- Cisco IQ has onboarded 1,700 customers in the six weeks since its launch, with the primary use case being identifying end-of-life equipment at risk
- New Resilient Infrastructure Services help enterprises and telcos prepare for AI-accelerated attacks
- Forthcoming Quantum Ready Assessments will evaluate devices and map compliance with emerging global standards
CISCO LIVE 2026, LAS VEGAS — Cisco IQ has onboarded 1,700 customers in the six weeks since its launch, and the top thing those customers want to know is which of their devices are running past their last day of support.
The platform, which reached general availability April 24, is Cisco's AI-powered delivery vehicle for support and professional services. It complements Cisco Cloud Control — which Cisco launched at this week's conference. Cloud Control delivers product support and Cisco IQ brings services support. The two are now being integrated, with Cisco IQ accessible directly from the Cloud Control operations console.
Tackling infrastructure debt
The primary use case driving early adoption is identifying which devices on enterprise and telco infrastructure is aging past end-of-life and end-of-vulnerability-support dates.
"40% of the top 100 vulnerabilities that were exploited in 2025 were on end-of-life devices," Bhaskar Jayakrishnan, Cisco SVP of engineering for customer experience, told Fierce. He cited Cisco Talos's 2025 year-in-review. "That gives you an indication of how much debt in maintenance is out there."
The Salt Typhoon attacks — a Chinese state-sponsored campaign that compromised multiple U.S. telecommunications providers — are a direct illustration of the problem. Jayakrishnan noted that Salt Typhoon, an active persistent threat impacting service providers globally, is primarily based on end-of-life equipment.
Cisco IQ addresses this by giving customers a unified view of what they own, correlating purchase history, network telemetry and Configuration Management Database (CMDB) data, and flagging devices by support status, security advisory applicability and cryptographic posture. Asset reconciliation capabilities are coming in the next few months to help clean up the messy enterprise data that typically makes this kind of inventory difficult.
The second primary use case is security advisory visibility. Cisco IQ surfaces applicable security advisories, hardening rules and best practices against a customer's actual environment. The goal is to close the feedback loop between what Cisco observes across its 1.4 to 1.5 million annual support cases and what individual customers are warned about proactively, Jayakrishnan said.
Cisco IQ is offered in three different iterations: A SaaS version, an air-gapped on-premises version (coming in July) designed for customers in highly regulated verticals, and a tethered on-prem iteration that splits the difference with intelligence logic running on site and a cloud connection to automatically pull down updates.
Securing the post-Mythos world
Cisco also announced Resilient Infrastructure Services, a structured three-phase approach to infrastructure hardening delivered through Cisco IQ. Resilient Infrastructure Services is designed to protect networks in the post-Mythos security environment. Cisco cites Mythos — an AI model that gained fame for its ability to identify and exploit software vulnerabilities — as fundamentally changing the threat landscape by compressing the time from vulnerability disclosure to active exploitation from months to minutes.
Cisco's three-pronged approach to tackling the threat goes like this:
- Phase one is exposure assessment: getting a clear picture of the attack surface, Last Day of Support (LDOS) devices, unpatched vulnerabilities and security advisory status.
- Phase two is infrastructure modernization: moving customers toward automated patch pipelines, infrastructure-as-code practices and zero-trust segmentation.
- Phase three is defense resiliency: ensuring security operations centers are using agentic response capabilities rather than purely manual workflows.
The hardest phase to move through varies by customer, but two friction points are consistent, Jayakrishnan said. First, the sheer volume of end-of-life equipment requires significant planning. Second, implementing zero-trust principles, particularly microsegmentation, is technically and operationally complex.
"Who is talking to what? How do we get there? How do we implement a policy?" he said.
A Resilient Infrastructure Playbook, covering phase one, is available through Cisco IQ now.
To help operators size up where they stand, Cisco also debuted Peer Benchmarking, which lets customers compare their infrastructure posture — LDOS exposure, security advisory status, telemetry connectivity — against anonymized data from organizations of similar size, sector and geography.
The capability addresses a persistent blind spot in enterprise security and operations: organizations can know their own posture but have had no reliable way to know whether it is better or worse than peers.
"That gives them a sense of where they stand," Jayakrishnan said.
Mapping the harvest-now threat
Cisco is also moving to address another technology changing the threat landscape: Quantum.
Coming in July, Quantum Ready Assessments will evaluate Cisco infrastructure against three dimensions of quantum readiness. These include secure communications, secure platform and crypto agility.
Secure communications covers whether traffic — control plane, management plane and data plane — uses encryption protocols safe against quantum decryption. Secure platform covers whether the device itself is hardened: root of trust, encrypted images and related protections. Crypto agility covers whether the platform can update its encryption algorithms independently of the underlying system, which is critical in a world where new cryptographic vulnerabilities will emerge faster than traditional patch cycles can address them.
The assessment maps each device to one of four outcomes: needs hardware refresh, needs software update, needs configuration change or needs feature activation.
Global standards complexity is a wrinkle in quantum readiness. Multiple countries and regions are adopting different post-quantum cryptography standards on different timelines. Cisco IQ's Quantum Ready Assessment lets organizations select the applicable standard, so a multinational organization can plan against the specific compliance requirements of each geography it operates in.
But demand is not uniform globally. Financial regulators in India, for instance, have done significant work educating institutions about quantum readiness, and Indian customers are already requesting the assessment ahead of its July availability, Jayakrishnan said.
The "harvest now, decrypt later" threat model is driving urgency. Cisco committed at this week's conference to quantum-safe communications across the majority of its core portfolio by December 2026, and announced that all newly launched enterprise and data center routers, switches and firewall series will ship quantum-safe by default.
For more Cisco Live news, and all the latest news and insights from Cisco, see the Fierce Network Cisco hub.