Cisco AI Assistant
Cisco's AI productivity assistant; source code stolen alongside Cisco AI Defense by UNC6780 in May 2026.
Last refreshed: 20 May 2026
If UNC6780 has Cisco AI Assistant's source code, can it impersonate the assistant on enterprise networks?
Timeline for Cisco AI Assistant
UNC6780 takes Cisco AI Defense source code
Cybersecurity: Threats and DefencesWhat is Cisco AI Assistant?
Was Cisco AI Assistant included in the UNC6780 hack?
Background
Cisco AI Assistant is Cisco's enterprise AI productivity tool, providing natural-language interaction with Cisco's networking and security infrastructure. It allows network engineers and security analysts to query device configurations, interpret alerts, and receive recommended responses without requiring direct CLI or GUI interaction with underlying Cisco systems. As a product integrated across Cisco's collaboration and security portfolio, Cisco AI Assistant had access to enterprise network topology and configuration data.
On 11 May 2026 Google's Threat Intelligence Group named Cisco AI Assistant as one of the products whose source code was included in UNC6780's theft of over 300 private Cisco GitHub repositories. The cluster used SANDCLOCK-stolen credentials from the Trivy supply-chain compromise (CVE-2026-33634) to access Cisco's private repositories. Cisco has not confirmed the full repository list; the AI Assistant attribution comes from GTIG's published account.
The combination of Cisco AI Assistant and Cisco AI Defense in the same exfiltration haul is significant: AI Assistant's source code reveals how Cisco's AI layer interacts with underlying network infrastructure and interprets operator queries, while AI Defense's source code reveals how that same AI layer is monitored for adversarial use. Together, they provide a comprehensive view of Cisco's AI integration architecture across the enterprise security stack.