Cisco just made two moves to own the AI infrastructure stack

Cisco’s move to buy Galileo and reportedly Astrix Security is less about filling product gaps and more about rearchitecting how AI is governed, secured, and trusted across the enterprise stack. Taken together, these deals signal Cisco’s intent to lead the AI era the way it once led the internet—by making the underlying infrastructure observable, identity-aware, and inherently secure.

From AI features to AI assurance

Galileo gives Cisco something most vendors still lack: purposeful observability for AI agents across the full AI development lifecycle, from prompt design to production behavior. Its platform is already used to evaluate model quality, detect failures such as hallucinations, and enforce guardrails in real time, effectively turning AI “monitoring” from logs and dashboards into a continuous assurance loop. There are many observability vendors, but most emerged before AI, so they’ll need to be rebuilt to account for AI’s unique attributes.

For example, Splunk is an excellent product, but it was not built with AI in mind. This acquisition strengthens the Splunk Observability Cloud by enabling Cisco to add AI workflows to the existing AI agent monitoring plane for networks and apps. In practice, that means customers can treat AI agents as first-class production services with service-level objectives, incident workflows, and risk controls—rather than black-box side projects running on a credit card.

Why AI observability is becoming mandatory

Traditional observability was built for deterministic systems—packets, VMs, and containers—where cause and effect are largely predictable. Generative and agentic AI break that model: behavior is probabilistic, context-dependent, and highly sensitive to subtle changes in prompts and data. Without specialized evaluation metrics such as hallucination detection, context adherence, and attribution, enterprises cannot prove their AI is behaving as intended, let alone compliant.

Galileo’s out-of-the-box metrics and support for multiple model ecosystems (OpenAI, Anthropic, Azure OpenAI, AWS Bedrock) provide Cisco with a neutral observability layer that can follow AI wherever it runs. For Cisco customers, that’s critical: they’re unlikely to standardize on a single model provider, but they’re very willing to standardize on a single assurance and control plane.

Identity as the new AI control layer

While Galileo focuses on “what the agent is doing,” Astrix zeroes in on “who—or what—has access.” The startup’s specialty is non-human identities: API keys, service accounts, SaaS integrations, and increasingly AI agents wired into internal systems with broad, often opaque permissions.

In a world of autonomous agents, identity and access become the de facto safety rails. Astrix is designed to inventory these non-human identities, map their permissions, detect toxic combinations, and remediate overprivileged access before it becomes an exploit or a data leak. That capability integrates directly with Cisco’s broader zero-trust and identity-centric security strategy, in which the network enforces policy based on who or what the entity is, not on which subnet it resides in.

How this strengthens Cisco’s secure networking story

Cisco has positioned itself as the vendor that can deliver “AI-ready, secure networks” spanning campus, data center, cloud, and edge. Galileo and Astrix extend that narrative from infrastructure into AI behavior and identity governance:

• The network becomes the high‑performance, policy‑enforcing substrate for AI traffic and data.
• Splunk plus Galileo becomes the observability plane for AI agents, linking AI incidents to network and application signals.
• Security plus Astrix becomes the identity and permission-control layer that constrains what AI agents can actually do within the environment.

This is the core of Cisco’s emerging “Secure AI” posture: not just using AI to improve security but securing AI itself as it is embedded across every workflow, API, and device. For customers, that means AI initiatives can be brought under the same operational and compliance disciplines already used for networks and apps, rather than existing as unmanaged risk islands.

Why this matters to Cisco customers

Most large Cisco accounts are exactly the enterprises now experimenting with AI agents in contact centers, IT operations, and business workflows. They face three practical problems:

• They cannot see what agents are doing end‑to‑end, or measure quality beyond offline benchmarks.
• They lack a coherent model for managing the identities, secrets, and permissions those agents depend on.
• Their security and networking teams are often disconnected from AI projects happening in lines of business.

By integrating Galileo into Splunk and aligning Astrix with its identity and zero‑trust stack, Cisco gives these customers a way to pull AI back into the existing operational fabric. That unlocks practical benefits: the ability to attach SLAs to AI services, trace an AI‑driven incident across network, application, and model layers, and prove to auditors that AI agents are governed with the same rigor as human users.

From fast follower to AI frontrunner

Historically, Cisco has been great at catching market transitions. The company was born in the Internet era, owned routing, then caught the shift to switching, Wi-Fi, VoIP, and other transitions, leading those markets. After that, Cisco missed several big shifts, including mobile, SDN, and cloud, and became a fast follower, losing share as a result.

Under Jeetu Patel, Chief Product Officer (CPO), the company has regained its ability to anticipate these big market shifts. In one of the first conversations with Patel as CPO, he explained that you can’t fight market shifts and that if things look like headwinds, you should figure out how to turn them into tailwinds. That’s what Cisco is doing with AI.

Cisco’s AI strategy has been markedly different from its approach to mobile and cloud. The company is concentrating on the hardest systemic problems—trust, safety, and governance—rather than sprinkling AI features across the portfolio.

This can be seen in recent launches focused on AI-native networking, quantum-resistant security, and AI-augmented SOC operations, where Patel has framed Cisco’s role as “building the core infrastructure of the AI era.” Galileo and Astrix fit that thesis perfectly: they’re not flashy UX add-ons; they’re control-plane technologies that define how AI will be operated at scale.

Positioning Cisco as an AI infrastructure leader

If these integrations land as Cisco intends, the company can credibly claim leadership in AI infrastructure, even if others lead in foundation models. In that split world, hyperscalers and model labs supply the intelligence, while companies like Cisco provide the trusted, observable, identity-aware fabric that enables enterprises to deploy that intelligence safely.

For Cisco’s installed base, that’s an attractive equation: they can accelerate AI adoption without ripping and replacing their network and security architectures while gaining a unified view of agents, identities, and risk. For Cisco, it’s a path back to setting the rules of engagement for a new era—this time not just for packets on the wire, but for the AI agents acting on behalf of every user, app, and device on the network.