Name: Trust is the real bottleneck in agentic AI
Uploaded: 2026-05-21T00:00-04:00
Description: Cisco’s Michael Dickman explains why enforceable trust — not just better models or more compute — is becoming the critical requirement for agentic AI in production.

^{The interview transcript below has been edited for length and clarity.}

Louis Columbus: Every enterprise wants agentic AI in production, but trust is the bottleneck, not the models, not the compute, trust. Michael Dickman is SVP and GM of Campus Networking at Cisco, and he's building the infrastructure layer that makes that trust enforceable. In this conversation, we get into how the network becomes the operational brain for AI agents, why micro-segmentation is the real guardrail for autonomous systems, and what the knowledge factory looks like when you stop treating data as fragmented and start treating it as fuel.

Networking can enable greater agentic AI trust, which is the cornerstone of development and looking at all the different factors that play into agentic AI growing and delivering the value that it's capable of. Trust is that pivotal point, is that catalyst.

Michael Dickman: I'm so glad you talked about the trust point right from the start because it is foundational, and I think it's one of the things that our company has talked about. And so to really capture the productivity benefit and unl- and unlock all of the things that are now possible, trust actually is one of the key requirements, just table stakes from the beginning.

Louis Columbus: Oh, absolutely. So many organizations are experimenting with agentic AI right now, but few have moved into real operational environments because trust has become this gating factor. And so from your perspective, what conditions need to exist before CIOs can trust AI agents to autonomously run production systems?

And where are the practical boundaries today for observing, recommending, and executing on agentic AI?

Michael Dickman: The first point I would make is you said observing, recommending, executing. Executing is that one that you need absolute trust. Obviously, we all have worries about information access and so on, but whether or not human is the loop when the agents are executing and taking those actions, that, that is then different.

How do you securely delegate work to agents? So how do I know what I'm delegating? How do I know that they're taking those points? There is also a cultural change in organizations of seeing this within Cisco, but also for many of the customers I talk to, around not just, like, how do we automate what we've always done, but what can we do differently?

And so just as an example, one of the classic things in the cybersecurity world is alert fatigue, and a classic solution to that is to reduce alerts and aggregate into fewer things so the s- the analysts have fewer things to go through. It is now possible for an agent to go through all alerts, right?

And so really you can actually start to think about different workflows in a different way and then how does that affect the culture of the work, which is amazing. Another piece that has to be there is kinda tokenomics, if you will, but that question of everything is possible, but there are real economics, to doing this.

And so there does have to be that question of value. I think my own view on that is very much like a hybrid system- Where the agentic AI is the reasoning and planning, but a lot of the actions are taken by traditional tools. And that way you get the best of both worlds. You get the smarts and intelligence that can only come from foundational models with the determinism and efficiency of traditional tools.

And then the last one that I would highlight is just around judgment. When you think about human in the loop, sometimes we refer to that as, oh, we need a human to check to make sure it's not a bad thing. But actually, there's a question of do we even need this? Is this right? Are we doing things in the right way?

And what are we trying to accomplish? There's no substitute for the human judgment and the talent that's needed to be dexterous with AI and get all of those pieces done.

Louis Columbus: You've talked a lot about enterprise networks being the operational brain of an organization, and who better than Cisco to lead that?

What has changed in the architecture of the network that allows it to become a primary vantage point for AI agents to understand and act across complex environments?

Michael Dickman: Maybe I'll give kind of two focus points here. One will be around security and secure networking, and then the other one will be around operational visibility because, data is the fuel of AI, if you will, as so when you think about security, there's just that question, and you go back to where we started, of trust. And so you-- And so when you bring that into the the network, you think about what are the actual systems that are being benefited from AI? Some of these are highly digitized systems, obviously, right?

In data centers in campuses, in branches, in remote scenarios, and the common interconnect of all of these and, oh, by the way, with clouds and also some of the neo clouds is the network as that central place that can regulate and govern, what is going where. And so to start with secure infrastructure, to go into how you build segmentation, and then build in the right kind of policy enforcement at the top level.

Now more than ever, it's that question of who has the right to do what. The who is now much more complicated because you have the potential and now reality of these autonomous agents. So that's one. The second piece where the operational brain is so important in addition to security is as just data. And so if you think about, how do you make good decisions, you need to see real behavior, and it's that difference of knowing versus guessing, and what the network can see are actual data communications, right?

So not I think this, system needs to talk to that system, but which systems are actually talking together. And then when you move into the world of IoT, Internet of Things, and the emerging world of physical AI You need to have the data of actual behavior in order to do the right optimizations, the right the right information.

You have metadata, you have direct telemetry, all of that. And so it's, I guess you t- you talk about operational brain, which is true, but in a way it's also that raw telemetry that becomes the intelligence to inform that operational brain as well. And so not only, is it how to optimize the network, but it's the network for security to have confidence and trust, and the network to create telemetry and metadata into a data fabric that can enable new types of outcomes that are, before impossible actually.

Louis Columbus: Let's switch gears and let's talk about operational intelligence has historically been fragmented across observability tools, network telemetry, as you mentioned and then also application data. How are leading enterprises beginning to unify those signals into a shared operational context that AI agents can reason over?

What role does Cisco's platform play to make that possible?

Michael Dickman: Yeah, no it's a good point, right? 'Cause first of all, there is a lot of existing data. I think another another interesting point is most of the data being produced today is actually proprietary inside of an enterprise, and so it's not publicly available, right?

It's unique data that enterprise has, and still, like you said, it's fragmented. And it's fragmented for, for good historical reasons, but, bad reasons as you look forward to what's possible with the unlock with agentic AI. Observability is a key point, right? And so what do you observe and, kinda go back to first principles of what is observability.

And so if you think about the network as those eyes and ears that's an intelligent brain to also create knowledge from it, and then bring that knowledge to a place where it can be stored and acted upon in that data fabric, it's so powerful. Cisco is already doing that with machine data, with network telemetry, with obviously logging and other types of metrics, events, and traces and so on.

All of that information can come into that one data fabric, and then in turn be used to inform a- all kinds of use cases. I'm pretty excited about a lot of security oriented use cases, but there's so much more. There's optimization of business process, there's optimization of technology spend, there's centralization of visibility just for kinda overall management for cross-charging, whatever it might be.

And so that when that fragmentation grow, goes away through that common data fabric it's very powerful. And that's, I think that's one of the reasons that at Cisco you'll see so much focus on this one Cisco platform which we've talked about, which is explicitly, bringing together the breadth of what Cisco does in the portfolio into a true platform.

Louis Columbus: We've talked about that, I think, throughout this conversation, of telemetry and context is everything. And what does a credible operational data foundation look like for enterprises pursuing agentic AI, and what pitfalls do organizations encounter when they try to assemble the stack themselves?

Michael Dickman: Maybe I'll start with the pitfalls piece, right? because everybody's trying out, agents everywhere, and the real power comes from the cross-domain views. The real power comes from correlation versus just aggregation and deduplication of alerts, which is good, but it's a little bit basic. And so that cross-domain view, the correlation, that's what comes.

And so when organizations try to assemble that telemetry stack themselves, the main pitfall I see is not cutting through that fragmentation and having team A build a- build agent A on top of data A, and then team B builds, whatever their agent B is on top of their data. But you kinda miss that ability to look across.

And so where Cisco comes in as that platform leader and with the data fabric that I talked about, is to have that just work, right? And so whether it's a campus user if it's a hospital scenario, you could have telehealth, you could have clinics, you can have medical devices, you can have clinicians.

You have some of the doctors, as you're probably aware, like anesthesiologists they're not even employees. They come in. So you have all of these different types of data and different types of roles in the environment, but bringing all of that context in, plus the machine data, plus all the technology and infrastructure view into one place, that's where you get that platform unlock and are able to do the cross-domain, right?

And so security, again, great example, where you see maybe a few smaller signals from multiple areas, and that then turns into one big signal, and that's where the power is.

Louis Columbus: Yeah, and I think the knowledge factor is you're bringing inbound raw amounts of data and the terabytes of data that a given business that, let's say, operating over $100 million a year is generating just massive amounts of data that AI can help to interpret and build structure around, but it doesn't-- it's no substitute for that daily grind of running a business and getting all that data, good and bad just reflecting the reality of how that business is running.

Michael Dickman: Yeah, that's right. Yeah, one example you just said brings to mind is a ton of customers I see are adopting computer vision. So we see that, in manufacturing floors and in retailers, and maybe in the past you would've thought, "Oh, you need some surveillance cameras for physical security." And now what we're finding is actually, no, there's a whole bunch of unlock and actual business processes, right?

So like in a retail shop to analyze shopper behavior, on a manufacturing line to use computer vision for quality control. And all of those things require that trust that we started with, 'cause this is highly sensitive data around who's doing what in the shop or what's happening on the factory floor.

Louis Columbus: When organizations move from experimentation to operational autonomy, governance becomes absolutely critical. What types of guardrails must exist in the infrastructure to ensure AI agents operate safely? And can you share a concrete example of how safeguards work in practice?

Michael Dickman: It does start with governance, right?

And so with agentic AI, you need to have that idea first of what is the agent supposed to be doing. Where do you want its actions limited? And so the first step is to define What is the intention? And then that defines the policy which gets translated into a specific AI agent and what it's able to do.

And of course, you need auditability in order to track for accountability. But then the enforcement that's built in, and all of this has to be done at machine speed. And so a concrete example maybe to make that real you can think of agentic IAM and how that feeds micro-segmentation. So first of all, like identity and access management here's my set of agents that I've built.

I'm able to put those in an inventory. Here are the agents. By the way, here's a human who's accountable for those agents, so if something goes wrong, there's a person to talk to. And then based on that person who is validating and vouching for that agent, here's the systems they should have access to and here are the actions that are permitted, right?

So you have this whole identity access management that ties to policy governance done up front. Now, that can feed micro-segmentation, which is a network policy enforced at machine speed that guarantees that you have a limited blast radius and limited access, and it's a way to actually make least privileged access real in a very powerful and controlled way, right on the network.

You're not relying on a bunch of host agents which can be bypassed or other issues right? So there's the whole layered defense, but micro-segmentation guarantees that least privileged access.

Louis Columbus: The other aspect of this is despite the excitement around agentic AI, most enterprises are really in pilot mode, and there's study after study that comes out that talks about varying degrees of success in pilots.

But from an infrastructure standpoint and from your standpoint, you owning campus security or campus networking at Cisco, what capabilities still need to mature before organizations could deploy autonomous operations at scale? And what progress do you expect to see over the next year?

Michael Dickman: So campus networking is my focus, but I think maybe the reason for that slip is we are seeing secure networking become so core- Yeah.

To how all these networks operate. Yeah, so in the next year, massive progress. And in fact, inside the company, we're really talking more in 30, 60, 90 days, six months because of how fast things are moving. The foundational models are changing. So going back to your question on what capabilities need to mature, IAM and PAM even, permissions and Privileged Access Management, to really get solid on the governance of that because then that becomes the unlock of trust, right?

'Cause when the technology platform is ready, you then need the right governance and policy on top of that, and the combination of those two I don't think is as mature as it needs to be today, right? In terms of the straight line from business need to GRC to actually implementing that with what is possible, in the security and networking platforms.

And so I see massive progress there.

Louis Columbus: For my final question, for CIOs who recognize the potential of agentic AI but are unsure how to move forward from experimentation to trusted operations, what practical first steps should they take today? to build the right foundation going forward?

Michael Dickman: So I think the first two steps that I would say must be done are to initiate a formal way for line of business, IT, and security to talk about what is in- what is the expectation and what is the goal. I think the second one would be a platform approach to networking and to in general that knowledge factory of what is that critical infrastructure for AI.

Because when you have that platform approach, all of a sudden you have data sharing in a way that's not possible, and that's the unlock that anything you wanna do is now built on a solid foundation. And if I did have to go with kind of a third bonus one, I would say make sure those first examples of agentic AI use cases are successful from a trust standpoint, and that means building in role-based access control, privileged access management, micro-segmentation for those.

And even if you're not solving world hunger, day one, make sure those two or three that you know are high business value are built with exactly the right best practice from a security and networking and secure networking standpoint so that you can guarantee that trust to the organization, and that will unleash the speed.