Cisco DevNet Launches AI Repos Catalog for MCP Servers

Cisco's DevNet team has launched a dedicated AI repositories catalog at developer.cisco.com/codeexchange/ai, centralizing Model Context Protocol (MCP) servers and AI agents built for Cisco infrastructure. The catalog went live during Cisco Live EMEA 2026, giving developers a single discovery point for tools that connect AI assistants to network automation workflows.

The timing tracks with Cisco's broader push into agentic AI. We covered the MCP-focused developer sessions at Cisco Live Amsterdam earlier this month, where Gabi Zapodeanu's workshops walked engineers through building their own MCP servers. The new catalog now gives those developers a place to publish and discover finished implementations.

What's in the Catalog

The catalog splits into two main categories: MCP servers and AI agents. MCP servers expose network operations to AI clients—allowing language models to query device status, push configurations, or retrieve telemetry through natural language commands. AI agents package those capabilities with reasoning logic, handling multi-step tasks autonomously.

Initial MCP server listings include official Cisco-maintained projects for Splunk and ThousandEyes, alongside community-built servers for Firepower Management Center (FMC), Meraki, RADKit, ISE, and NetBox. The variety reflects how quickly the ecosystem has grown—over 13,000 MCP servers appeared on GitHub in 2025 alone, though not all are enterprise-ready.

Filtering options help developers narrow results by deployment type (stdio, HTTP/Stream, HTTP/SSE) and supported features (tools, prompts, resources). For AI agents, filters include compatible models—both local and cloud-hosted—and supported protocols like A2A, MCP, and AGNTCY.

Built-In Testing Tools

The catalog includes an MCP Inspector accessible directly in the browser. Developers can explore available tools, test server responses, and validate configurations without spinning up local environments first. For security teams evaluating whether an MCP server is safe to deploy, the inspector provides visibility into exactly what operations a server exposes before granting it network access.

This addresses a real gap. MCP servers often lack standardized documentation, and security researchers have flagged concerns about prompt injection, overly permissive tool access, and lookalike tools that can replace trusted ones. The inspector at least lets teams audit capabilities before deployment.

Submission Process

Developers can submit their own AI projects to the catalog. Requirements are straightforward: the project must be published on GitHub, include proper documentation, and carry a valid open-source license. This mirrors the existing Code Exchange submission process but routes AI-specific projects into the dedicated catalog.

The open submission model carries familiar tradeoffs. It enables rapid ecosystem growth but shifts vetting responsibility to consumers. Organizations adopting community-built MCP servers should treat them like any third-party dependency—review the code, validate the maintainer's track record, and test in isolated environments before production deployment.

Protocol Fragmentation Context

The catalog supports multiple AI agent protocols, including MCP, A2A (Agent-to-Agent), and AGNTCY. Cisco has positioned itself as protocol-agnostic, serving on the technical steering committees for both A2A and AGNTCY projects under the Linux Foundation. The recent OpenAI Enterprise AI report highlighted Cisco's network infrastructure as foundational to AI workload scaling—the Code Exchange catalog extends that positioning into developer tools.

The multi-protocol approach reflects industry reality. MCP handles tool exposure and client-server communication, while A2A addresses agent-to-agent orchestration for complex workflows. Rather than betting on a single standard, Cisco's catalog aggregates across protocols, letting developers filter by what their existing infrastructure supports.

Security Considerations

MCP servers with network access warrant careful evaluation. An MCP server integrated with Catalyst Center or ISE can potentially modify configurations, adjust access policies, or exfiltrate sensitive telemetry depending on its permission scope. The catalog's filtering by "features" (tools, prompts, resources) provides some visibility, but production deployments need tighter controls.

Cisco's own guidance from the Cisco Live developer sessions distinguishes between imperative and declarative tools—read-heavy operations suitable for broad access versus write operations requiring strict guardrails. Organizations should apply the same logic when evaluating catalog entries: query tools are lower risk than configuration management tools, and anything touching security policy (ISE, Firepower) demands extra scrutiny.

The Moltbook breach exposing 1.5 million AI agent API keys earlier this week is a timely reminder that AI agent credentials face the same exposure risks as any other secret. MCP server integrations that store API keys or OAuth tokens need the same lifecycle management and rotation policies applied to traditional infrastructure credentials.

Why This Matters

The Code Exchange AI catalog represents Cisco's bet that enterprise AI adoption will run through network infrastructure. MCP servers turn routers, switches, and security appliances into tools that AI assistants can invoke—collapsing the gap between natural language queries and network operations.

For security teams, the catalog creates both opportunity and overhead. Centralized discovery makes it easier to find tools, but also easier for shadow IT to discover and deploy MCP servers without proper review. Organizations should inventory which Code Exchange projects are already in use, establish approval workflows for new adoptions, and ensure API credentials connecting MCP servers to infrastructure are properly scoped and monitored.

The catalog is live now at developer.cisco.com/codeexchange/ai.