
Cisco AI Defense
Cisco's flagship LLM-security product; source code stolen by UNC6780 via Trivy supply-chain compromise in May 2026.
Last refreshed: 20 May 2026
UNC6780 has Cisco AI Defense's source code; can the product still detect the attacks it was designed to stop?
Timeline for Cisco AI Defense
UNC6780 takes Cisco AI Defense source code
Cybersecurity: Threats and DefencesMentioned in: LiteLLM SQL injection hits in 36 hours
Cybersecurity: Threats and DefencesWas Cisco AI Defense hacked in 2026?
What is Cisco AI Defense and what does it do?
Why does it matter that Cisco AI Defense source code was stolen?
Background
Cisco AI Defense is Cisco's flagship product for securing enterprise large language model deployments. It is designed to protect AI applications from prompt injection, model theft, data exfiltration via LLM outputs, and adversarial inputs. As part of Cisco's network-security portfolio, AI Defense integrates with existing Cisco infrastructure to provide LLM-application visibility and policy enforcement across enterprise environments.
On 11 May 2026 Google's Threat Intelligence Group named Cisco AI Defense as one of the primary targets in UNC6780's supply-chain operation. The cluster cloned over 300 private Cisco GitHub repositories using SANDCLOCK-stolen credentials from the Trivy compromise (CVE-2026-33634, March 2026). The AI Defense source code was included in the exfiltrated haul alongside Cisco AI Assistant and unreleased products across Cisco's security portfolio. Cisco has not publicly confirmed the full repository list or the precise scope of source-code loss; the attribution and repository count come from GTIG's published account. GitHub confirmed an ongoing investigation into the unauthorised access.
The significance of the breach extends beyond the loss of intellectual property. A financially motivated cluster holding the source code of an LLM-security product designed to detect adversarial AI inputs gives adversaries visibility into the detection logic, policy-enforcement mechanisms, and architectural assumptions underlying the defender's tooling. The $32 billion Google-Wiz close in March 2026, which priced the LLM-security category as the largest pure-cybersecurity deal of the post-CrowdStrike era, now sits alongside a named breach of one of the category's flagship products.