Cisco launches DefenseClaw and Zero Trust security to protect the agentic AI workforce

3 ways Cisco's DefenseClaw aims to make agentic AI safer

Cisco enters a crowded field of security firms offering agentic oversight. Agentic artificial intelligence, the kind that will automatically watch your email or book your flights, has been an overnight sensation, capturing the imagination but also presenting massive security risks. A natural reaction by enterprise software vendors is to help the "good" agents and block the "bad" agents. And, so, on Monday, networking and security giant Cisco Systems unveiled DefenseClaw, a play on the name of the open-source OpenClaw agentic AI framework that shot to popularity in January. Also: AI agents of chaos? New research shows how bots talking to bots can go sideways fast DefenseClaw is the "operational layer" for agentic security that has been missing, according to Cisco's head of AI software, DJ Sampath. It is a tool for oversight that will "keep a claw governed," he wrote in a blog post. "That's zero to governed claw in under five minutes." DefenseClaw will be posted on GitHub starting March 27, said Sampath. Announced at the annual RSA security trade show in San Francisco this week, DefenseClaw is meant to address the lack of agentic projects going into production, according to Cisco. Only 5% of enterprise-agentic AI has moved from testing to production, according to a survey of "major enterprise customers" that Cisco said it recently conducted. Sampath emphasized that OpenClaw is rapidly becoming every nerd's butler for just about any task. OpenAI has hired Peter Steinberger, the creator of OpenClaw, and Nvidia has offered its own version of the agentic framework, NemoClaw. "My wife and I use it to plan our kids' schedules. I built an agent skill that pulls up the school lunch menu every morning as a reminder," he related. His point is that agents via OpenClaw, Nvidia's open-source offering NemoClaw, or other open-source projects are rapidly expanding in an ungoverned, grassroots fashion. The subtext of Sampath's blog is: Claws are out; better start thinking about them securely. (In a related development, Meta -- owner of Facebook, Instagram, and WhatsApp -- is acquiring the bot social platform Moltbook, which has been a showcase of the good and bad of what can happen when OpenClaw is used to its fullest extent.) DefenseClaw is designed to plug into and use a variety of tools, according to Sampath. OpenShell, the code sandbox software that was unveiled by Nvidia last week at its GTC conference, is important, and so are Cisco's scanning tools, he noted. "But who manages the block lists? Who sees the alerts when something goes wrong at 2 a.m.? That's DefenseClaw." Also: Nvidia bets on OpenClaw, but adds a security layer - how NemoClaw works DefenseClaw does three things, explained Sampath. First, it scans every piece of code before it runs. "Every skill, every tool, every plugin, before it's allowed into your claw environment, and every piece of code generated by the claw gets scanned." That scanning operation is composed of multiple individual tools, such as Cisco's open-source skill-scanner tool. Second, the tool detects threats by scanning all messages entering and leaving the agent at runtime. Third, DefenseClaw will automatically block a "skill," such as an email server account, removing those permissions from the sandbox. The sandbox, in this case, may be Nvidia's OpenShell. Sampath emphasized that the automatic prevention of operations "aren't suggestions; they're walls." Sampath gave an example of running the tool from the command line to first scan an OpenClaw install operation: defenseclaw skill install community/jira-triage With such a request, DefenseClaw would "scan first, check your block/allow lists, generate a manifest, and only then install. Nothing bypasses the admission gate." Cisco is using its Splunk log analysis tool as the monitoring system of record for all claws, said Sampath. "Every claw is born observable," he wrote, "All stream into Splunk as structured events the moment your claw comes online." In fact, Cisco announced several additional Splunk extensions intended to make the tool more like an automated security operations center (SOC). For example, a Guided Response Agent, due in alpha release "soon," said Cisco, will "help SOC teams go from detection hypothesis to production in minutes with accuracy -- allowing teams to quickly import, tune, and tag detections." The idea is that you type a request to the agent at the prompt, such as the reputation of a given URL, and it will narrow down what needs to be checked. DefenseClaw is one of many pieces of an agentic AI security toolkit that Cisco announced on Monday. Other parts include enhancements to Cisco Secure Access to enforce agent identity verification and access control, and to apply zero-trust procedures to each agent created. Also: AI agents are fast, loose, and out of control, MIT study finds Cisco claimed it is moving beyond mere code scanning with the introduction of tools to red team potential risks, meaning, simulate real-world threats. A new offering, Cisco AI Defense: Explorer Edition, will "conduct multi-turn adversarial testing for models and applications that power agentic workflows," and examine the AI models themselves to "validate resistance to prompt injection, jailbreaks, and other unsafe outputs." Cisco is also offering an agent runtime SDK it claimed will "embed policy enforcement" into the code as it's being developed. Cisco gets props for offering clever branding with DefenseClaw within what will become a very crowded market. Just about every enterprise vendor is pledging to secure, authenticate and potentially block agents in production. That includes the traditional cybersecurity firms that have been handling zero trust, such as Palo Alto Networks and Zscaler; the DevOps firms that have handled code-scanning, such as JFrog and GitLab; and the observability firms that offer tools for both development-time and runtime oversight of code, such as Dynatrace and Datadog. And then there are Anthropic, OpenAI, and Google, all of which offer tools for code scanning and related tasks. Also: Will AI make cybersecurity obsolete, or is Silicon Valley confabulating again? It remains to be seen whether Cisco's control of enterprise networking -- it holds a dominant share in corporate campus and wide-area routing and switching -- will give the company an edge against those many other offerings. It's also not yet clear whether enterprises will hand off the whole matter to their security operations teams or simply push back on developers to be more careful with their code from the outset. Some enterprises may just throw up their hands and forbid "claws" entirely.

Cisco debuts new AI agent security features, open-source DefenseClaw tool - SiliconANGLE

Cisco debuts new AI agent security features, open-source DefenseClaw tool Cisco Systems Inc. is rolling out a set of new features designed to help companies secure their artificial intelligence agents. The product enhancements made their debut today at the RSAC 2026 Conference. The networking giant also released an open-source tool, DefenseClaw, that can scan AI agents for vulnerabilities. The first batch of new features will help customers regulate how their AI agents interact with tools such as MCP servers. The capabilities, some of which are still in development, will be reportedly be rolled out to several different Cisco products. One of those products is Duo IAM, a tool for managing user access to business applications. The product enhancements will make it possible to register AI agents in Duo IAM along with information on which employees use them. Once an agent is registered, administrators can define rules that specify which tools it may access. Furthermore, they can regulate how an agent may interact with each tool. For example, a user could specify that an AI application may view the information in a financial database but not modify it. Agents' tool access can be limited to specific time frames. A company could specify that agents may only perform a certain task during business hours. That reduces the amount of time hackers have to launch cyberattacks. "Cisco continuously evaluates agent interactions across APIs, MCP servers, and enterprise systems to detect abnormal behavior or manipulated instructions," Raj Chopra, the senior vice president and Chief Product Officer of Cisco's security business group, wrote in a blog post. "By analyzing intent, the platform can identify risks like unauthorized tool usage, policy violations, and attempts to access sensitive data." Cisco is rolling out a second set of cybersecurity enhancements to Splunk, the observability and cybersecurity platform that it acquired in 2024. One of the main additions is a new tool for developing detections. A detection is a custom code snippet designed to spot a specific type of cybersecurity issue. Cisco says that its new tool eases tasks such as testing newly crafted detections for technical issues. The update will also ease other aspects of cybersecurity teams' work. According to Cisco, Splunk can now generate an inventory of all the assets in a corporate network complete with data on how they interact with one another. Additionally, the company has added a half dozen AI agents that automate tasks such as remediating breaches. Cisco announced the product updates alongside a new open-source project. DefenseClaw, as it's called, is designed to make AI agents such as OpenClaw more secure. The tool is built atop another open-source OpenClaw security project called OpenShell that Nvidia Corp. released last week. Cisco says that developers can install DefenseClaw in about 5 minutes. From there, the tool searches for cybersecurity issues across the MCP tools, plug-ins and other technical resources that an AI agent uses to perform tasks. Furthermore, DefenseClaw tracks how those resources change over time to ensure that newly introduced vulnerabilities don't go unnoticed. A permission management feature enables administrators to block specific MCP servers. According to Cisco, block rules are applied in 2 seconds without restarting the affected agents. "When you block a skill, its sandbox permissions are revoked, its files are quarantined, and the agent gets an error if it tries to invoke it," DJ Sampath, the senior vice president of Cisco's AI and software platform business, explained in a blog post. "When you block an MCP server, the endpoint is removed from the sandbox network allow-list and OpenShell denies all connections." DefenseClaw also includes other cybersecurity controls. If workers use an AI agent to develop software, the tool can scan its output for malicious code. DefenseClaw sends telemetry about the cybersecurity risks that it finds to Splunk through a pre-packaged connector. Cisco released DefenseClaw alongside two other free cybersecurity tools.

Cisco Unveils Zero Trust For AI Agents: 5 Things To Know

At RSAC 2026, the tech giant is extending its zero trust access capabilities to AI agents, as a way to enable secure agentic adoption in the workforce, Cisco's Tom Gillis tells CRN. Cisco Systems is aiming to provide a massive boost to the adoption of AI agents in the workforce with a new set of security capabilities announced Monday, including new zero trust functionality for agentic that represents a "big step forward" for the industry, Cisco executive Tom Gillis told CRN. The tech giant unveiled the product expansion, which includes the extension of its zero trust access capabilities to AI agents, in connection with the start of RSAC 2026 in San Francisco. [Related: Cisco 360: A 180 For The Tech World's Iconic Partner Program] Cisco also debuted updates to its AI Defense offering with the introduction of a free "Explorer Edition." What follows are five things to know about Cisco's unveiling of zero trust for AI agents and other updates at RSAC 2026. While the arrival of agents has created new identity and access security challenges for organizations, the reality is that traditional zero trust architectures have not been designed to handle the issues, Gillis said in an interview with CRN. And that could impede the adoption of agentic within the workforce, he said. Fundamentally, the issue is also that controlling access is not sufficient for securing agents, according to Gillis, senior vice president and general manager for Cisco's infrastructure and security group. Security must govern what actions agents can take, not just what they can log into, he said. When it comes to securing AI agents, "we believe that has to evolve from access control to action control," Gillis said. "It needs to be more fine-grained, and it needs to be more intelligent -- where it can allow selective access for certain tasks, but not general and broad [access]." In response, Cisco is introducing Zero Trust Access for AI agents, providing task-based permissions for agentic activities. The offering enables organizations to move from providing long-lived credentials, such as those often granted to humans, to providing tightly controlled permissions linked to specific workflows for agents, according to Cisco. The tool also provides monitoring for evaluating whether agent actions are appropriate, effectively supervising the activities of agents, Gillis said. Ultimately, "we need the ability to apply judgment and reasoning to the behavior of the agent, and say, 'Does this look like something that is acceptable?'" he said. At the moment, there are no existing capabilities of this sort available in the industry, according to Gillis. "This is a pretty big step forward," he said. "We do think the problem is urgent enough that we know our competitors are working on it too. We just think we're ahead." Cisco said that its Zero Trust Access capabilities for AI agents will be integrated throughout its offerings in identity and security. In other words, "this is not a point solution. This is a feature on our platform," Gillis said. "So you don't [have to] go deploy some new thing. This is built into secure access." Partners and customers will be able to register agents in Duo IAM, with the agents then mapped to accountable human workers, while Cisco Identity Intelligence will be able to discover the agentic identities and related security issues, according to the company. Many partners are "urgently" being asked to help their customers to address these challenges around securing AI agents, Gillis said. Zero trust has been a major focus area in recent years for the partner community, but "you have to think very differently about the access that you give to an agent," he said. "Partners lead the way here," Gillis said. "The partner is the one that is going to show the customer the nature of this problem." All in all, instead of blocking agents, Cisco wants to help organizations to embrace the new technology, "but do it safely," he said. "Here's a solution to do it, with secure access, and then to monitor the operation day to day." At RSAC 2026 on Monday, Cisco also expanded its AI Defense offering with the debut of a free version, the "Explorer Edition." The focus here is around keeping agents secure against compromise by attackers, Gillis said. Key capabilities include dynamic red teaming for agents and model and application security testing, as well as streamlined security reporting, according to Cisco. Partners can provide the free tool to customers as a discovery tool, Gillis noted. Partners can thus demonstrate to customers that the AI agents they're using may have serious security flaws that need to be addressed, he said. Offering that type of discovery is "a proven way to engage new customers," Gillis said. "This is a dynamite opportunity for our channel partners."

Cisco Unveils New Security Innovations for the Emerging Agentic AI Workforce

Cisco is also introducing the LLM Security Leaderboard, a comprehensive resource for evaluating model risk and susceptibility to adversarial attacks. By providing transparent evaluation signals, this leaderboard contextualizes model performance metrics against evaluations of how models handle malicious prompts, jailbreak attempts, and other manipulation strategies. The tool empowers organizations with a clear, objective understanding of model risk and informs defense-in-depth approaches to AI deployments. Together, these capabilities let organizations move from pilot to production with confidence: knowing their agents have been tested, benchmarked, and hardened before they ever touch a production system. Security is a team sport, and Cisco continues to lead with transparency and collaboration. Building on the release of its first open source foundation AI model at last year's RSA Conference, Cisco is today introducing DefenseClaw -- a secure agent framework designed to eliminate friction between development and security. By integrating a suite of essential open source tools -- including Skills Scanner, MCP Scanner, AI BoM, and CodeGuard -- DefenseClaw helps ensure that every skill is scanned and sandboxed, every MCP server is verified, and every AI asset is automatically inventoried, enabling developers to deploy secure agents with greater speed and confidence.

Cisco Reimagines Security for the Agentic Workforce

With end-to-end security across AI actions, Cisco is helping organizations confidently deploy AI agents at scale * Cisco extends Zero Trust Access to agents with agent discovery in Cisco Identity Intelligence, agentic Identity and Access Management (IAM) in Duo, and model context protocol (MCP) policy enforcement and adaptive risk protection in Secure Access security service edge (SSE). * AI Defense: Explorer Edition democratizes AI safety and security by providing developers with self-serve tools to test model and application resilience against attacks and embed robust guardrails into agents before they are deployed. * Cisco introduces DefenseClaw, an open source secure agent framework that automates security and inventory, with plans to integrate with NVIDIA OpenShell as the sandbox to eliminate manual steps and accelerate secure agent deployment. * New Splunk AI innovations transform security operations by automating response workflows, enabling teams to outpace sophisticated adversaries at machine speed. Cisco today announced significant security innovations designed for the agentic AI ecosystem, where software no longer just answers questions -- it acts. At RSA Conference 2026, Cisco is introducing solutions to address AI security issues and remove a top barrier to agent adoption. By establishing trusted identities, enforcing strict Zero Trust Access controls, hardening agents before deployment, enforcing guardrails at runtime, and giving security operations center (SOC) teams the tools to stop threats at machine speed, Cisco is building security into the foundation of the emerging AI economy. "AI agents aren't just making existing work faster; they're a new workforce of co-workers that dramatically expand what organizations can accomplish," said Jeetu Patel, President and Chief Product Officer at Cisco. "Projects shelved for lack of resources are now within reach. The only limit is imagination, and security teams are the key to unlocking this opportunity by making the agentic workforce safe enough to trust." In a recent Cisco survey of major enterprise customers, 85% reported experimenting with AI agents, but just 5% had moved agentic technology into production. To unleash the vast potential of AI agents, Cisco is addressing three key pillars to securing the agentic workforce. First: Protecting the world from agents, ensuring they can only act as intended. Second: Protecting agents from the world, ensuring they can't be manipulated or corrupted. Third: Detecting and responding to AI incidents at machine speed and scale. Protect the world from agents: Establish trust before agents go to work Like new employees, AI agents need onboarding to establish their identity, understand their function, and map them to an accountable human manager. Yet today, most enterprises are unaware of which agents are running, let alone who is responsible if something goes wrong. Existing SSE tools weren't built to enforce time-bound access for agentic workload identities, nor can they understand context behind agent requests. According to the 2025 Cisco Talos Year in Review release today, attackers overwhelmingly targeted a subset of components that directly authenticate users, enforce access decisions, or broker trust between systems. Adversaries' focus on identity will only accelerate with the rise of agentic workloads. To address these challenges, today Cisco is extending Zero Trust Access to AI agents, holding them accountable to a human employee and securing agentic actions. New Duo IAM capabilities integrate with novel MCP policy enforcement and intent-aware monitoring in Cisco Secure Access to enforce strict access control, uniquely helping organizations gain full visibility and governance over their agentic workforce. These capabilities include: * Agent Identity Management: Customers can register agents in Duo IAM and map them to accountable human owners, ensuring every agent has a verified identity and enabling traceability of actions. * Agent and Tool Visibility: Cisco Identity Intelligence discovers agentic and non-human identities to help organizations understand existing AI usage. * Strict Access Control: Agents are assigned fine-grained permissions only for the specific tasks they perform or resources they need for a short duration, with all tool traffic routed through an MCP gateway to eliminate blind spots. "Organizations are eager to embrace AI, but they need to do so without creating security coverage gaps. Cisco's Zero Trust Access for AI agents gives visibility into agentic identities and restricts access to exactly what's needed," said Jeremy Nelson, CISO North America, Insight. "We're excited to bring these capabilities to customers to secure their data while scaling their AI initiatives." "In this dynamic agentic tech environment, strict access control for AI agents is critical but challenging to enforce consistently with legacy tools designed for human users. This creates uneven enforcement and blind spots, leading to gaps that agents in an agentic world will inevitably exploit," said Fernando Montenegro, Vice President & Practice Lead, Cybersecurity & Resilience, Futurum. "Cisco's platform approach is well-positioned to address these challenges by modernizing tooling to ensure consistent, adaptive security for AI agents." Protect agents from the world: AI Defense safeguards the agentic workforce As businesses race to deploy AI agents across increasingly complex and distributed environments, Cisco is expanding AI Defense with powerful new tools that help organizations test, trust, and secure their AI agents and the interactions between them. Traditional scanning tools cannot simulate the real-world threats agents encounter, which are marked by longer conversations and access to tools and resources. To empower more organizations to meet this challenge head-on, Cisco is democratizing the industry-leading capabilities of AI Defense by launching Cisco AI Defense: Explorer Edition. This new self-service solution is built on the same core AI Defense Validation engine trusted by Global 2000 customers. After signing up, users can begin red teaming the AI models and applications that will be deployed into agentic workflows to uncover susceptibility to attacks and measure risk posture before deployment. This toolkit enables AI developers, AppSec teams, and security researchers to build and secure AI agents. At launch, Cisco AI Defense: Explorer Edition features: * Dynamic Agent Red Teaming: Conduct multi-turn adversarial testing for models and applications that power agentic workflows, with Cisco's bespoke AI red teaming framework. * Model and Application Security Testing: Validate resistance to prompt injection, jailbreaks, and other unsafe outputs. * Straightforward Security Reporting: Get actionable AI security insights, exportable for compliance review. * API-First Access: Tap into CI/CD integration for GitHub Actions, GitLab, Jenkins, and custom pipelines. * Team Collaboration: Invite teammates; upgrade to AI Defense Enterprise for advanced role-based access control (RBAC). Separately, Cisco is unveiling its Agent Runtime Software Development Kit (SDK), which embeds policy enforcement directly into agent workflows at build time. The Agent Runtime SDK supports major frameworks including AWS Bedrock AgentCore, Google Vertex Agent Builder, Azure AI Foundry, LangChain, and more. Cisco is also introducing the LLM Security Leaderboard, a comprehensive resource for evaluating model risk and susceptibility to adversarial attacks. By providing transparent evaluation signals, this leaderboard contextualizes model performance metrics against evaluations of how models handle malicious prompts, jailbreak attempts, and other manipulation strategies. The tool empowers organizations with a clear, objective understanding of model risk and informs defense-in-depth approaches to AI deployments. Together, these capabilities let organizations move from pilot to production with confidence: knowing their agents have been tested, benchmarked, and hardened before they ever touch a production system. Security is a team sport, and Cisco continues to lead with transparency and collaboration. Building on the release of its first open source foundation AI model at last year's RSA Conference, Cisco is today introducing DefenseClaw -- a secure agent framework designed to eliminate friction between development and security. By integrating a suite of essential open source tools -- including Skills Scanner, MCP Scanner, AI BoM, and CodeGuard -- DefenseClaw helps ensure that every skill is scanned and sandboxed, every MCP server is verified, and every AI asset is automatically inventoried, enabling developers to deploy secure agents with greater speed and confidence. DefenseClaw features will directly hook into NVIDIA's OpenShell, extending the ongoing collaboration to provide robust, automated security at the runtime level. By consolidating these capabilities into a single framework, Cisco eliminates the need for manual security steps or separate tool installations, allowing organizations to maintain zero-trust integrity while scaling agentic workforces. Detect and respond at machine speed: Empowering the agentic SOC AI technologies are a double-edged sword. As the latest Talos Year in Review report shows, vulnerabilities like React2Shell have seen near instant and automated exploitation, likely fueled by agentic AI being used to build new exploit kits. The same AI agents posing new security challenges can also be the most powerful tool in a defender's arsenal. Today's SOC analysts are overwhelmed by alert fatigue and fragmented data, spending more time on research than response. Splunk, part of Cisco's security portfolio, has already moved to embed AI capabilities into key SOC workflows. Today, it is further evolving the SOC from reactive to proactive with: * Exposure Analytics: Now integrated into Splunk Enterprise Security by default, this provides a continuously updated inventory of all assets and users. It delivers real-time risk scoring and relationship mapping, providing total visibility using data that organizations are already ingesting. * Detection Studio: A unified workspace that streamlines the entire detection engineering lifecycle -- planning, building, testing, deploying, and monitoring detections. It automatically maps detection coverage against the MITRE ATT&CK framework to identify and close gaps with precision. * Federated Search: A unified search that allows SOC analysts to uncover and correlate data across multiple environments, reducing costs and accelerating investigations. * The Agentic SOC Expansion: Specialized AI agents -- including the Detection Builder Agent, Standard Operating Procedures (SOP) Agent, Triage Agent, Malware Threat Reversing Agent, Guided Response Agent and Automation Builder Agent -- move beyond data surfacing to active evaluation and execution. By automating security workflows, security tasks shift from a bottleneck to an accelerator, enabling the SOC to move at machine speed and scale. "The evolution of the Security Operations Center from reactive to proactive is now a necessity in today's threat landscape. By introducing specialized AI agents, Cisco is empowering analysts to move beyond manual triage and prioritize the most important threats quickly," said Ryan Morris, President, Blackwood. "This is exactly the innovation required to help security teams stay ahead of constantly increasing and evolving SOC workloads." Detection Studio and Malware Threat Reversing Agent are generally available. Exposure Analytics, SOP Agent and Federated Search are expected to launch in April and May. Automation Builder Agent and Triage Agent are expected to launch in June. Detection Builder Agent and Guided Response Agent target June 2026 for prerelease testing.