Project Glasswing pushes Cisco to perfect shift left security for customers

Project Glasswing pushes Cisco to perfect shift left security for customers

Experience with Anthropic’s Claude Mythos is helping Cisco upgrade its solutions to meet the demands of agentic AI while tying in Splunk’s observability innovations.

Like many other vendors, Cisco is anticipating how AI is going to change the game in the security industry. Not just in terms of managing the spike in exploits, but how the exploit window is going to be significantly reduced. This is why Cisco is focusing its efforts on bringing shift left security to enterprise customers

After its preview of Anthropic’s Claude Mythos under Project Glasswing, Cisco, together with unified security and observability experts Splunk, has been busy working on solutions to be as close to ‘machine speed’ as possible in terms of managing vulnerabilities. This makes good on Cisco’s US$28 billion acquisition of Splunk in 2024.

“We know that the current network or yesterday’s network cannot support the AI-driven enterprise anymore because we are operating in a very different playing field right now — every AI agent's decision is also a routing challenge, a trust decision, and a telemetry event,” said Tay Bee Kheng, President at Cisco ASEAN in her opening keynote of Cisco Connect 2026 in Singapore.

“Observability is no longer [about] monitoring the system. Observability is user behavior analysis […] Networking, security, and observability can longer be siloed anymore.”

This year’s Cisco Connect was likely influenced by its experience scanning over 1.8 billion lines of code across the breadth of Cisco’s portfolio in just eight weeks under Project Glasswing. This feat was something the security research team would have expected to complete in eight years in the ‘traditional’ way.

“One of the things that we are trying to do is to shift left, test our code, hopefully to be able to detect a lot of all these vulnerabilities [and] fix them before we launch it into a public form for customers’ use,” said Juan Huat Koo, director, Cybersecurity at Cisco ASEAN.

“But let’s also face it: it’s impossible to be zero vulnerability. Vulnerabilities will come up once in a while, so what we’re trying to do is balance how the operating model is going to look like. Of course we want to help our customers to detect and address vulnerabilities as soon as we can, but at the same time there will be occasions in which there is no cash available yet.”

In the meantime, Cisco has innovations available to help customers defend their infrastructure while waiting for patches to be developed and implemented in the system.

Marrying security and observability through Splunk

Furthermore, Koo understands that security is a highly fragmented market and above all else, customers covet the ability to be resilient — especially after a security incident, whether the cause is AI or common issues like server or network failures.

“To our customers, it’s about business application uptime, so marrying the security and observability aspect is critical,” he said.

He knows that enterprises tend to have multiple solutions in one system, which can increase security gaps in the environment. This is why Cisco is choosing to remain ‘open’ to support customers.

“Customers [aren’t] just using solutions from Cisco, so we need the ability to interoperate with the open ecosystem,” he said.

“The crown jewel is going to be processing all this information, deriving all the insights and the actionable intelligence so that you can take action from a proactive, preventive manner. In this way, Splunk comes into the picture.”

Two years into the acquisition, Robert Pizzari, Splunk’s group vice president of Asia told CRN Asia that they have worked on accelerating innovation and ensuring technology integration between the two vendors.

However, both Pizzari and Koo acknowledged that in markets like Singapore where SMBs dominate, it may not always be easy to sell security solutions with customers dealing with lean budgets. Both shared that they rely on channel partners, especially managed security service providers to support such customers.

“With the SMBs [it is] definitely a lot more challenging because they don’t have the necessary skill set within their environment,” Koo told CRN Asia. “As an industry, we are working with partners and associations to see how we can educate them. [We are] working with partners to see how we can put together some programs or offerings to help them jump start.”

“Within our channel ecosystem, [SMBs] are an important segment […] how do we not leave those organizations behind?” said Pizzari. “I feel for organizations who will never have enough funding or resources to scale. By shifting into a service operational model, they can then get the benefits and advantages.”