Cisco’s AI Ambitions Tested by Critical Security Flaw

Cisco Systems finds itself navigating a complex landscape of high-growth opportunity and significant operational risk. The networking giant's shares recently touched a historic peak, fueled by bullish analyst sentiment around its artificial intelligence infrastructure business. However, this optimism is being tempered by the discovery of a severe security vulnerability in its core products, presenting a direct challenge to its reputation in cybersecurity.

The company's fundamental business metrics continue to impress. Its latest quarterly results surpassed market forecasts, reporting revenue of $14.88 billion and adjusted earnings per share of $1.00. For the current fiscal year, management has provided guidance for EPS in the range of $4.08 to $4.14.

This solid performance is being increasingly driven by AI. Cisco's leadership has set a target of approximately $3 billion in annual revenue from AI infrastructure by fiscal year 2026. The momentum is already visible; orders from hyperscale customers for AI-related products reached $1.3 billion in the last quarter alone. Consequently, the contribution of AI business to total revenue has more than doubled from 2% to nearly 5% over a two-year period.

This growth trajectory has caught the attention of Wall Street. Analysts at Morgan Stanley recently raised their price target for Cisco shares from $82 to $91, reaffirming an "Overweight" rating. They highlight the company's strategic position to benefit from the industry's shift toward Ethernet-based AI networking, noting that its profit expansion is not solely reliant on raising prices.

Should investors sell immediately? Or is it worth buying Cisco?

A Severe Security Threat Emerges

Contrasting sharply with this positive financial narrative is a serious security incident. In mid-December, as the stock was breaking through its all-time high from the dot-com era—a level not seen in 25 years—a critical zero-day flaw was identified in Cisco's AsyncOS software. The vulnerability has been assigned the maximum severity rating of CVSS 10.0.

The flaw is already under active exploitation by a hacking group linked to China, which is targeting Cisco's Secure Email Gateway products. In response, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its catalog of known exploited security flaws. CISA has mandated that federal agencies patch their systems by December 24, 2025. For corporate clients globally, addressing this issue may necessitate a costly and complex overhaul of their security infrastructure.

Investor Focus: Balancing Growth with Core Stability

The current situation presents investors with a clear dichotomy. The market is now weighing the strength of Cisco's burgeoning AI order book against the potential reputational damage and financial costs stemming from this security crisis. The stability and reliability of its security portfolio—a cornerstone of its core business—have abruptly returned to the forefront as a critical investment consideration.

Cisco's immediate challenge is to demonstrate that its aggressive growth in new, high-value areas like AI will not be undermined by weaknesses in its established operations. The company's ability to respond swiftly and effectively to this security threat is likely to be a key factor influencing its share price in the near term.