TORONTO — Cisco is launching software designed to let companies detect when staff are using AI applications, test the machine learning models behind them and plug any gaps.

Large companies have been slow to adopt generative AI tools in part because of security concerns, said Jeetu Patel, Cisco’s chief product officer. The firm claims its new software, called AI Defense, can quickly and accurately automate “red teaming,” the process of trying to break or bypass a system’s safeguards in order to figure out what needs strengthening.

Problems with generative AI tools include models that produce biased or toxic results because of the data on which they were trained, or bad actors manipulating generative tools into leaking sensitive information. Tech firms like OpenAI and Anthropic have internal red teams to probe their products, while security researchers have exposed chatbot vulnerabilities in public hackathons. 

But the red-teaming process can be slow. Manually kicking the tires on a model can take weeks, according to Patel, as users rework their instructions to a generative tool to find the words that will make it misbehave. Customers don’t have the time or staff to repeat that process for every new AI risk or application. “You can’t handle threats in AI at human scale,” Patel said.

Cisco’s software instead comes up with tests based on the real incidents recorded by its other security products, then automatically runs them on all the AI models and applications a client has installed. The firm acquired the technology to synchronize all those dummy attacks when it bought Robust Intelligence, a San Francisco-based startup, last August. 

Patel argues Cisco is better placed to figure out what could go wrong with AI tools than model makers and end users. Firms that sell generative technology all “implement safety standards differently,” he said, and “they don’t want to be security vendors.” Cisco’s clients are already using its software to protect their networks and systems, so it can step in regardless of which model or application they’re using.

There’s no current industry standard or shared protocol for red-teaming, although OpenAI, Anthropic, Cohere and other generative firms have committed to develop one as part of the U.S. government’s voluntary safeguards initiative. There’s also no common database of AI systems’ vulnerabilities and attacks, as there is for other cybersecurity targets. 

The lack of consensus, plus the company’s security check technology, gives Cisco a head start, according to Patel. “We’re the first ones in the market to have model validation as a horizontal service,” he said, noting that the firm is also working with the agencies and industry groups that set security standards.

Cisco still makes much of its revenue by selling networking equipment, and it’s looking to capitalize on the buildout of compute capacity to train and use AI systems. The firm is selling technology to the largest cloud providers, as well as big firms looking to run their own hardware. “There’s a lot of repatriation of data centres going on right now,” Patel said. 

The company is also selling AI applications, like a virtual call centre agent to handle customer service. And it’s invested in model makers like Cohere and Mistral AI.

But a lot of firms—Ada, Amazon, Deloitte, Google, and Salesforce, for example—now offer automated customer service agents. As established tech giants and countless startups go all in on AI, Patel insists Cisco’s product launches aren’t just designed to create marketing hype. “The technology is starting to show real promise, and we ought to make sure that we can take advantage of that,” he said.