Discover How the Agentic SOC Will Help You Win the AI Era

A Sneak Peek at One of Cisco Live 2026’s Most Anticipated Center Stage Sessions

If you've spent any time in a Security Operations Center (SOC), or at least supporting one, you know the feeling. The alerts never stop and the attackers never sleep. No matter how talented your team is, the sheer volume of threats, data, and noise can feel like trying to hold back a flood with a paper cup.

But now, with AI, something has changed. This year at Cisco Live 2026 in Las Vegas, we're going to talk about it directly, honestly, and with the kind of clarity that only comes from being deep in the work.

The SOC Has Never Had a Moment Like This

In this center stage session, [CENSEC-1203] Defending in the Mythos Era: Frontier AI's Impact on the SOC, David Dalling, GVP of Splunk Security Strategy, will take the stage to confront what frontier AI tools like Mythos actually mean for security teams on the front lines, and why the traditional SOC operating model is no longer built for the world we're living in.

This isn't hype. This is real perspective. If you're serious about security operations for the agentic AI era, this is a session you can’t afford to miss.

Why We're Excited to Be at Cisco Live

For David Dalling and the Splunk Security team, Cisco Live 2026 represents something significant, not just as an event on the industry calendar, but as a moment of real convergence in the AI, IT, and security world.

"The AI transformation is here, and we must transform with it," David explains. "Traditional tools were built for yesterday's battles. The threat landscape has shifted dramatically, and the teams defending organizations deserve tools built for where we are now, not where we were five years ago."

But this year, the conversation goes deeper than AI as a defensive opportunity. Frontier AI is simultaneously the most powerful tool defenders have ever had access to, and the most dangerous capability that attackers have seen. Tools like Mythos are compressing the time-to-exploit timeline in ways that expose the structural fragility of how most SOCs currently operate.

Being at Cisco Live means getting into rooms with some of the most forward-thinking security practitioners, architects, and leaders in the industry. It's a chance to move beyond the abstract conversation about AI and get into the specifics: What does frontier AI actually do to your attack surface? Why does the current SOC operating model not hold under this pressure? And how do you build a unified, intelligent security operating model that can thrive—not just survive—in the Mythos era?

For the Splunk team, there's no better stage to have that conversation than Cisco Live 2026.

The Top Takeaway

Here's the headline every single person at Cisco Live should walk away with:

Frontier AI hasn't created new security problems, it has accelerated existing ones. The organizations that will weather this storm are the ones that have already invested in the right foundations.

Consider these numbers from Zero Day Clock. In 2018, the average time-to-exploit a vulnerability was 2.3 years. By 2023, that had collapsed to 5 months. By 2025, 23 days. In 2026, with frontier AI tools like Mythos in the picture, we are looking at under 20 hours. That is not a gradual trend, that is an inflection point.

The Traditional SOC Operating Model is Broken and the Fix is Operational, not Theoretical

This inflection point is creating three structural conditions that are quietly breaking traditional SOC operating models right now:

• Visibility is fragmented. Stale asset inventories, siloed telemetry, and partial identity mappings create blind spots that automated, high-velocity attacks exploit before defenders can correlate the activity.

• Detection-to-response is human-paced. Current triage and containment workflows were designed for adversaries measured in days. AI-driven exploitation compresses that lifecycle to hours or minutes.

• Trust in tooling is degrading. Alert fatigue and tool sprawl mean the analysts best positioned to respond are trapped in operational overhead. This is the primary condition that AI-driven threats exploit.

The session won't just diagnose these problems. It will present a clear path forward: the Agentic SOC operating model. A model where AI agents collaborate with human analysts across the full threat detection, investigation, and response lifecycle, grounded in a unified data foundation, with human authority preserved over every consequential decision.

The future of the SOC, as this session will make clear, depends not on model capability alone, but on your ability to operationalize your data with confidence. Turning visibility into action and turning noise into defensible intelligence.

Why You Should Be in That Room

Whether you're a SOC analyst, a security architect, a CISO, or a Cisco customer trying to understand how Splunk fits into your evolving security strategy, this session is directly relevant to the decisions you are making right now. Here's what you'll come away understanding:

1. The Mythos inflection point and why it changes everything. Get a clear view of what frontier AI tools like Mythos actually do to the vulnerability and exploitation lifecycle. Understand why the "we'll patch faster" response is insufficient, and what the right defensive posture looks like when AI-driven exploitation becomes the norm.

2. The three structural failures of the current SOC model. Fragmented visibility, human-paced response, and tool sprawl that traps your best analysts in maintenance work. This session will name these conditions directly and explain why they are the primary vectors that AI-driven threats exploit, drawing on data from the Splunk State of Security 2025 and the Zero Day Clock research tracking over 3,500 CVE-exploit pairs.

3. The Agentic SOC as an operating model. This isn't AI bolted onto a legacy SIEM. The Agentic SOC is a fully articulated operating model with three distinct layers: Data, Reasoning, and Action. In this model, agents handle bounded, high-volume tasks, humans exercise authority over consequential decisions, and every agent action is observable, attributable, and reversible.

4. The industry response framework. The session maps directly to the CSA/SANS 11 Priority Actions for the Agentic SOC era. This is a prioritized, practitioner-validated framework for what organizations need to address, and in what order. Walk away with a sequenced 90-day action plan you can bring back to your team on Monday.

5. The Mythos-ready security platform. See how Splunk Enterprise Security Premier, built on the Cisco Data Fabric, and integrating Cisco Talos threat intelligence, Cisco XDR, Cisco ISE, and the Cisco Foundation AI Security Model can deliver the complete Agentic SOC architecture. From continuous asset discovery and risk-based alerting, to AI-assisted triage, automated containment, and behavioral detection that catches novel exploits before a CVE is even published. This is the platform built for the operational reality that Mythos creates.

Session Details and More to Explore

Session: [CENSEC-1203] Defending in the Mythos Era: Frontier AI's Impact on the SOC

Speaker: David Dalling, GVP, Splunk Security Strategy

Want to go deeper? Here's how:

• Join a Guided SOC Tour at the World of Solutions Pavilion, Digital Resilience Welcome Desk. Get an exclusive, behind-the-scenes look at how Cisco detects and responds to active threats in real-time conference traffic, in collaboration with the Network Operations Center (NOC). Learn more on the Cisco Live 2026 site.

• Explore Splunk Enterprise Security Premier demos to understand how the full Agentic SOC stack, from the Cisco Data Fabric foundation to the AI agent roster, comes together for your organization.

• Connect with the Splunk Security team on the show floor to discuss your specific environment, threat exposure, and how Cisco + Splunk helps you get ahead of AI-driven adversaries.

The Bottom Line: Resilience Is Built Before the Exploit Arrives

The threat landscape has never moved faster. Frontier AI tools like Mythos are compressing the discover-to-exploit lifecycle below what any traditional security workflow can match.

The Agentic SOC is not a distant vision. It is a deployable, operational model with a clear maturity path and a sequenced action plan that gives security teams a genuine, durable advantage in the Mythos era. The SOC has never had it easy but, with Splunk Enterprise Security Premier, it has never been better equipped to win.

Register now for CENSEC-1203 and come to Cisco Live 2026 ready to think differently about what your security team can do, while leaving with the insights and inspiration to go do it with Splunk.