Cisco used its RSA 2026 keynote to announce a suite of security products aimed at the emerging “agentic AI” market—software that not only answers queries but performs autonomous actions on behalf of enterprises. The company introduced Zero‑Trust Access for AI agents, a self‑serve AI‑Defense testing platform, an open‑source secure‑agent framework called DefenseClaw, and a set of Splunk‑based SOC enhancements designed to let security teams keep pace with AI‑driven threats.
Why “agentic AI” matters now
A recent Cisco survey of large‑scale enterprises found that 85 % of respondents are experimenting with AI agents, yet only 5 % have moved those agents into production environments. The gap reflects lingering concerns about identity, access control, and the potential for agents to be hijacked or to act beyond their intended scope. Cisco positions its new offerings as a way to close that gap by embedding security at every stage of an agent’s lifecycle—from onboarding to runtime enforcement.
Zero‑Trust Access extends identity controls to autonomous agents
Cisco’s Zero‑Trust Access for AI agents builds on its existing Secure Access Service Edge (SSE) platform, adding the ability to register non‑human identities, bind them to accountable human owners, and enforce fine‑grained, time‑bound permissions. The new capabilities are delivered through:
- Agent Identity Management – Duo Identity and Access Management (IAM) now lets administrators enroll AI agents, associate each with a specific employee, and maintain a full audit trail of actions.
- Agent and Tool Visibility – Cisco Identity Intelligence discovers both human and machine identities across the network, giving security teams a clearer picture of AI usage.
- Strict Access Control – Permissions are limited to the exact resources an agent needs, with all traffic routed through a Model Context Protocol (MCP) gateway that provides policy enforcement and risk‑based adaptive controls.
Jeetu Patel, Cisco’s President and Chief Product Officer, emphasized the strategic shift: “AI agents aren’t just making existing work faster; they’re a new workforce of co‑workers that dramatically expand what organizations can accomplish.” He added that security teams are the “key to unlocking this opportunity by making the agentic workforce safe enough to trust.”
Industry analysts note that the rise of autonomous agents amplifies the attack surface on identity systems. The 2025 Cisco Talos Year in Review highlighted a surge in attacks targeting authentication and trust‑broker components—an area Cisco expects to harden with its new zero‑trust extensions.
AI Defense Explorer Edition democratizes red‑team testing
Historically, AI‑security testing has been the domain of specialized consultancies with access to proprietary tooling. Cisco’s AI‑Defense Explorer Edition offers a cloud‑hosted, self‑service version of the company’s AI‑Defense Validation engine. Users can launch multi‑turn adversarial tests against large language models (LLMs) and downstream applications that power agentic workflows. The platform automatically evaluates susceptibility to prompt injection, jailbreaks, and other unsafe outputs, then produces exportable compliance reports.
Key features include:
- Dynamic Agent Red‑Teaming – Simulated attacks that mimic real‑world threat actors attempting to manipulate agent behavior.
- Model & Application Security Scanning – Automated checks for known vulnerability patterns in prompts and responses.
- Actionable Reporting – Clear remediation guidance that can be fed into existing governance processes.
- CI/CD Integration – Native APIs for GitHub Actions, GitLab, Jenkins, and other pipelines, enabling security testing early in the development cycle.
- Collaboration Controls – Team invitations and optional upgrade paths to an enterprise tier with role‑based access control (RBAC).
“Organizations are eager to embrace AI, but they need to do so without creating security coverage gaps,” said Jeremy Nelson, CISO North America at Insight. “Cisco’s Zero‑Trust Access for AI agents gives visibility into agentic identities and restricts access to exactly what’s needed.”
DefenseClaw: an open‑source secure‑agent framework
Cisco announced DefenseClaw, an open‑source framework that bundles a collection of security tools—Skills Scanner, MCP Scanner, AI Bill of Materials (AI BoM), and CodeGuard—into a single pipeline for building and deploying AI agents. DefenseClaw automates inventory, sandboxing, and verification steps that previously required manual effort.
The framework is designed to integrate directly with NVIDIA’s OpenShell runtime, providing a hardened execution environment for agents. By consolidating these capabilities, Cisco aims to eliminate the “manual security steps or separate tool installations” that have slowed adoption of AI agents in regulated enterprises.
Fernando Montenegro, Vice President & Practice Lead of Cybersecurity & Resilience at Futurum, warned that “strict access control for AI agents is critical but challenging to enforce consistently with legacy tools designed for human users.” He praised DefenseClaw’s approach to “modernizing tooling to ensure consistent, adaptive security for AI agents.”
Splunk‑driven SOC upgrades accelerate response at machine speed
The security operations center (SOC) remains a bottleneck for many enterprises, with analysts spending a majority of their time triaging alerts. Cisco’s Splunk portfolio now includes several AI‑enhanced capabilities:
- Exposure Analytics – A continuously refreshed asset and user inventory that feeds real‑time risk scores into Splunk Enterprise Security.
- Detection Studio – An end‑to‑end workspace for building, testing, and deploying detection rules, automatically mapping coverage against the MITRE ATT&CK framework.
- Federated Search – A unified query engine that spans disparate data sources, cutting investigation time.
- Agentic SOC Expansion – A suite of specialized AI agents (Detection Builder, SOP, Triage, Malware Threat Reversing, Guided Response, Automation Builder) that can not only surface data but also execute remediation steps autonomously.
Ryan Morris, President of Blackwood, highlighted the shift: “The evolution of the security operations center from reactive to proactive is now a necessity… By introducing specialized AI agents, Cisco is empowering analysts to move beyond manual triage and prioritize the most important threats quickly.”
Cisco disclosed the availability roadmap: Detection Studio and Malware Threat Reversing Agent are already GA; Exposure Analytics, SOP Agent, and Federated Search are slated for release in April–May; Automation Builder and Triage Agent are expected in June; Detection Builder and Guided Response Agent will enter prerelease testing in June 2026.
Market implications and next steps
Cisco’s announcements target a growing segment of enterprise IT that is experimenting with autonomous AI agents but remains hesitant to move to production due to security concerns. By extending zero‑trust principles to non‑human identities, providing a low‑cost red‑team testing platform, and delivering an open‑source secure‑agent framework, Cisco attempts to lower the barrier for widespread adoption.
The integration with Splunk’s SOC tools further differentiates Cisco’s portfolio, positioning the company as a one‑stop shop for both proactive agent hardening and reactive threat hunting. Competitors such as Palo Alto Networks, IBM, and Microsoft are also investing in AI‑security offerings, but Cisco’s focus on identity‑centric controls and open‑source tooling could resonate with organizations seeking transparent, auditable solutions.
Enterprises interested in exploring these capabilities can sign up for AI Defense: Explorer Edition, evaluate DefenseClaw on GitHub, or engage Cisco’s professional services for a Zero‑Trust Access rollout. Detailed product information is available at cisco.com/go/security.
Power Tomorrow’s Intelligence — Build It with TechEdgeAI
