their assigned partners. Where do you sit today? What is your customer base asking for? What would move you to the next level? That conversation is the work, and the model gives both sides a shared vocabulary for having it.
The goal is not Level 5
This is the part that matters most. The maturity model exists so partners can match their capability to the complexity of the customers they serve. Every level has partners delivering excellent customer outcomes.
A partner serving smaller customers with simpler network environments can deliver excellent results at Level 2. A partner serving Fortune 500 customers with distributed AI infrastructure needs to operate at Level 4 or higher. The right answer depends on your customer base.
If your customer base is asking for capabilities you cannot deliver, the maturity model gives you a structured way to build them. If your customer base is well-served by where you operate today, the model confirms that and points you toward what to protect.
What is coming next
Three things are landing over the next several weeks.
- The customer playbook has a chapter for partners and is equally relevant as a partner reference.
- The partner supplement goes deeper into the maturity model and into the partner-specific programs and profitability levers.
- The self-assessment tool makes the model actionable without a Cisco conversation required.
All three will live on the partner SalesConnect site. And there are more partner assets coming. Bookmark it.
Where to start
The time to start is now. Pull up your customer base. Map the complexity of what they are asking for. Map your current capability against the maturity model. Have the conversation with your Cisco partner team about what closes the gap.
The work is already in motion. The conversation is the next step.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with #CiscoPartners on social!
Cisco Partners Facebook | @CiscoPartners X | Cisco Partners LinkedIn
