Cisco open-sources agent security framework

Cisco has open-sourced a framework called DefenseClaw as it tries to address a problem it says is slowing enterprise use of AI agents: how to secure, inspect and govern systems that can take actions, not just generate text. Cisco announced the project at RSA Conference 2026 on March 23 and said the software is meant to automate security checks, inventory and policy controls around agent deployments. (newsroom.cisco.com) The company said the framework is part of its AI Defense push and is aimed at organizations moving from experiments to production agent systems. Cisco said its own survey found 85% of major enterprise customers were testing AI agents, while 5% had put them into production. ### Where does this fit in Cisco’s broader AI security push? Cisco said on March 23 that DefenseClaw sits alongside other controls it is adding for what it calls an “agentic workforce,” including Zero Trust access controls for agents, identity intelligence and policy enforcement for model context protocol traffic. In the same announcement, Cisco said AI Defense: Explorer Edition would give developers self-serve tools to test resilience and add guardrails before deployment. Jeetu Patel, Cisco’s president and chief product officer, said in the March 23 release that AI agents are becoming “a new workforce of co-workers,” and that security teams will determine how far companies can trust them in production. (newsroom.cisco.com) Cisco framed the issue in three parts: protecting the world from agents, protecting agents from manipulation, and detecting AI incidents at machine speed. ### What does DefenseClaw actually do? Cisco’s GitHub repository describes DefenseClaw as “Security Governance for Agentic AI” and says it can scan capabilities before use, inspect runtime traffic and export audit evidence. A Cisco blog post announcing the project said the framework is designed as a governance layer on top of agent runtimes and can be deployed quickly by developers. (newsroom.cisco.com) Cisco said in a separate developer post that the framework’s protections cover four areas: prompt and model-traffic guardrails, inspection of tools and model context protocol servers, install-time scanning of skills and plugins, and code review for AI-generated code. That description places the project across both pre-deployment review and runtime oversight rather than as a single scanner. (newsroom.cisco.com) ### Why is Cisco emphasizing governance and audit trails? Omar Santos, writing on Cisco’s executive blog in January, said enterprise risk in agent systems extends beyond model accuracy to execution integrity and accountability. He wrote that trust in agent ecosystems depends on identity, permissions, tool interfaces, memory, runtime containment, monitoring and incident response. (github.com) Cisco’s repository and blog materials reflect that framing. The project’s documentation says it records durable audit evidence for operators and security teams, while Cisco has separately published open-source scanners for agent skills, model context protocol servers and agent-to-agent communications. (blogs.cisco.com) ### How does NVIDIA fit into the rollout? Cisco said in its March 23 announcement that it plans to integrate DefenseClaw with NVIDIA OpenShell, which it described as the sandbox for secure agent deployment. NVIDIA has separately described OpenShell as an open-source runtime for autonomous agents with isolated sandboxes, a policy engine and privacy controls. (blogs.cisco.com) Cisco said on March 16 that OpenShell would provide infrastructure-level guardrails while Cisco AI Defense would add governance around what agents can access and how they operate. That pairing suggests Cisco is positioning DefenseClaw as a control plane around agent behavior rather than as a standalone model product. (github.com) ### What happens next? Arjun Sambamoorthy wrote in a Cisco blog post on March 30 that DefenseClaw is live on GitHub and ready to install. The public repository shows active commits in May, including policy, connector and observability updates, and Cisco has said integration with NVIDIA OpenShell remains part of the roadmap. (blogs.cisco.com 1) (blogs.cisco.com 2) (newsroom.cisco.com)