By AI agents do not follow a 9-to-5 schedule. They run continuously, generate 450% more traffic than a human performing the same task, and operate inside the network perimeter where traditional firewall-based security has no visibility. Static network hardware and software-only approaches cannot absorb the burst traffic, adapt to new security requirements, or enforce policy at the packet level without programmable silicon underneath.
In this interview on TFiR, Nick Kucharewski, Senior Vice President and General Manager at Cisco Silicon, breaks down how Cisco Silicon One addresses the traffic capacity, programmability, and internal security enforcement requirements that agentic AI places on enterprise and data center networks.
Guest: Nick Kucharewski, Senior Vice President and General Manager at Cisco Silicon
Show: TFiR
Here is what every network architect, platform engineer, and security team evaluating AI-era infrastructure needs to know.
Technical Deep Dive
Q: What is Cisco Cloud Control and what problem does it solve?
Nick Kucharewski, Senior Vice President and General Manager at Cisco Silicon, describes Cisco Cloud Control as a unified platform that brings together intelligence from silicon to system hardware to software. It gives customers a single point of control for security, network management, and agent-based operations. Both Cisco-developed and partner agents can operate within the platform to resolve network problems more quickly.
“Cisco Cloud Control brings together all of the intelligence of the Cisco broader platform from the silicon to the system hardware to the software, to provide a single point of control for customers.” — Nick Kucharewski, Senior Vice President and General Manager, Cisco
Q: How much more network traffic do AI agents generate compared to human users?
Kucharewski states that an AI agent generates 450% more traffic than a person completing the same task. When combined with continuous 24-hour operation, this creates fundamentally new requirements for network capacity and security enforcement. These requirements apply not only to cloud data centers but also to edge deployments and enterprise desktops running local agents.
“An agent in general generates 450% more traffic than a person to complete the same task. When you consider on top of that the agent might be running 24 hours a day, this means all new requirements for the network.” — Nick Kucharewski, Senior Vice President and General Manager, Cisco
Q: Why is software alone not sufficient to handle agentic AI network demands?
The device handling packets at terabits per second is the packet-processing silicon, not the software layer above it. Kucharewski explains that visibility into traffic and the ability to enforce control decisions, such as redirecting or dropping packets, must exist at the silicon level. Software sitting above the silicon relies on what the silicon surfaces; without programmable silicon, visibility and enforcement are fundamentally limited.
“The device that’s handling those packets flowing through the network at terabits per second is ultimately the packet processing silicon, and that’s what provides you the visibility and it also gives you the control.” — Nick Kucharewski, Senior Vice President and General Manager, Cisco
Q: What does adaptive programmability in Cisco Silicon One actually mean in practice?
Kucharewski explains that programmability means the silicon can adapt to new network requirements even after it has been deployed in the field. New security features or functional capabilities can be pushed to equipment already installed without requiring a hardware refresh. This extends the operational lifespan of deployed equipment and allows customers to respond quickly to new AI-driven workload requirements.
“You can actually change the functionality of that equipment, of that silicon after it’s deployed through our programmability. That is the kind of assurance our customers need to make sure that they can adapt to the newest needs of AI.” — Nick Kucharewski, Senior Vice President and General Manager, Cisco
Q: How does Silicon One handle telemetry, packet routing, and network control?
Kucharewski frames the Silicon One value across three functions: telemetry, packet routing, and control. The silicon provides the telemetry data the software layer needs to build a complete view of network state. At the packet level, it enables decisions to redirect traffic, drop packets, or take other actions flexibly based on instructions from the software platform sitting above it.
“Telemetry, packet routing and control. Silicon One provides the telemetry that the software requires to have a full view of the network, and this provides control where you can redirect a packet, drop a packet, and take actions flexibly based on the software sitting above.” — Nick Kucharewski, Senior Vice President and General Manager, Cisco
Q: Why does agentic AI make perimeter-based network security models obsolete?
Traditional perimeter security assumes that traffic inside the network is trusted. Kucharewski explains that agentic AI changes this because agents operating inside the network can create threats from within, not just from outside the perimeter. The security surface now extends to every point inside the network, which means security enforcement must be built into the platforms and silicon that handle internal traffic.
“Moving to agentic AI, your security surface is now anywhere inside the network. It’s not only at the perimeter, it’s not only at the edges. And that means you have to have security built into those platforms inside the network.” — Nick Kucharewski, Senior Vice President and General Manager, Cisco
Q: What specific security capabilities are built into Cisco Silicon One?
Kucharewski cites MACsec and IPsec as specific security features implemented in Silicon One, alongside a broader set of additional security capabilities. He also identifies post-quantum cryptography as a technology Cisco is actively developing, noting it will become essential as quantum computing matures and creates new threats to existing encryption. These capabilities address the need for enforcement at the silicon level inside the network, not only at its edges.
“We have features like MACsec and IPsec and also a broader set of other security features that we can take advantage of to provide that service for our customers. Quantum is a good example of a future technology that Cisco is developing because that really is going to prove to be essential over time.” — Nick Kucharewski, Senior Vice President and General Manager, Cisco
Q: How widely is Cisco Silicon One deployed and what segments does it serve?
Kucharewski states that the Cisco Silicon One line comprises five announced product families that are fully shipping in production. Those families serve data center AI applications, campus enterprise networks, and service providers. He noted that approximately 60 systems visible on the Cisco Live show floor carry Silicon One inside, and the silicon is a foundational data source for the Cisco Cloud Control platform.
“The Cisco Silicon One line is comprised of five announced product families that are fully shipping in production. Those products serve both data center AI applications as well as campus networks and service providers.” — Nick Kucharewski, Senior Vice President and General Manager, Cisco
Q: How does Silicon One contribute to Cisco Cloud Control’s security and observability capabilities?
Kucharewski explains that Cisco Cloud Control depends on information drawn from across the entire network, and Silicon One is a key source of that data. The silicon provides the visibility needed to make security decisions, surface observations about network state, and enforce configuration changes in response to those observations. He describes this as a bottom-to-top integration across the full Cisco platform.
“Silicon One is a key part of Cloud Control, being able to provide the visibility that’s needed to take security decisions, to make observations, and then to enforce changes within the network in response to the things that are being observed.” — Nick Kucharewski, Senior Vice President and General Manager, Cisco
Q: What is the case for Cisco Silicon One over merchant silicon when evaluating network infrastructure?
Kucharewski centers the argument on programmability at terabit-scale packet processing rates, which he describes as extremely difficult to achieve. Cisco has demonstrated this capability in production across both hyperscaler data centers and enterprise campus environments. The practical result is the ability to add features after deployment, adapt to new AI workload requirements faster, and extend the useful life of installed equipment.
“It’s extremely difficult to provide programmability in packet processing when you’re operating at multiple terabit rates. Cisco has done it, and we’ve done it in production, and this allows us to add features for our customers after the system has been built.” — Nick Kucharewski, Senior Vice President and General Manager, Cisco
Q: What does Silicon One programmability mean for customers who have already deployed Cisco systems?
Existing customers who have built their networks on Silicon One-based systems can upgrade those deployed systems in the field with the newest capabilities without replacing hardware. Kucharewski frames this as a direct advantage of the programmability built into the silicon, providing investment protection as AI workload requirements continue to evolve.
“Those who have built their networks based on systems with Silicon One have the assurance of knowing that they can actually upgrade those systems in the field with the newest capabilities because they’re using that programmability in Silicon One.” — Nick Kucharewski, Senior Vice President and General Manager, Cisco
Q: How does Cisco approach customers who have not yet adopted Silicon One, and what is its interoperability position?
Kucharewski states that Cisco’s foundation is open interoperability and adherence to open standards, with active contributions to new standards efforts. He points to Cisco Cloud Control’s support for third-party agents as a concrete example of this stance. Cisco positions its platform as capable of managing both Cisco technologies and third-party systems from a single control point, rather than requiring customers to replace their entire installed base.
“Cisco is really based on the foundation of open interoperability. Our platforms are based on open standards. Within Cisco Cloud Control, we enable support for third-party agents. This is just another example of how we really can endorse a broader ecosystem.” — Nick Kucharewski, Senior Vice President and General Manager, Cisco
Q: What is on the Cisco Silicon One roadmap?
Kucharewski describes the roadmap as expanding the Silicon One product line with additional families that serve more segments of the network. New features and requirements will be driven into next-generation offerings to ensure the platform delivers the performance, security, and visibility needed for next-generation networks across both cloud and enterprise environments.
“We’ll be adding more families that serve more parts of the network and we’ll continue to drive forward new features and new requirements into those next generation offerings to ensure Cisco has the platform with the performance, the security and the visibility required for next generation networks.” — Nick Kucharewski, Senior Vice President and General Manager, Cisco
Resources & Documentation
- Cisco Silicon One, Cisco’s in-house programmable packet-processing silicon family serving data center, campus, and service provider networks
- Cisco Cloud Control, unified platform integrating silicon, hardware, and software for network management and agentic AI operations
***
👇 Click to Read Full Raw Transcript
Swapnil Bhartiya: Hi, this is Swapnil Bhartiya and we are here at Cisco Live. As you know, if you look at enterprise networks, they were designed for humans, for people 9 to 5. But as soon as AI agents came in, they broke everything because they never sleep. So today we have with us Nick Kucharewski, Senior Vice President and General Manager at Cisco Silicon, to talk about how enterprise network is evolving to keep up with the modern agent AI. But before we go that I would like to hear your experience, the vibe of the show.
Nick Kucharewski: The show, it’s been super exciting. Like with this week Cisco announced Cisco Cloud Control, which is a unified platform that brings together all of the intelligence of the Cisco broader platform from the silicon to the system hardware to the software, to provide a single point of control for customers to have better security for their networks, to manage them more seamlessly and to make use of agents for both Cisco developed and partner agents in order to better manage their network and to solve problems more quickly. There’s a lot of excitement around it.
Swapnil Bhartiya: Yeah, we covered that as well, we talked yesterday. But let’s talk about networks and agents. What actually breaks when agents start heading the workload?
Nick Kucharewski: Yeah. So I think it’s important to note that when we talk about agentic AI, we’re not only talking about the cloud data center. You could be running agents for instance on the desktop which are helping you with your day to day tasks. And an agent in general generates 450% more traffic than a person to complete the same task. When you consider on top of that the agent might be running 24 hours a day. This means all new requirements for the network in terms of network capacity, but also in terms of security. Because it’s important that that agent is actually operating within company policy and it’s doing it in a secure way.
Swapnil Bhartiya: And if you look at Silicon One, it also has like deep on chip buffering to absorb all that traffic burst that you just talked about. Why is software not enough? Why do we need chip there? Yes.
Nick Kucharewski: Well, it’s important to note that when we look at enterprise networks, regardless of whether you’re talking about a branch, a large enterprise or in the data center, the device that’s handling those packets flowing through the network at terabits per second is ultimately the packet processing silicon, the switches and routers which handle that silicon and that’s what provides you the visibility and it also gives you the control. And this is where Cisco Silicon One comes in. We have packet processing silicon developed in house for those different parts of the network, the different switches and routers within the network. And that works together with the broader Cisco software product offering to provide you that visibility for the network and to provide the flexibility that you need to adapt to the needs of agentic AI running within the network.
Swapnil Bhartiya: I was talking to Amy yesterday and I was like thinking Cisco is a kind of unique position. A lot of companies, because you are sitting at the very center, right? Nothing, no traffic passes without you. And a lot of companies, they wish they had that visibility. So you have that visibility, you have all the telemetry data. And if you just look at adaptive programmability as well, talk a bit about how does that work in practice and how it’s also making not only customers life easier, but also making a lot of other companies jealous and envious also that they wish they had that capability.
Nick Kucharewski: Yeah, it’s a great observation. When we look at Cisco Silicon One, what this means is we have silicon developed at Cisco in cooperation with the upper levels of our platform. Right. We design silicon together with the system hardware, with the software, and with overall the overall system platform software that provides these services to our customers. A key part of that is ensuring that our silicon is programmable. What this means is the silicon, even after it’s deployed, can adapt to the latest requirements of the network. What that means is you can respond to the latest needs for security or you can actually deploy new features to the equipment after it’s been deployed. Now, for our customers, this means that they can have the very fast adaptability that they need in the era of AI. And it also means that they have a longer lifespan for their deployed equipment. Knowing that you can actually change the functionality of that equipment, of that silicon after it’s deployed through our programmability is the kind of assurance our customers need to make sure that they can adapt to the newest needs of AI.
Swapnil Bhartiya: Sometimes you can do something with the hardware, but what additional is this bringing, which capability was missing earlier?
Nick Kucharewski: Yeah, so the way I like to think about it is telemetry, packet routing and control. So with our Cisco Silicon One silicon, we provide the telemetry that the software requires to have a full view of the network in terms of our packet handling. And this provides control where you can take a decision to redirect a packet, you can choose to drop a packet, and you can choose to take actions flexibly based on the software that’s sitting above that, that works in combination with the software to provide the broader services for our customers.
Swapnil Bhartiya: Let’s talk about security, because these days security is not only it’s moved to boardroom now, the position of CISOs are there, and if I’m not wrong, security is fused directly into silicon as well. We can talk about MACsec, IPsec and even post Quantum, because that is going to be a big threat. So talk a bit about why does enforcement have to live at that layer in that stack.
Nick Kucharewski: Yeah, that’s a very important observation. And it really is driven by the change represented by agentic AI within the campus. In the past, we could think of the security requirements of a network as being represented by the firewalls at the perimeter of the network. What’s inside the network you trust and what’s outside, perhaps you don’t trust and therefore your security resides at the edges of the network. Now, moving to agentic AI, the requirements change because you can have agents operating inside the network that might be causing challenges. What that means is your security surface, the areas that you need to secure are now anywhere inside the network. It’s not only at the perimeter, it’s not only at the edges. And that means that you have to have security built into those platforms inside the network. And that’s why security in the silicon is actually so critical. We have features like MACsec and IPsec and also a broader set of other security features that we can take advantage of to provide that service for our customers. You point out Quantum, that’s a good example of a future technology that Cisco is developing because that really is going to prove to be essential over time as new and newer technologies have to have an appropriate security response for our customers.
Swapnil Bhartiya: Yeah, because Quantum will come, and if your data is there, people are already kind of, you know, gathering the data. They will start harvesting as soon as quantum computing is possible. So that’s why a lot of frameworks are being worked on. I also want to talk about how deeply is Silicon One in Cisco Systems? I think more than 60 systems, something like that, you may have better numbers. And what impact is it making on customers? How is it making? We talked about how from agentic perspective. Now let’s talk about from security perspective, what impact it has on customers.
Nick Kucharewski: Yes, absolutely. So the Cisco Silicon One line is comprised of five announced product families that are fully shipping in production. And those products serve both data center AI applications as well as campus networks and service providers. And here, if you look around the show floor at all the different systems, you’ll see Silicon One noted next to those systems. And I think there are probably around 60 systems that you can see on display that have Silicon One inside. Now, this makes a difference when we talk about offerings like Cisco Cloud Control, because the overall cloud control offering relies on information that’s drawn from across the entire network. And Silicon One is a key part of that, being able to provide the visibility that’s needed to take security decisions, to make observations, to take decisions, and then to enforce changes within the network in response to the things that are being observed. So it all really works together as part of the full Cisco platform, bottom to top, to provide better security for our customers.
Swapnil Bhartiya: Now, if there is a network architecture which is evaluating merchant silicon today, of course you have built a very good case, but still, when they are evaluating, what is the case for them for Silicon One?
Nick Kucharewski: Yes. For Silicon One, the first thing I encourage our customers to look at is the adaptability and programmability that we provide by our architecture. It’s extremely difficult to provide programmability in packet processing when you’re operating at multiple terabit rates. And Cisco has done it, and we’ve done it in production, and we’ve shown that this capability allows us to add features for our customers after the system has been built. And whether we’re talking about a hyperscaler in the data center or an enterprise network manager, the programmability comes in handy because it allows you to be adaptive to the newest requirements and ultimately to move faster to get to market. Whether you’re talking about a new AI data center build out or you’re talking about the latest security feature in your enterprise campus.
Swapnil Bhartiya: And what does it also mean for existing customers?
Nick Kucharewski: So for existing customers, those who are built, those who have built their networks based on systems with Silicon One, have the assurance of knowing that they can actually upgrade those systems in the field with the newest capabilities because they’re using that programmability in Silicon One.
Swapnil Bhartiya: What about those customers who don’t have Silicon One in their network?
Nick Kucharewski: Well, I encourage customers to have a close look at it, for sure. But it’s important to note that Cisco is really based on the foundation of open interoperability. Right. Our platforms are based on open standards. We make contributions to new standards wherever possible because we really believe in interoperability, because we know that our customers will build their networks based on the technologies that they feel are most important. And that’s another theme that you saw with our announcements this week, that within Cisco Cloud Control, we enable support for third party agents. This is just another example of how we really can endorse a broader ecosystem and provide our customers a single point of control and a single solution so that they can manage both Cisco technologies and others that they’re bringing into their solution.
Swapnil Bhartiya: And what’s on your roadmap? What’s next?
Nick Kucharewski: Yes, on our roadmap, we’re continuing to build out the Silicon One product line. Over time, we’ll be adding more families that serve more parts of the network and we’ll continue to drive forward new features and new requirements into those next generation offerings to ensure that Cisco has the platform with the performance, the security and the visibility that’s required for the next generation networks, both in the cloud and also in the enterprise.
Swapnil Bhartiya: Nick, thank you so much for, of course, talking to Silicon One and also how the network is evolving with the evolving workloads. And thank you for your time and I look forward to chatting with you again. Thank you.
Nick Kucharewski: It’s my pleasure. Thanks very much for your time.
