Cisco AI Defense

Cisco AI Defense is Cisco's flagship product for securing enterprise large language model deployments. It is designed to protect AI applications from prompt injection, model theft, data exfiltration via LLM outputs, and adversarial inputs. As part of Cisco's network-security portfolio, AI Defense integrates with existing Cisco infrastructure to provide LLM-application visibility and policy enforcement across enterprise environments.

On 11 May 2026 Google's Threat Intelligence Group named Cisco AI Defense as one of the primary targets in UNC6780's supply-chain operation. The cluster cloned over 300 private Cisco GitHub repositories using SANDCLOCK-stolen credentials from the Trivy compromise (CVE-2026-33634, March 2026). The AI Defense source code was included in the exfiltrated haul alongside Cisco AI Assistant and unreleased products across Cisco's security portfolio. Cisco has not publicly confirmed the full repository list or the precise scope of source-code loss; the attribution and repository count come from GTIG's published account. GitHub confirmed an ongoing investigation into the unauthorised access.

The significance of the breach extends beyond the loss of intellectual property. A financially motivated cluster holding the source code of an LLM-security product designed to detect adversarial AI inputs gives adversaries visibility into the detection logic, policy-enforcement mechanisms, and architectural assumptions underlying the defender's tooling. The $32 billion Google-Wiz close in March 2026, which priced the LLM-security category as the largest pure-cybersecurity deal of the post-CrowdStrike era, now sits alongside a named breach of one of the category's flagship products.