By Network operations teams are losing predictability. The time-to-exploitation window for security vulnerabilities has collapsed from 10 months to 10 hours over the past five years, forcing continuous infrastructure changes at a pace that human operators alone cannot sustain. Every change carries the risk of misconfiguration, and most network degradations are caused by exactly that. Autonomous agents can absorb that operational load, but only if the systems running them can prove their reasoning, control their execution, and recover safely when something goes wrong.
In this interview on TFiR, Joe Vaccaro, Senior Vice President and General Manager of Cisco’s Network Platform, walks through how Cisco Cloud Control, Cisco Agentic Actions, Cisco Workflows, and the Cisco Digital Twin work together to deliver auditable, deterministic, and graduated autonomous network operations.
Guest: Joe Vaccaro, Senior Vice President and General Manager of Cisco’s Network Platform
Show: TFiR
Here is what every network engineer, NOC operator, and platform architect needs to know.
Technical Deep Dive
Q: What is Cisco Cloud Control and what does it consolidate for network operators?
Joe Vaccaro, Senior Vice President and General Manager of Cisco’s Network Platform, describes Cisco Cloud Control as the single destination where customers manage networking, observability, security, and the full IT infrastructure stack. Rather than operating across disconnected tools, operators work from one control plane that surfaces agentic actions, telemetry, and remediation workflows in a unified interface. Within that platform, Cisco Agentic Actions provide the sense-reason-act loop that powers autonomous operations.
“Cisco Cloud Control is the one place for customers to go and experience networking, observability, security, and everything they need to power their IT infrastructure.” — Joe Vaccaro, Senior Vice President and General Manager of Cisco Network Platform, Cisco
Q: What does the Cisco Agentic Actions loop actually do in a network operations context?
Vaccaro describes the agentic loop as four sequential stages: sense, diagnose, remediate, and validate. Agents monitor the network ambiently and continuously, building an understanding of user experience from every location. When they detect an issue, they apply deep reasoning drawn from Cisco’s four decades of network problem-solving to diagnose root cause. They then propose a resolution, drive the change deterministically through Cisco Workflows, and validate the outcome before closing the loop.
“We’ve distilled down the capabilities within our deep reasoning based upon the four decades that Cisco has had to solve the most complex problems and run the most critical networks.” — Joe Vaccaro, Senior Vice President and General Manager of Cisco Network Platform, Cisco
Q: How does Cisco prevent AI hallucinations from causing network outages?
Vaccaro identifies hallucination as the core trust problem in any agentic network system. An agent that confidently reports a routing loop where none exists, and then triggers a fix, can cause more damage than the original issue. Cisco addresses this by surfacing an evidence chain with every diagnosis so operators can see exactly how the agent reached its conclusion. On the execution side, Cisco Workflows inject a layer of determinism into what is otherwise a probabilistic system, constraining the change path to auditable, governable steps.
“Agents are by nature probabilistic systems. How do you add a level of determinism into the path of resolution? At Cisco we drive that using Cisco Workflows, which provide a workflow-generated way to actually drive the change back into the network.” — Joe Vaccaro, Senior Vice President and General Manager of Cisco Network Platform, Cisco
Q: How does Cisco match the level of human oversight to the severity of a network issue?
Vaccaro explains that not every issue carries the same trust threshold. A simple VLAN mismatch may warrant a fully automated one-click resolution, while a complex or high-risk issue should stop at diagnosis and hand off the evidence to a human engineer. The system is designed so operators configure the appropriate level of agent authority per event type, keeping the human loop where the risk profile demands it and allowing full autonomy where confidence is established.
“Every different event is going to have a different level of how you need to drive through that agentic loop of sensing, diagnosing, remediating the problem, validating it, and ultimately deploying.” — Joe Vaccaro, Senior Vice President and General Manager of Cisco Network Platform, Cisco
Q: How does Cisco build operator trust in autonomous agents over time?
Vaccaro frames trust as something that is earned incrementally through a graduation model. When an agentic action surfaces in Cisco Cloud Control, it first presents the root cause and evidence chain. The next stage presents a one-click resolution. After executing, the system appends both the change and the system response to that same action record, building a track record. Once confidence is established, the operator can toggle that action class to run fully autonomously the next time the same event pattern appears.
“You see this as a graduation of confidence, a graduation of trust. Addressing this autonomous future is not a binary. You will see this as more of a spectrum and customers will be able to increase the level of confidence over time.” — Joe Vaccaro, Senior Vice President and General Manager of Cisco Network Platform, Cisco
Q: What is the difference between AIOps and Agentic Ops?
Vaccaro draws the distinction around agency and execution. AIOps surfaces insights and recommendations but leaves action to humans. Agentic Ops means the agents function as digital teammates that can take on repetitive and remedial tasks end to end, freeing human operators to focus on higher-complexity work. The key differentiator is whether the agent can close the loop autonomously or whether it is just another alerting layer that adds to operator load.
“What differentiates AIOps from agentic ops is whether we can leverage these agents as an extension of our operations teams, digital teammates that we can offload the repetitive, remedial tasks to.” — Joe Vaccaro, Senior Vice President and General Manager of Cisco Network Platform, Cisco
Q: Why is predictability gone in modern network operations and why does that matter now?
Vaccaro argues that the traditional network engineering model relied on controlling traffic patterns, connectivity, and change windows. That model has been broken by the agentic era. The pace of change is accelerating, the complexity of what constitutes a great digital experience is growing, and the attack surface is expanding. The time-to-exploitation window for security vulnerabilities has dropped from 10 months to 10 hours over the past five years, forcing continuous network changes that make the risk of doing nothing greater than the risk of autonomous action.
“The time to exploitation in the last five years has gone from 10 months to 10 hours. This is going to drive customers to create more and more change within their network infrastructure, and every change can have an unintended consequence.” — Joe Vaccaro, Senior Vice President and General Manager of Cisco Network Platform, Cisco
Q: How is Cisco IT itself using agentic network operations internally?
Vaccaro shared Cisco IT as a live use case presented at Cisco Live. Cisco IT operates a mission-critical network across more than 300 global sites. Their operations teams now work alongside ambient agents that post real-time issues directly into a WebEx channel. The agents surface problems the team was not previously aware of and correlate those findings against Cisco IT’s own backend data to provide deeper operational context. Vaccaro noted the range of issue types is broad, reflecting the many ways modern networks can fail.
“Cisco IT runs a mission-critical network over 300 sites globally. Ambient agents are surfacing up issues, posting messages into a WebEx channel, helping the team identify new issues and providing a deeper level of understanding of what is happening.” — Joe Vaccaro, Senior Vice President and General Manager of Cisco Network Platform, Cisco
Q: What is the Cisco Digital Twin and how does it reduce the risk of misconfiguration?
Vaccaro describes the Cisco Digital Twin as a capability built natively inside Cisco Cloud Control that allows operators to take a snapshot of their production network and emulate it in a simulated environment. Before any proposed change is deployed, the digital twin runs the change through test cases to identify unintended connectivity consequences. Vaccaro highlights this directly against the finding that most network degradations are human-caused, specifically through misconfigurations with unintended downstream effects. The initial release targets Cisco devices, with broader scope planned.
“Before you propose a change on your network, you can emulate your network in a simulated environment, run through test cases, and understand whether that change can have an unintended consequence. Most degradations are human caused, caused by a misconfiguration with an unintended consequence.” — Joe Vaccaro, Senior Vice President and General Manager of Cisco Network Platform, Cisco
Q: Why does shared context across domains matter for accurate agentic root cause analysis?
Vaccaro explains that an agent operating with only wireless network context will attribute every problem to the wireless layer, producing systematically skewed diagnoses. Accurate root cause analysis requires a shared context graph that maps how all components are connected across security policy, network topology, and application observability. Cisco Cloud Control brings together security policy data, full network intelligence, Splunk-powered observability, and device estate visibility so agents can correctly correlate events, such as linking a firewall policy change to a branch connectivity disruption or a database latency spike to network congestion.
“To solve problems you need shared context. If you only understand a wireless network, your agents are going to think everything is a wireless problem. When you bring together security policy, network intelligence, and observability with Splunk, you can build a shared context graph of how things are connected.” — Joe Vaccaro, Senior Vice President and General Manager of Cisco Network Platform, Cisco
Q: How does the network itself need to evolve to support the demands of the agentic AI era?
Vaccaro frames the network as the foundational layer without which GPU power and AI capability cannot be realized at scale. The agentic AI era requires that networks deliver not just raw throughput but shared context, cross-domain visibility, and the intelligence to correlate signals from security, application, and infrastructure layers simultaneously. Cisco Cloud Control is positioned as the architecture that brings those layers together so that the network itself becomes an active participant in autonomous operations rather than a passive transport layer.
“You can have the most powerful GPU, but if you do not have the network for it, you cannot leverage the whole. Having shared context becomes critical to how customers are able to leverage these new agentic systems.” — Joe Vaccaro, Senior Vice President and General Manager of Cisco Network Platform, Cisco
Resources & Documentation
- Cisco Cloud Control, unified platform for network management, observability, security, and agentic operations
- Cisco Agentic Actions, sense-diagnose-remediate-validate loop for autonomous network operations inside Cisco Cloud Control
- Cisco Workflows, deterministic workflow engine for safe, auditable, and governable network change execution
- Cisco Digital Twin, production network emulation and change simulation built natively into Cisco Cloud Control
- Splunk, observability and data platform integrated into Cisco Cloud Control for cross-domain telemetry and correlation
***
👇 Click to Read Full Raw Transcript
Swapnil Bhartiya: Hi, this is your Sapna Bhatia and we are here at Cisco Live and today we have with us Joe Okaru, SVP and GM of Cisco Network platform at Cisco. Of course. Joe, it’s great to have you on the show.
Joe Vaccaro: Yeah, thanks for having me.
Swapnil Bhartiya: Of course we are going to talk about Agent Ops these days. Of course, Agentic AI. AI is a big topic. I want to hear from you before we talk about, you know, Agentic Ops, what announcement that you folks made here?
Joe Vaccaro: Yeah, so it starts with Cisco Cloud Control, right. As our the one place for customers to be able to go and experience both networking, observability, security and everything that they need to be able to power their IT infrastructure. Within networking. We announced our Cisco Agentic actions, providing a way for our customers to be able to sense reason and act fully autonomously and new enhancements around that agentic loop.
Swapnil Bhartiya: Now if you look at agents, they are working 24 7, they’re always working at background. Sometimes we don’t even know what they are doing and sometimes nowadays they are not just assistance, they are not just telling us what to do, they are executive things also. So can you also talk about what they’re actually doing in behind and how does that concern Cisco, its customers and what technology you are building for that visibility? Because you folks sit where everybody would like to sit. Because at the juncture of the network, nothing passes without Cisco knowing about it.
Joe Vaccaro: Yeah, so the key thing is we should think about these agents as really digital teammates working alongside our operations teams. Now what do they need to do? Well, they need to help us to solve problems. How do you solve a problem? First is by understanding what is happening across the system, you know, in doing that both ambiently. So it’s understanding on a continuous basis what is the experience that our users are facing from every location around the world. And then they need to be able to diagnose. And what’s key here is how can they be able to have the same level of knowledge of what’s happening across the connectivity that a CCIE level engineer would have. Right. So we’ve distilled down the capabilities within our deep reasoning based upon the four decades that Cisco’s had to be able to solve the most complex problems and run the most critical networks. Now once the agents have been able to work ambiently to identify a problem and to be able to diagnose it, then they can be able to propose how do they solve it. Right. And this is where they can work together with the human operators, be able to propose, participate in what we refer to this as that agentic loop.
Swapnil Bhartiya: Interesting thing with agents is that I’m heavily into AI, who is not these days, and firsthand I have experience they are wrong most of the time. Now how do you also stop agents from being wrong with confidence? Because sometimes they’ll say, hey, you know, because you don’t want to kill them, it will, you know, disrupt a lot of it. But at the same time, you don’t want to kill the trust that is there in the system as well.
Joe Vaccaro: That’s great. Yeah. Trust is such an important word, right? So if you think about the hallucination, right, Anybody can take an LLM wrap around UI around it, but the risk is what you just mentioned, the hallucination that can happen in your production, right? An agent that confidently says that you have a loop that’s been introduced in your network, but actually there is no loop. But by fixing the issue, you’re going to actually cause more issues. And so trust is such a key word. How we do that is by first off is showing the work. How did the agent get to the conclusion and what is the evidence chain that got us to that point where it drew that conclusion, that root cause? Then when you think about trust, trust isn’t just do you sense the environment and can you diagnose an issue, but trust in terms of how are you going to execute the fix, right? Agents are by nature probabilistic systems. So how do you add a level of determinism into the path of resolution? Well, at Cisco we can drive the level of determinism using Cisco workflows, which provide a workflow generated way to be able to actually drive the change back into it. And key, all of this is governable, audible, explainable, and as you do that, this is what helps customers be able to increase the level of trust. The last thing I’ll say is that not every issue is going to have the same level of trust. You know, a simple issue such as a, you know, VLAN mismatch could be a simple fix, but if a more complicated fix or complicated issue occurs, you might want to have the agent stop at the diagnosis, give me the background information, give me what you know, then let the human take it from there. So every different event is going to have a different level of how you need to drive through that agentic loop, that agentic loop of sensing, diagnosing, remediating the problem, validating it, and ultimately deploying. Now, one last thing I want to talk about in terms of being trusted. You know, here at Cisco Live, we announced Our Cisco Digital Twin. That digital twin gives a new level of how you build trust in the system. So before you propose a change on your network, can you be able to emulate your network and then drive that through a simulated environment, run through a set of test cases and understand is that change that I’m proposing on my network can have a unintended consequence? That’s a key thing because what statistics show is that most degradations are human caused. Human caused in the sense of a misconfiguration that had an unintended consequence. So all these things working together, the ability to have rich cross domain telemetry, to be able to sense issues and to be able to surface them up ambiently, the deep reasoning powered by the Cisco deep network model and 40 years of seeing and solving problems, the ability to drive a level of safe changes through Cisco workflows, to drive deterministic execution, all validated through the Cisco Digital Twin. All these things work together to help drive that level of trust.
Swapnil Bhartiya: When it comes to agentic Ops, it also gives operators, you know, they can see, they can approve, they can audit every action that agent is doing. Talk a bit about agentic ops and how pervasive it is becoming or it should become within organizations. So they have this visibility that we need to know what agents are doing.
Joe Vaccaro: Yeah. So why is that checknet ops really matters in the first place, right? It’s that predictability as we know it is gone. Right. As network engineers we always strive for control to be able to control over our traffic patterns, control over connectivity, control over the change windows that we need. But as we see within this new agentic era, that level of control is fundamentally gone. Right. The pace of change is rapidly increasing. What’s at stake about what delivers a great digital experience is getting more and more complex. So the only way to do that is to address the scale problem. And that’s where the agents come in. And what differentiates AIOps from agentic ops is are we able to leverage these agents as an extension of our operations teams? Do they become digital teammates that we can offload the repetitive remedial and tasks to? And this when they’re working together allows us to be able to kind of regain that ability to deliver great experiences no matter where they are and at
Swapnil Bhartiya: what point should customer or you know, when and how they decide what agent can do on their own versus what needs more human, you know, either intervention or full because human in loop is a, is a very easy thing to do but you know, how much you should hand over to the Agents where humans should be signing it off, you
Joe Vaccaro: know, trust is going to be earned. And so what we demonstrated at Cisco Live this week is when we’re surfacing new actions up within Cisco cloud control, you know, they might start by saying, hey, here’s the root cause and here’s the evidence chain that led us to that analysis. Now the next step would be, hey, present that as a one click resolution. But what’s important is that when you solve that problem, we then append the, not only the change, but how the system responded, did it ultimately solve that problem to that same action? And then importantly, if you want us to then automate that to run that same type of an action fully autonomously, the next time we see it, that becomes then just a toggle. So you see this now as a graduation of confidence, a graduation of trust. And it’s all based upon that providing level of explainability, that audit, the ability to calculate the confidence in the underlying assessments we’ve made as well as the risk profile to the change. All these things work together to allow us to then move through it. And so addressing this kind of autonomous future is not a binary, it’s not either non autonomous or autonomous. You’ll see this as more of a spectrum and you’ll see customers being able to increase the level of confidence over time.
Swapnil Bhartiya: What do you envision at what point or how much autonomy will operators hand over to agents in coming years? Like maybe two years? I think we should not put time frame because what we have learned is technology evolves so fast, things will change so quickly by next month. So but it’s still. When do you see it’s okay for operators to, you know, agents become fully autonomous?
Joe Vaccaro: Yeah, well, we’re seeing, as we talked about the, you know, connectivity become more and more complex. We’re also seeing an increase in security threats that are driving us to be able to change our underlying network infrastructure faster than we’ve ever before. Right. The time to exploitation in the last five years has gone from 10 months now to 10 hours. This is going to drive our customers to create more and more change within their network infrastructure. So every change can have an unintended consequence. And, and so the risk of not doing anything is now maybe greater than the risk of driving towards that autonomous future. And so when I talk to customers, we’re seeing customers that are really leaning in to not only transforming the technology use, but transforming how the operations are done and how they’re leveraging these new agentic capabilities to work alongside their human operations teams.
Swapnil Bhartiya: Is it possible for you to cite any use cases where customers have, you know, automated a lot of things and you have seen and let’s not even get into security. I was talking Amy yesterday because, you know, because of AI, agentic AI agents, new security threats are emerging that we cannot even envision today. But if you can share any use cases, that would be great.
Joe Vaccaro: Today at Cisco Live, you know, we heard from Cisco IT who’s transforming the way that they work, right? Cisco IT is a runs a mission critical network over 300 sites globally and they’re leveraging these capabilities as ambient agents and that are posting messages into a WebEx channel with their operations teams. These ambient agents are surfacing up issues that then can be corroborated based upon their own backend data, right? Identifying not only new issues that they weren’t aware of, but helping them to provide a deeper level of understanding of what’s happening. Right. And the type of issues are wide ranging because we know that there’s many different ways that networks can fail today. And so as Cisco IT and other customers really excited about how our customers are leveraging these new capabilities to be able to really transform the way that their operations run.
Swapnil Bhartiya: One more question, when we look up, this is more on the AI side. The amount of data we are generating and the amount of data we are consuming and plus getting access to, you can have the most powerful gpu. But if you don’t have the highway or network for that, you cannot leverage the whole. How do you also see network evolving in this era of agentic AI?
Joe Vaccaro: You know, to solve problems you need to have shared context, right? If you only understand a wireless network, your agents are going to think everything is a wireless problem. And so this is where the power of Cisco cloud control comes together, right? When you’re bringing the understanding of security policy, when you have the whole network intelligence, when you have the observability with Splunk and the ability to then understand all the devices across your estate, you can build a shared context graph of understanding how things are connected. And so when you begin to investigate, you can draw the correlation of a security policy change that was made on a firewall that ultimately disrupted the connectivity between say a branch and a cloud or a increase in a database latency that caused a network to get congested. Having that shared context becomes so critical to to how our customers are able to then leverage these new agentic systems. You have to be able to see things, truly understand, to have the confidence to be able to drive these changes.
Swapnil Bhartiya: Earlier you talked about digital twin and thousand Eyes Are those more for Cisco Zone or customers should also practice something like similar. We talked about the ADA Cruise. They are doing something so that they should not be testing everything in production, though sometimes they’re running mission critical workloads as well.
Joe Vaccaro: So the Cisco Digital twin is going to be built organically inside of Cisco Cloud control. And so as you’re looking to say introduce a new device onto your network, you’re looking to make a change to how the network policy is configured. The Digital twin allow you to be able to take a snapshot of your production network and then emulate that directly inside of that digital twin, which will allow you to then understand and propose a change and allow the digital twin to then simulate what will the connectivity be. You know the Digital twin is going to be so exciting. We’re bringing this out first with our Cisco devices, but there’s nothing to stop us for how we think about the problem in the future.
Swapnil Bhartiya: Joe, once again thank you so much for of course joining me and talk about how of course Agents network is evolving. Once again thank you for time and I look forward to chatting with you again.
Joe Vaccaro: I appreciate it. Can’t wait. Thank you. Take care.
