Cisco Expands AI Defense for Agent Security

In a company blog post, Cisco announced the latest expansion of Cisco AI Defense, framed as an update that adds agent-specific security, AI supply chain governance, and runtime protections (Cisco blog). The company detailed new features such as adaptive red teaming that accepts custom objectives and executes multi-stage attack simulations, and a Policy Studio that builds guardrails from natural-language descriptions plus uploaded policy documents (Cisco blog). Cisco's investor press release and newsroom posts list additional items including an AI BOM for centralized software-asset visibility, agent discovery and agentic IAM in Duo, and AI-aware SASE capabilities to detect and route AI traffic (Cisco press release; Cisco newsroom). The release also names an open-source secure agent framework, DefenseClaw, and describes integrations with AWS for automated scanning of MCP servers and with Splunk for SOC automation (Cisco newsroom; AWS blog).

Per Cisco's blog, adaptive red teaming interprets user-provided objectives, generates multi-step attacks, and assesses feasibility and impact; the Policy Studio refines policies through follow-up questions before producing enforceable guardrails (Cisco blog). The MCP concept is referenced as part of the attack surface Cisco and AWS describe in their joint writeup, noting dozens to hundreds of MCP servers and Agent Skills can create visibility and compliance gaps (AWS blog). Cisco's materials say the AI-aware SASE and Secure Access SSE engines include policy enforcement tied to a model context protocol and adaptive runtime protections for agent interactions (Cisco press release; Cisco newsroom).

Enterprises are shifting from single-instance AI assistants to agentic systems that execute multi-step actions across services, a transition that increases the attack surface and amplifies the need for inventory, governance, and runtime defenses. Reporting by Cisco and AWS frames three operational gaps: visibility into deployed agents and tools, manual security review bottlenecks that do not scale, and missing audit trails needed for compliance (Cisco blog; AWS blog). Observed patterns in similar transitions: organizations adopting comparable agent frameworks typically require automated scanning, contextual policy enforcement, and cryptographic continuity to keep pace with machine-speed exploitation.

• •Adaptive red teaming and Policy Studio: tools to simulate targeted attacks and produce context-aware guardrails before deployment, per Cisco's documentation (Cisco blog).
• •AI BOM and DefenseClaw: inventory and an open-source framework to automate agent hardening and lifecycle tracking, described in Cisco press materials (Cisco press release; Cisco newsroom).
• •Integrations and partnerships: automated MCP/agent scanning and unified governance in collaboration with AWS, plus SOC automation using Splunk, as outlined in Cisco and AWS posts (AWS blog; Cisco newsroom).

Editorial analysis: The combination of pre-deployment testing, runtime policy enforcement, and supplier-aware inventory aligns with a pragmatic, defense-in-depth approach favored by large enterprises. Security tooling that couples semantic policy input with enforcement and telemetry can reduce manual review friction, but teams adopting these stacks will still need to integrate outputs into change-control, logging, and incident response workflows.

Observers should track real-world adoption signals such as availability of DefenseClaw production integrations, vendor support for MCP standardization, how Splunk connectors consume agent telemetry, and whether AWS tooling expands automated attestation of MCP servers (Cisco newsroom; AWS blog). Also watch for third-party audits or independent red-team reports that validate the efficacy of adaptive red teaming and runtime guardrails.

Editorial analysis: For practitioners, the practical value will be measured by how these components reduce mean time to detect and remediate agent-driven incidents, and by how easily the systems integrate with existing identity, SIEM, and DevSecOps pipelines.