The neXt Curve reThink Podcast
The official podcast channel of neXt Curve, a research and advisory firm based in San Diego founded by Leonard Lee focused on the frontier markets and business opportunities forming at the intersect of transformative technologies and industry trends. This podcast channel features audio programming from our reThink podcast bringing our listeners the tech and industry insights that matter across the greater technology, media, and telecommunications (TMT) sector.
Topics we cover include:
-> Artificial Intelligence
-> Cloud & Edge Computing
-> Semiconductor Tech & Industry Trends
-> Digital Transformation
-> Consumer Electronics
-> New Media & Communications
-> Consumer & Industrial IoT
-> Telecommunications (5G, Open RAN, 6G)
-> Security, Privacy & Trust
-> Immersive Reality & XR
-> Emerging & Advanced ICT Technologies
Check out our research at www.next-curve.com.
The neXt Curve reThink Podcast
The Blueprint for Agentic Security (with Raj Chopra)
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
The topic of agentic security was a very big one at RSAC Conference this year. The conversation was split between safe and secure agentic AI enablement for the enterprise (and consumers), and the agentic enablement of threat actors armed with a new generation of AI tools.
The second part of our conversation with Rajneesh Chopra, SVP and CPO of Cisco Security, touched on the crisis of trust that we face, and the framework that Cisco is contributing openly to help foster safe, enterprise grade GenAI and agentic AI applications.
Raj does a great job of outlining a holistic blueprint that Cisco is working off for safe agentic AI and enterprise GenAI.
Bottom line, Getting to safe agentic AI is a journey with many twists and chasms along the way. We are in the early rounds facing a threat environment that is highly fluid and moving at machine speed.
It will take a mindset of safe AI innovation that preemptively injects what Raj calls "common sense" in lieu of lagging best practices to meet the challenges and threats of fast-evolving AI-assisted cyberattacks.
Please subscribe to our podcast which will be featured on the neXt Curve YouTube Channel. Check out the audio version on BuzzSprout or find us on your favorite Podcast platform.
Also, subscribe to the neXt Curve research portal at www.next-curve.com and our Substack (https://substack.com/@nextcurve) for the tech and industry insights that matter.
NOTE: The transcript is AI-generated and will contain errors.
DISCLAIMER: This podcast is for informational purposes only.
Hey everyone, this is Leonard Lee, executive Analyst at ncur. And welcome to this little vignette that I'm cutting here at RSAC conference, 2026. So I have Raj Chopra, who is SVP, and the Chief product Officer. Of Cisco security.
Raj ChopraThat's right.
Leonard LeeOne of the things I, posted in response to, or in reaction to G two's keynote, was that there is this quality aspect, and this is like probably gonna be an important element as you look at, the value that agents can deliver. It fundamentally has to be secure.
Raj ChopraYeah.
Leonard LeeHas to be fundamentally safe. Yeah. Which this is what G two talked about on stage. Yeah. But then there's this emerging element of quality. Does. Is it accurate, right? Yeah. is it, reliable? Yes. Is it trustworthy? And these things all come together to fundamentally determine whether or not something is actually consumer grade, industrial grade, or enterprise grade. Right?
Raj ChopraYou hit the nail on the head. Everything that I'm seeing, and we develop a lot with AI at Cisco, IT and AI, forward development cycle, et cetera. It's very, very exciting. Also scary at times, but very exciting.
Leonard LeeYeah.
Raj ChopraI would tell you from where I, stand That trust is going to be the most constrained element in this agenda world. Right. It is going to be trust or lack thereof. Right.
Leonard LeeYeah.
Raj ChopraYou
Leonard Leeheard it, you just heard it.
Raj ChopraYeah.
Leonard LeeFrom Raj.
Raj ChopraYeah. This is very, very important.
Leonard LeeYes.
Raj ChopraAnd part of that also comes from how do you formulate trust, how you build trust, and trust gets built, by adherence to what you say you're gonna do. Yeah. So that observability in this entire interaction. That is very, very expansive, is very important.
Leonard LeeYeah. And I don't think that taxonomy of thinking exists today. I think it's in bits and pieces, it's not well-formed.
Raj ChopraYes.
Leonard LeeRight. you have like ethical ai, trustworthy ai, blah, blah, blah ai, but they're not, arranged and layered in a way where. You can have the essential conversation. And this is what I'm gle what I've gleaned, through the course of this conference, but also through some of the messaging that you guys have brought together. Cisco, yeah. Security in particular and G two. Of you always have to give credit to G two, right?
Raj ChopraI mean, he brought
Leonard Leethe
conference.
Raj ChopraYeah. But this is where, credit is genuinely, due to G two and the team, the very large team that, he, I, or many of us represent, now our contribution Into this whole aspect of AI coming from a, again, a practitioner's perspective.
Leonard LeeYeah.
Raj Choprais that we have, as Cisco, we've not just built these frameworks. AI frameworks like taxonomy and how you think about it. The classes of attacks and because the, yeah. In, security we call about TTPs tactics. Technology and processes, they are gonna be distinct. So Cisco has contributed, not just came up with a framework, we have contributed Back into,, the community. Working with Mitre and other agencies. So we're not like overshadowing Sure. somebody that is not the spirit of it, but adding to that. Dialogue. Adding to that community understanding where there is a very rich source of that taxonomy that we have brought into the market. There are phenomenal researchers, in the team, one who has worked very hard at it. I'm gonna call her out, Amy Chang. If Amy, you're listening to this, you're amazing. but again, she is also part of a larger team that does phenomenal work. We have foundation ai, which is another, really forward thinking, AI specific sort of people. These are researchers from the best, the top universities, tenured professors from Harvard and
Leonard Leeyeah,
Raj Choprayone and his team, others who have done phenomenal work. and then there is this. heritage that Cisco has had of bringing things to open source.
Leonard LeeYeah.
Raj ChopraRight. Whether that is open telemetry through Splunk, whether that is cilium with is surveillance, whether way back when. there are many technologies. ECMP, VPP, there are lots of them that we brought in the market. But one of the other things that we are rather brought it to open
Leonard Leesource. We have one with the, that has a claw in it.
Raj ChopraYes. So that is exactly what, right. I was gonna say that Defense Claw has, defense Claw has sort of tied a bow around many of these quote unquote projects that we have, that we've that we have contributed to. Open source. Yeah.
Leonard LeeKey word hooks.
Raj ChopraYes.
Leonard LeeHooks.
Raj ChopraHooks. So the way developers now, we're shifting personas to developers building these agents, or building applications. with ai, nobody sits and say, I'm gonna write a model. Most of them download.
Leonard LeeYou're gonna go here. Oh, okay. Come on, let's do that.
Raj ChopraSo, I mean, most people will start that journey by going to hugging face.
Leonard LeeYeah.
Raj ChopraEvery single model. I think last that I checked, they were a little shy of 1.5 million, but, definitely more than 1.2, 1.3. Every single model that is hosted on hugging face has been vetted, validated by Cisco. And the results, they're off posted.
Leonard LeeYeah.
Raj ChopraSo if you go to hugging face.co, look up a bottle, it will have a score under CLM av. It doesn't say Cisco, it says CLM av. That has been done by Cisco and we continually do this.
Leonard LeeYeah.
Raj ChopraOkay. so you download the model. Now you're working maybe in an id, maybe off CLI or what have you. But then for this thing, this entity that you're building, co-developing with an with. With something Ag agent, whether it's cloud or Codex or what have you, it needs to talk and it's gonna talk through an MCP server. Guess what? Nobody builds an MCP server either. Right. This is stack overflow on steroids. Nobody builds an CP server. They download one. They give it a personality. Bad guys are gonna go where people spend most of the time.
Leonard LeeYeah.
Raj ChopraHugging face.
Leonard LeeYeah.
Raj ChopraMCP server downloads. Absolutely. So we scan the MCP server. Okay. How does functionally get added to these agents? They add skills. We scan the scale file. Well, agent to agent, so on, so forth. In fact, when it is writing code We also open sourced a thing that Cisco it developed, which is called code guard. So as the code is being written It is checking for whether it adheres to the policies. Of the organization, literally, as the agent is being built, the code there is a manifest on top in that agent file in which we specify.
Leonard LeeOkay?
Raj ChopraRight. You cannot have a publicly routable address. In IP address. In the code. You cannot have username, password, you cannot have blah, blah, blah, whatever.
Leonard LeeYeah.
Raj ChopraThe distillation of the security policy set by the security team is presented in the manifest of every code. That is being generated in that IDE as you're building the agent.
Leonard LeeHmm.
Raj ChopraThat is code guard.
Leonard LeeI did not know that.
Raj ChopraYeah. So that package of things that we've had brought together Into an extension Is now available with defense. If you are a developer, your organization or you yourself, yeah. Could just literally have that as an extension in your id. So as you're working without you having to spend more cognition cycles on, like, should I do this? Shouldn't I do this? Da, da, da. It is doing it with you, along with you as the code is being built. There is a lot of other code that has been written that is not great. I'm not talking about that yet, but all of the new code that is being written, it is going to be more secure than we've ever had, in the past. And it's because of things like this. Yeah. So between Code Guard, which is this Yeah. MCP Scanner Skills Center. Moral, validation, et cetera, et cetera. We are bringing common sense. We talked about best practices. Nobody knows best practice because it's happening so quickly. But we are restoring sort of common sense back into the stack.
Leonard LeeYeah.
Raj ChopraBy enabling the developer to do the right things
Leonard LeeYeah.
Raj ChopraRather than forcing them to do the right thing.
Leonard LeeYeah. And that's something that we're hearing a lot about here. At the conferences, foundations. Yes. And, in a rapidly shifting environment, being able to make that foundation extensible and then extending it, like what you're talking about here with, defense Claw, right? Yep. Because, one of the things that I've published recently is that we're too early to claim that we have enterprise grade. open claw of any sort. Yes. Right. So all these artifacts need to come together in order to provide the tools and the practices. As well as the governance around the entire life cycle of these things. You can't just think of it in terms of instantiation deployment. It's like how do you monitor, have visibility to these things in runtime? And then close the loop. Because, and you have all these different timescales, like one of the things you pointed out is one of these things can be spawn in like a second.
Raj ChopraYes.
Leonard LeeAnd so these are new dynamics, as organizations, developers are looking at, the agentic future that they have to deal with.
Raj ChopraMm-hmm.
Leonard Leearriving at safe. It just got a little bit more complicated in my view. And so, we can go on forever because we're only supposed to do 15. Oh, geez. Wow. Okay. See we're having way too much fun and I think this is just the tip of the iceberg of our conversations. I have to be honest, I have a ton more questions. I think there's many explorations that we should do together. Sure. Because it certainly looks like Cisco has its, head around, where. Things need to go in terms of enterprise enablement for AgTech as well as ai.'cause to be honest with you, I don't think we've even cracked a code on a lot of the, previous, iterations of generative ai, whether it's the LLM or RAG or what have you there, there's still a lot of open challenges.
Raj ChopraYep.
Leonard LeeI'm looking forward to continuing to explore Absolutely. The problems with you guys. Absolutely. And also discussing the solutions and how you guys are, bringing them to your customers. So yeah, it was,
Raj Chopralook forward to it.
Leonard LeeReally, really great conversation. Thank you. Thank you very much. But thank you so much. You got it for this opportunity to, chat with you. Yeah. Reporting live from RSAC conference, 2026. Leonard Lee, executive Analyst at Ncur with Raj Chopra, SVP, and, chief Product Officer of, Cisco Security. Yep. So thank you so much. Thank you, Leonard. All right. Enjoyed the rest of the conference. Thank you. Thank you very much.
Podcasts we love
Check out these other fine podcasts recommended by us, not an algorithm.
The IoT Show
Olivier Bloch