Cisco AI Assistant

Cisco AI Assistant is Cisco's enterprise AI productivity tool, providing natural-language interaction with Cisco's networking and security infrastructure. It allows network engineers and security analysts to query device configurations, interpret alerts, and receive recommended responses without requiring direct CLI or GUI interaction with underlying Cisco systems. As a product integrated across Cisco's collaboration and security portfolio, Cisco AI Assistant had access to enterprise network topology and configuration data.

On 11 May 2026 Google's Threat Intelligence Group named Cisco AI Assistant as one of the products whose source code was included in UNC6780's theft of over 300 private Cisco GitHub repositories. The cluster used SANDCLOCK-stolen credentials from the Trivy supply-chain compromise (CVE-2026-33634) to access Cisco's private repositories. Cisco has not confirmed the full repository list; the AI Assistant attribution comes from GTIG's published account.

The combination of Cisco AI Assistant and Cisco AI Defense in the same exfiltration haul is significant: AI Assistant's source code reveals how Cisco's AI layer interacts with underlying network infrastructure and interprets operator queries, while AI Defense's source code reveals how that same AI layer is monitored for adversarial use. Together, they provide a comprehensive view of Cisco's AI integration architecture across the enterprise security stack.