The shape of enterprise traffic has changed in ways legacy WAN architectures were never designed to absorb. A single AI agent invocation no longer hits one server and returns one response; it triggers a multi-hop workflow that may span graphics processing unit (GPU) clusters in two public clouds, neo clouds, large language models (LLMs), software-as-a-service (SaaS) platforms across regional providers, and on-premises data behind a branch firewall.
Each cloud boundary compounds latency, each manual configuration step widens the security gap, and each backhauled flow taxes infrastructure sized for a different era. This shift demands a fundamental rethinking of the WAN—not a faster version of yesterday’s hub-and-spoke design, but a single platform that simplifies operations, embeds security at every layer, and scales with AI from the branch edge to every cloud.
At Cisco Live 2026 Las Vegas, we are completing the refresh of the Cisco Secure Router portfolio and advancing our branch and WAN architecture along three priorities for the AI era: simplified operations powered by AgenticOps, security fused into the network, and scalable devices ready for AI.
Beyond AI assistance: An agentic branch operating model
The branch is where most of the enterprise truly operates—retail floors, clinics, banks—and where the end-customer experience is made or lost. An offline point-of-sale system loses sales; a stalled clinical workflow delays patient diagnoses; a frozen teller terminal frustrates customers.
The IT teams running these branch networks are more stretched than ever: workloads live everywhere, employees connect from anywhere. Network teams have responded with dashboards, scripts, and AI assistants—but those tools on their own aren’t enough. They need an operating model where the network can sense, reason, and act at the same speed as the workloads it carries, and that operators can trust to do so.
Cisco Unified Branch addresses that complexity with a full-stack branch architecture across routing, switching, and Wi-Fi, now with advanced software-defined WAN (SD-WAN) automation. Cisco Validated Designs codify deployment patterns for small, medium, and large branches, with security services—Cisco XDR, secure access service edge (SASE), Cisco Secure Access, and zero trust network access (ZTNA)—embedded directly into the validated design.
Unified Branch includes two automation toolkits—Branch as Code for the DevOps team, and Cisco Workflows for the NetSecOps team. Branch as Code brings Terraform and infrastructure as code (IaC) principles to fleet-scale branch deployments.
Cisco Workflows adds a low-code, drag-and-drop builder native to the Cisco Meraki Dashboard within Cisco Cloud Control that automates tasks across Cisco and third-party applications, paired with the Cisco AI Assistant and AgenticOps for real-time execution. Either path collapses deployments and changes that used to take hours or days into minutes, and replaces brittle, ticket-driven work with deterministic, repeatable execution.
All of this lives in Cisco Cloud Control, the single cross-domain command center, extended with AI Canvas for Cisco SD-WAN for visual, conversational troubleshooting and an AI Assistant in Cisco Catalyst SD-WAN Manager for proactive health monitoring. Together with AgenticOps, these capabilities put the intelligence of an expert network engineer into the hands of IT operators.
Cisco IOS XE routers are one of the most widely deployed enterprise routers worldwide. Cisco is now bringing the operational simplicity of the Cisco Meraki Dashboard, delivered within Cisco Cloud Control, to that installed base—zero-touch provisioning, Cisco Meraki Auto VPN, dashboard-driven monitoring, and an AI assistant for natural-language troubleshooting and configuration—without giving up the power of IOS XE.
The same operating model also extends beyond the branch. The new Cisco Multicloud Fabric makes it dramatically simpler to connect any site—branch, campus, or data center—to any cloud, and cloud to cloud: a single consumption-based fabric overlay that replaces legacy hub-and-spoke designs and instance-based workarounds.
Security fused into the network, with quantum on the horizon
Consider a retailer whose security perimeter held, but whose credentials did not. An attacker enters a store’s back-office system with stolen credentials, moves laterally into the corporate WAN, and accesses sensitive customer data before anyone notices. The credentials were valid. The connection was permitted. The damage was done in hours.
The WAN is the air traffic controller of the enterprise—sitting between every user, every site, and every cloud—and that role has to expand. It must direct legitimate traffic where it needs to go without slowing the business down, and stop what is not allowed from moving freely, even when the credentials look authorized. Wherever that traffic crosses the public internet, encryption is the difference between transit and leakage.
Two architectural shifts matter. The first is quantum resilience. Cryptographic protections that were adequate five years ago may not be sufficient for the next generation of threats, as advances in AI and quantum computing reshape how enterprises plan for long-term data protection. Adversaries are already running “harvest now, decrypt later” campaigns, capturing encrypted traffic today for decryption when quantum hardware arrives. Long-lived data—intellectual property, healthcare records, regulated Personally Identifiable Information (PII)—is therefore at risk now.
The August 2026 release of Cisco IOS XE brings three new defenses:
- Post-quantum cryptography (PQC) extended across the Catalyst SD-WAN overlay for traffic in motion
- Hardware-accelerated PQC for data-center-scale flows
- PQC secure boot to protect platform integrity from power-on
Quantum resilience is now native to the platform, not retrofitted onto it, so enterprises can deploy protections designed for long-term hardware lifecycles.
The second is hybrid mesh firewalling. Cisco Secure Firewall on Secure Routers enhances the firewall already built into the Cisco 8000 Series Secure Routers with the same SnortML and Encrypted Visibility Engine (EVE) technologies that power Cisco Secure Firewall: SnortML identifies and blocks advanced and previously unseen threats within the 8000 Series Secure Routers, and EVE acts on threats within encrypted traffic without decryption. Every branch, campus, and data center edge becomes a consistent enforcement point under one security policy. Within Cisco Cloud Control, networking teams can define that policy once and apply it across firewalls and Cisco Secure Routers, helping unify security operations (SecOps) and network operations (NetOps) across distributed sites.
Secure devices, ready for AI: Cisco 8000 Series Secure Router portfolio
Software-defined operations only deliver if the underlying hardware can keep up with high throughput, deterministic latency, and the encrypted-traffic profile of AI workloads. Cisco is advancing the Cisco 8000 Series Secure Router family to provide that substrate for the AI-era WAN:
- Cisco 8100 Series Secure Routers: Enterprise connectivity for small branches, with 10G PON, integrated 5G failover, quantum resilience, and new Cisco MX OS and IOS XE variants offer 2x performance of previous generations, dual 2.5 GbE WAN ports, Wi-Fi 6, and Cisco ThousandEyes monitoring.
- Cisco 8200 Series Secure Routers: Flexible branch platforms with quantum-safe secure boot and a new Cisco Unified Edge platform variant are capable of hosting edge AI workloads directly at the branch.
- Cisco 8300 Series Secure Router (MX OS): Enterprise-in-a-box for cloud-managed branches, with Cisco Firewalls on Secure Routers delivers 8–10 Gbps next-generation firewall (NGFW) throughput and 4 Gbps advanced threat protection, plus unified cloud management combining SD-WAN, SASE, and advanced threat protection in a single appliance.
- Cisco 8600 Series Secure Routers: Quantum-resilient data center aggregation with 100 Gbps high-density throughput, hardware-accelerated PQC, and secure data-center-to-cloud interconnects are built for AI-scale traffic.
A platform recalibrated for AI traffic
The pressures on enterprise networking are converging: IT is being asked to do more with less, the threat surface is expanding faster than perimeters can keep up, and AI is reshaping where workloads live and how they move. Closing that gap will not come from another point tool or another bolted-on dashboard—it will come from a platform where operations, security, and hardware were rethought together.
These announcements at Cisco Live deliver that rethinking: not a return to monolithic appliances, but a recalibration of where intelligence, enforcement, and capacity belong across every layer of the network.