Cisco has launched Live Protect, a feature that lets security teams deploy targeted protections against specific vulnerabilities on live networking systems, without taking those systems offline. The tool is currently available on Cisco's Nexus 9000 series switches and is included with the Nexus One product entitlement, with plans to expand to campus switches like the Cisco C9000 Smart Switches later in the year.
The context driving the announcement is the emergence of AI models capable of finding software vulnerabilities at a scale and speed that traditional patch management was not designed to handle.
Anthropic's Claude Mythos Preview, unveiled last month, was reported to have identified thousands of flaws across major web browsers and operating systems during testing. The core operational problem this creates is a timing gap. Vulnerabilities are being discovered faster than they can be patched, and unpatched systems remain exposed during that window.
Enterprise security has historically operated on periodic update cycles, with patches deployed during scheduled maintenance windows. That model assumed a manageable rate of new vulnerability discovery. AI-assisted discovery changes that assumption, compressing the timeline between a flaw being found and it potentially being exploited. The longer a system stays unprotected, the larger the exposure window.
Live Protect is designed to address that gap by allowing teams to toggle on a compensating control while a full patch is in development. The system operates at runtime, meaning it does not require a reboot or maintenance window to deploy a shield. According to Cisco, this is distinct from patching in that it does not resolve the underlying vulnerability but reduces exploitability until a complete fix is available.
Cisco is positioning this capability as an extension of its existing hardware footprint. Running Live Protect on Cisco networking hardware means the protection layer is tied to the vendor relationship. Customers already invested in Cisco infrastructure get a new security layer without a separate procurement decision. That dynamic tends to deepen dependency on an incumbent vendor and raises the cost of switching, even as it delivers near-term operational value.
The broader industry view is that the pace of AI-driven vulnerability discovery is forcing a rethink of how security tooling is layered into infrastructure. Patching cycles measured in months are increasingly misaligned with a threat environment where exposure windows are measured in days or hours.
Whether runtime shielding becomes a standard layer of enterprise security, or remains a stopgap category, depends largely on how consistently AI discovery tools continue to outpace conventional patch pipelines.
