Cisco introduced a broad set of security innovations aimed at securing “agentic AI” environments, where software agents take autonomous actions across enterprise systems. The announcement outlines a full-stack approach spanning identity, access control, runtime protection, and security operations, as enterprises move from experimentation to production deployment of AI agents. Cisco said only 5% of organizations have deployed agents at scale despite 85% actively testing them, highlighting security as a primary barrier.
The company extended its Zero Trust framework to AI agents, introducing agent identity management, discovery, and strict access controls. New capabilities in Cisco Identity Intelligence and Duo IAM allow organizations to register agents, map them to human owners, and enforce granular, time-bound permissions. Cisco Secure Access adds model context protocol (MCP) policy enforcement and intent-aware monitoring to govern agent behavior in real time, addressing visibility gaps in non-human identities and agent-driven workflows.
Cisco also expanded its AI Defense portfolio with a new Explorer Edition for self-service model testing, alongside an Agent Runtime SDK to embed security policies directly into agent workflows. The company introduced DefenseClaw, an open-source secure agent framework designed to automate scanning, validation, and inventory of AI components, with planned integration into NVIDIA OpenShell. On the operations side, Splunk enhancements introduce AI-driven automation across the SOC, including exposure analytics, detection engineering tools, federated search, and a suite of specialized AI agents for triage, response, and threat analysis.
Key Points
- Extends Zero Trust Access to AI agents with identity mapping, discovery, and granular permissions
- Adds MCP-based policy enforcement and intent-aware monitoring in Secure Access SSE
- Launches AI Defense: Explorer Edition for red teaming and model/application security testing
- Introduces Agent Runtime SDK to embed guardrails directly into AI workflows
- Debuts DefenseClaw open-source framework for secure agent development and deployment
- Expands Splunk with AI-driven SOC automation, including detection, triage, and response agents
- Integrates exposure analytics, federated search, and MITRE ATT&CK mapping into SOC workflows
- Targets production-scale deployment of AI agents with end-to-end security coverage
“AI agents aren’t just making existing work faster; they’re a new workforce of co-workers that dramatically expand what organizations can accomplish,” said Jeetu Patel, President and Chief Product Officer at Cisco. “The only limit is imagination, and security teams are the key to unlocking this opportunity by making the agentic workforce safe enough to trust.”
🌐 Analysis
Cisco is positioning itself as a control-plane provider for agentic AI, extending identity, policy enforcement, and telemetry into non-human actors. The integration of Duo, Secure Access, and Splunk reflects a strategy to unify identity-centric security with SOC automation, aligning with broader industry shifts toward Zero Trust architectures that include machine identities and AI agents.
Competitors including Palo Alto Networks, CrowdStrike, and Microsoft are also expanding AI security capabilities, but Cisco’s emphasis on open frameworks (DefenseClaw) and ecosystem integration (e.g., NVIDIA OpenShell, multi-cloud agent SDK support) signals a platform-oriented approach. The addition of developer-facing tools such as AI Defense Explorer Edition indicates a shift toward “shift-left” security for AI, where validation and guardrails are embedded earlier in the lifecycle.
