The Cisco Secure AI Factory with NVIDIA reference architecture, layer by layer. Each row shows the reference products, deployment-tier coverage (via chips), and the home-lab implementation status. Product names taken from the GTC 2026 Cisco+NVIDIA co-announcement. A green ● marker means the product actually runs in the AI Defense demo.
Deployment tiers. SAIF is positioned across four tiers per the GTC 2026 co-announcement — Central DC · Local Edge · Enterprise Edge · SP Edge — reflected as chips on each layer above. Lab coverage is Central DC only; Local Edge (real-time inference), Enterprise Edge (mission-critical on-prem), and SP Edge (managed multi-tenant) are reference-only. Side-by-side write-up with rollout tiers: /roadmap ↗
§ Agent security — emerging cross-cutting pattern
As LLM systems become agentic — invoking tools, calling other agents, taking actions — a distinct security surface emerges that doesn't cleanly belong to one SAIF layer. It runs at L2 · AI Runtime (via NVIDIA OpenShell + Agent Toolkit) and at the Security wrap (via NVIDIA NeMo Guardrails + Cisco AI Defense). All four products are already listed in their home layers above; the pattern is the framing — GTC 2026 calls this out as a first-class integration.
Lab coverage: Cisco AI Defense is live (three-point guard in the AI Defense demo). NeMo Guardrails · OpenShell · Agent Toolkit remain planned.