The Unknown Unknowns of Agentic Security (with Raj Chopra)

Show Notes

It was a busy week at RSAC Conference 2026. The topic of agentic security was a very big one, whether you were contemplating it for securing agents you deploy in your enterprise or protecting it from malicious AI agents.

neXt Curve's Leonard Lee had an enlightening conversation with Raj Chopra, SVP and CPO of Cisco Security, about what the company is discovering about the path to enabling safe and secure agentic AI. What impressed was the humility with which Raj approaches the task. We are dealing with unknown unknowns in the age of agentic AI. 

Yes, agentic AI is here, whether we like it or not, as a productivity tool or a threat.

Check out this conversation. Raj highlights some priorities and approaches that we agree with based on neXt Curve research. He also introduces some additional angles that CISOs and security practitioners need to contemplate in approaching safe agentic AI for their organizations.  

AI security will require the cybersecurity community to think beyond its comfort zone. Yes, fundamentals matter more than ever, but the threats and the countermeasures are unknown.

We hope you find part one of this conversation with Raj Chopra informative. Remember to follow neXt Curve for the agentic security insights and analysis that matter.

Please subscribe to our podcast which will be featured on the neXt Curve YouTube Channel. Check out the audio version on BuzzSprout or find us on your favorite Podcast platform.

Also, subscribe to the neXt Curve research portal at www.next-curve.com and our Substack (https://substack.com/@nextcurve) for the tech and industry insights that matter.

NOTE: The transcript is AI-generated and will contain errors.

DISCLAIMER: This podcast is for informational purposes only.

Transcript

Leonard Lee 0:00

Hey everyone, this is Leonard Lee, executive Analyst at ncur. welcome to this little vignette that I'm cutting here at RSAC conference, 2026. So I have Raj Chopra, who is SVP, and the Chief product Officer. Of Cisco security.

Raj Chopra 0:20

That's right.

Leonard Lee 0:21

So this is basically your show, right?

Raj Chopra 0:23

This is our show. I stand on the shoulders of an incredible team that is doing a lot of work. It is an honor to represent their work. So it takes a team.

Leonard Lee 0:34

One of the things that I'd like to start off our conversation with is, this, growing specter. Of shadow ai.

Raj Chopra 0:44

Yeah,

Leonard Lee 0:44

Especially now that everyone's getting excited about agentic. Ai. they're looking at bringing that into their organizations in some form. G two was up on the keynote stage. And one of the big themes that Cisco is going forth with this year is, the enablement of the ag agent workforce, but obviously. One of the things that we're hearing at the conference is this concern about threat actors using the same tools, right? Absolutely. And so that makes the concerns about security and the ability to, deliver, let's call it enterprise grade or enterprise safe, agentic AI or AG agentic workforces. Probably more challenging. So I'd love to hear your thoughts on that. But then also Cisco bringing to the table Yeah. This year to make the agent workforce safe and secure.

Raj Chopra 1:44

Yeah. I think the pace of change,

Leonard Lee 1:46

yeah.

Raj Chopra 1:47

The compression of, how many things are happening in a very, very short period of time is what makes it, even more remarkable. It used to be purchased by companies and then the users would experience and then it became where users were bringing in technology into the organization. Right. Yeah. and this is exactly what is happening. All of us individually found so much good use out of these tools. People are like, why wouldn't I use this tool? Right. Because it was helpful. Anything before 2022 is. By the way, dinosaur. Right, right, right. Any, the world only, is living in the technology unleashed since November, 2024. Sorry, 2022. We are gaining so much of this productivity boost in our general lives, that not bringing it to our professional lives just seems like weird. We may call it shadow, but I'd much rather the industry came around to beneficial. AI and things that are not, as beneficial because AI is gonna be everywhere. There is no shadow. Right. Right. It is, it is everywhere.

Leonard Lee 2:53

Now, the effort that you have right now is to. Get that visibility observability so that nothing is in the shadows.

Raj Chopra 3:01

Correct? Correct. The first one is to go to the obvious sort of repositories where agents, the so-called beneficial ai The ones that are, meant to be used more broadly, that you can recruit those into your own full fledge sort of LANs of where these agents are. We have a LANs of integrations with all of the major. hosting provider. It's never done, like there is always something new, but we can pull information together. From all of these, places. in addition, there are other heuristic techniques that we used. Remember in the days of the botnet, you can't ask a botnet, are you a bot? Right. You can't say, okay, here's a capture or whatever.

Leonard Lee 3:44

Yeah.

Raj Chopra 3:45

But there are heuristic methods that you apply To identify whether this is just a script that is being called or it is an agent.

Leonard Lee 3:53

Right.

Raj Chopra 3:54

And the key part of an agent are three elements in my mind. one is that it has memory. As in it remembers. the second is context. What's the world that it's working on so that it can react Appropriately. And the third is it reasons it plans. It thinks and then takes an input, curates it gets more further input, chisels it down. It is a reasoning. Those three elements make an agent.. And we lean on those kinds of behaviors to heuristically get to this is an agent versus just a script

Leonard Lee 4:27

regarding identity, agent identity. Last year, that was an emerging topic. People were scratching their heads wondering, okay, how are we gonna do this?

Raj Chopra 4:35

Yeah.

Leonard Lee 4:35

I've had some interactions with your duo team over the course of the year, some great stuff, but maybe you can share with the next curve audience. Some of the things that you're announcing. at RSAC conference this year that can, inform CISOs out there and enterprises and boards. Boards, okay. You need to be educated on this stuff, that it can give them some confidence that, agentic AI can actually happen in a safe way within enterprise boundaries.

Raj Chopra 5:07

So once you have a. Repository of these assets or inventory, I think is a more appropriate term. So now that you have these agents in your environment, you're not gonna just let them run amok. Absolutely right. So you have to do a posture check of these agents. In the modern world that is called red teaming, we do algorithmically red teaming. For every agent that we have, I read before it can start interacting In the environment. That's just good practices brought into the ENT world. It's, but doing it in a manner that is fluid. That is, natural. For it to be done. The third part is a pass muster from the red teaming is then to give it a new identity mint, a new identity. These agents might run for five seconds. They might run for five minutes.

Leonard Lee 5:59

Yes.

Raj Chopra 6:00

They might run for five days. Right. But they're ephemeral and they will come and go. One wants these identities to be durable. So you can categorize them. You can classify what kinds of things that they're doing. Why if you ask an enterprise, they don't manage one URL at a time. In their environment. It's too many.

Leonard Lee 6:23

Yeah.

Raj Chopra 6:24

We are not going to manage a hundred billion agents, one agent at a time. There needs to be categorization.

Leonard Lee 6:34

Yes.

Raj Chopra 6:35

And that categorization. In due time is gonna come become very important. As a means for you to express your policy in your environment.

Leonard Lee 6:44

We're looking at a future of where security policy is be going to become much more complex than what we've dealt with before

Raj Chopra 6:56

it would be simpler to express the intent. But the vocabulary will be rich. You should be able to specify the intent of your policy. I'm gonna give you a super simple example.

Leonard Lee 7:06

Okay?

Raj Chopra 7:06

I have printers in the office. Printers should only directly talk to a print server. Period, you should be able to very simply express that intent. And how it gets implemented in the capillaries of your network, wireless wired switch, firewall, et cetera, et cetera. That is plumbing. And so to be able to express that policy simply and ensure that it is effectively enforced on the infrastructure that you have. That's the combination. That you're looking for,

Leonard Lee 7:39

right?

Raj Chopra 7:40

Right. That's where this authentication, where you're minting a new identity, keeping it around durably. So you can reason with it, you can categorize, you can classify over a period of time, build facets. That can be expressed in the policy construct is how we are going to start to manage some of the basic policies around agents. going forward, the next step after that. is a very crucial, which is like, okay, I've given you an t I've made sure you're fit for purpose. I need to make sure that I can express what is it that you can do As an authorization,

Leonard Lee 8:17

right.

Raj Chopra 8:19

And, this is, probably one of the most crucial things because agents only become useful. when they take on agency, they take on the responsibility of doing whatever is needed.

Leonard Lee 8:32

Yeah.

Raj Chopra 8:33

And what that means is that you have to have access to a lot of systems. As an agent, I don't know what all data I'm gonna need to accomplish the task that I'm gonna be prompted to do. So this is the stuff that we are working with, standards bodies, working on these, Projects called macaroon and biscuits and wafers. These are actual name of projects like after cookies and browsers, right? Where we have these, self attenuating a scope scope so that the scope that you've given, when the agent calls the next tool over, it gets trimmed.

Leonard Lee 9:09

Yeah.

Raj Chopra 9:10

Interesting.'cause the craziness that happens is when an agent is using all of the permissions that it has.

Leonard Lee 9:15

Mm-hmm.

Raj Chopra 9:15

To then reflect those in every interaction. That is where trouble starts.

Leonard Lee 9:21

Yeah.

Raj Chopra 9:22

And then you keep a track. it is like, there is an audit, if you will, of all of the, attenuation, the scope trimming that has been done. Yeah. So that these things don't go off the rail, so to speak. Yeah.

Leonard Lee 9:35

The examples that you're providing, triggers even more questions.

Raj Chopra 9:39

Yeah,

Leonard Lee 9:40

right. Absolutely. About and some of the, challenges that enterprises and companies like, solution providers like Cisco will have in the journey going forward. Yeah, in my view, this is still a very early phase. of agentic security and agentic safety. But it is encouraging to hear what Cisco was doing to actually create that foundation because it's. Without that foundation, you just simply can't, becomes, can't have safety around this.

Raj Chopra 10:12

Yeah.

Leonard Lee 10:13

And

Raj Chopra 10:14

we are learning this together, right? Yeah. That'll be well be, I have, it'll that level of humility know that there is no ivory tower. Somebody can sit in and pontificate, this is how you're gonna do it. Right. Again, because it is all happening in such short time. There is not chain speed. Yes. Because there is no time to really come up with the lived experience of best practices.

Leonard Lee 10:39

Yeah.

Raj Chopra 10:39

Right. We're taking elements that we know are that work and work well, and then. Adapt to the new things that, that were not there. So, for example, you're probably sick of seeing as many people as you've seen over the last 74, 7, 2 hours.

Leonard Lee 10:56

No, I, I, I, I love it. I love it. I love all of you.

Raj Chopra 11:00

For you. May I do seriously, hypothetically, let's pick on me Hypothe. Let's pick on. The agents are coming to you. Every surface area that you are, you and I interact with today is going to be agent. It already is, but you prompt your browser. Yeah. To book me a vacation within one hour travel someplace that has a biking trail and I can relax and not too hot and blah, blah, blah. You and I on a browser would go to Google and say, Hey, what's the weather here or there? The agent looks for that. MCP server asks for the same thing. Right? Right. MCP server says Great. Please gimme read access to your files. You're like, what? I am asking you for weather and you're asking me for file access? Like that's bananas. But remember, these agents don't have any judgment, right? Yeah. They're all task oriented. Have you ever had an interaction with an agent or a LLM that said, I don't know.

Leonard Lee 11:57

No, but they all know.

Raj Chopra 12:00

They all know

Leonard Lee 12:01

apparently. Yeah, but see, this is what I call it. It's called the illusion of judgment,

12:05

right?

Raj Chopra 12:06

This is where you then need semantic inspection. Not syntactical, but semantic. Semantic infection.

Leonard Lee 12:13

Yeah,

Raj Chopra 12:13

Would say, I'm asking you for a weather forecast. And you are asking me for access to my files. Like this is not even in the same zip code like it needs to be, at least the prompt and the inference need to be in conjunction to accomplish a certain task.

Leonard Lee 12:27

Hey everyone, I hope you enjoyed this conversation. I found it very enlightening. He's probably sorry that he did this because now I have a thousand questions instead of just a hundred. But thank you so much. You got it. Reporting live from RSAC conference, 2026. Leonard Lee, executive Analyst at Ncur with Raj Chopra, SVP, and, chief Product Officer of. Cisco Security. Yep. So thank you so much. Thank you, Lauren.