The questions security leaders are asking are changing. It used to be about finding vulnerabilities and threats and managing human-centric workflow. Now it has become something different: How can agents leverage context to manage and prevent risk in real-time?
That’s where AI changes everything. Security risks are not resolved by a single tool or individual. Risk management, prevention, and resolution are performed by AI agents that can reason across the entire stack in seconds, then bring the right human controls into the conversation. Today, Cycode is announcing a partnership built for exactly that future.
Cycode, the Agentic Development Security Platform (ADSP), is now integrated into Cisco Cloud Control via Cloud Control Studio. This integration empowers AI agents in Cisco AI Canvas, the multiplayer workspace where IT teams and AI agents investigate and resolve issues together, to leverage Cycode’s authoritative application security data.
The investigation gap nobody talks about
Before this integration, a responder using Cisco AI Canvas could correlate network, security, identity, and observability signals in one workspace. That’s already a meaningful shift from the old model of jumping between dashboards.
But the moment the investigation needed code-level context, the work stalled. Who owns this service? Is this CVE actually reachable in our code? What shipped in the last 24 hours? Which repo loaded that model? To answer any of these, the responder had to switch tools, lose context, and chase down the right developer in Slack. The AI agents in the workspace could no longer help, because the data they needed lived somewhere else.
This is the gap. And it’s the gap that defines how fast a team can actually move from alert to resolution.
What the Cisco-Cycode partnership does
Cycode’s data, telemetry, and actions are now reachable from inside Cisco AI Canvas through our integration into Cloud Control Studio. When AI agents investigate an incident, they can ground their reasoning in real source code, real pipeline state, real ownership data, and real findings from Cycode’s Context Intelligence Graph, alongside the rest of the customer’s Cisco environment.
The investigation no longer pauses when it hits the code. Cycode brings code, repo, and agentic development context to the investigation.
For joint Cisco and Cycode customers, three things change:
- Investigations resolve faster. Code-level questions get answered in the same workspace where the rest of the work is happening. No tool switching, no Slack archaeology, no waiting for the on-call developer to wake up.
- Decisions get grounded in authoritative data. When an AI agent proposes a fix, it’s reasoning on actual source code and ownership context, not guesses or stale dashboards.
Security keeps pace with AI-driven development. As enterprises adopt AI coding tools at scale, the same agentic platform that secures the network now sees what developers and their AI assistants are producing.
Cross-domain investigations delivered
The point of connecting tools through Cloud Control Studio isn’t that the tools talk to each other. It’s that AI agents can reason across them. A few examples of what that looks like in practice for joint customers:
Network event → code answer. Cisco Multicloud Defense blocks an SQL injection attempt against a service. An AI agent in Cisco AI Canvas asks Cycode whether the underlying code is actually vulnerable, identifies the owning team, and opens a fix PR with a Jira ticket, all in one prompt.
AI threat → code provenance. Cisco AI Defense flags a HuggingFace model as potentially malicious. An agent asks Cycode to find every repository that loads it and every production service those repos deploy to. Blast radius mapped in seconds.
Active secrets in production. Cisco and Cycode’s paired context shows secrets leaked where the secret is still active and the repo deploys to production.
Shadow MCP visibility. A developer connects a new MCP server to their AI coding tools. Cycode detects the MCP, correlates it against Cisco AI Defense’s threat catalog, and blocks malicious or unapproved MCPs.
Policy at the speed of regulation. Organizations preparing for post-quantum readiness create a Cycode SAST rule that finds classical key exchange and roll it out org-wide as a blocking policy.
Each of these use cases follows the same pattern. An AI agent in Cisco AI Canvas, reasoning across Cisco’s data and Cycode’s data, does in seconds what used to take a team an afternoon.
What security tools working together actually look like
What’s happening right now is all about context and connection. Through an open protocol (Model Context Protocol) and shared agentic workspaces, tools will finally work together with AI agents doing the correlation and orchestration work that used to overwhelm security teams.
This integration is one of the clearest expressions of that shift in the security industry. Cisco’s portfolio covers the network, identity, and observability. Cycode covers the code, pipelines, supply chain, and the full agentic development lifecycle (ADLC). When an AI agent in Cisco AI Canvas can call both, it answers questions that neither vendor could answer alone.
That is the entire point. Not more tools. Not more dashboards. Better answers, grounded in the right context, in the workspaces where work is already happening.
For joint customers, this changes what’s possible the next time an incident lands. The investigation doesn’t stall at the code. The fix doesn’t wait in another workflow. The AI agents in Cisco AI Canvas have what they need to reason, and humans have what they need to control.
That’s what Cycode was built for, and it’s why we’re excited to be part of Cisco Cloud Control.
To see the Cycode integration with Cloud Control Studio in action, request a demo.
