Cisco has announced important security developments aimed at the agentic AI ecosystem, in which the software is no longer limited to answering questions, but acts through agents. At the RSA 2026 Conference, Cisco responds to AI security issues and eliminates one of the main barriers to agent adoption. By establishing trusted identities, enforcing strict zero-trust access controls, hardening agents before deployment, applying protection measures at runtime, and equipping security operations center (SOC) teams with the tools necessary to stop machine-speed threats, Cisco is building security into the foundation of the emerging agent-based AI economy.

“AI agents don’t just speed up work, they form a new ‘template’ of collaborators that greatly expand what organizations can achieve,” said Jeetu Patel, president and chief product officer at Cisco. “Projects on hold due to lack of resources are now within reach. The only limit is your imagination, and security teams are the key to taking advantage of this opportunity by making the agent workforce safe enough to trust.”

According to Cisco surveys of large enterprises, although 85% are already testing AI agents, only 5% have incorporated this technology into their production environment. To unlock its potential, Cisco is focusing on three key pillars to strengthen agent security: Protect the world of agents, so they can only act as intended; protect the agents of the world, so that they cannot be manipulated or corrupted; and detect and respond to AI incidents at the speed and scale of machines.

Protect the world from agents

Like new employees, AI agents need an onboarding process to establish their identity, understand their role, and assign them to a responsible human manager. However, most companies are unaware of which agents are in place, much less who is responsible if something goes wrong. Existing SSE tools were not designed to apply time-limited access to agent workload identities, nor can they understand the context behind agent requests.

According to the recently released Cisco Talos Year in Review 2025 report, attackers have focused on a subset of components that directly authenticate users, enforce access decisions, or manage trust between systems. With the rise of automated workloads and agents, adversaries’ interest in identity will only accelerate.

To address these challenges, Cisco is extending Zero Trust access to AI agents, making them accountable to a human employee and protecting their actions. The new Duo IAM capabilities integrate with the new MCP policy enforcement and intent-based monitoring of Cisco Secure Access to enforce strict access control, helping organizations gain visibility and control over their agent workforce. These capabilities include:

• Agent identity management: Companies can register agents in Duo IAM and assign them to responsible human owners, ensuring that each agent has a verified identity and facilitating traceability of their actions.

• Agent and tool visibility: Cisco Identity Intelligence detects agent and non-human identities to help organizations understand current AI usage.

• Strict access control: Agents are assigned fine-grained permissions only for the specific tasks they perform or resources they need for a short period of time, and all tool traffic is routed through an MCP gateway to eliminate blind spots.

Protect agents from the outside world

As enterprises rush to deploy AI agents in increasingly complex and distributed environments, Cisco expands AI Defense with powerful new tools that help organizations test, trust, and protect their agents, as well as the interactions between these agents.

Traditional analytics tools cannot simulate the real-world threats that agents face, characterized by longer conversations and access to tools and resources. To empower more organizations to meet this challenge, Cisco is democratizing industry-leading AI Defense capabilities with the launch of Cisco AI Defense: Explorer Edition.

This new self-service solution is based on the same AI Defense core validation engine. After registering, users can begin red teaming tests on AI models and applications that will be deployed in agent workflows, with the goal of detecting vulnerabilities to attacks and assessing the level of risk before deployment. This toolset enables AI developers, application security teams, and security researchers to create and secure AI agents.

At launch, Cisco AI Defense: Explorer Edition includes the following features:

• Dynamic Agent Network Teaming: Perform adversarial testing for the models and applications that drive agent workflows.

• Model and application security testing: Validate resistance to command injection, jailbreaks, and other dangerous attacks that can impact agents.

• Easy Security Reporting: Useful AI security information, exportable for compliance review in agent environments.

• API-First Access: Take advantage of CI/CD integration for GitHub Actions, GitLab, Jenkins, and custom pipelines geared towards agent development.

• Team Collaboration – Allows you to invite teammates and upgrade to AI Defense Enterprise for advanced role-based access control (RBAC) on agent-based projects.

Cisco is also introducing its Agent Runtime software development kit (SDK), which integrates policy enforcement directly into agent workflows at build time. The Agent Runtime SDK supports major frameworks including AWS Bedrock AgentCore, Google Vertex Agent Builder, Azure AI Foundry, LangChain, and many more. Cisco also presents the LLM Security Leaderboard, a comprehensive resource for assessing model risk and vulnerability to adversarial attacks in agent-based environments.

DefenseClaw is a secure agent framework that, by integrating a set of essential open source tools such as Skills Scanner, MCP Scanner, AI BoM and CodeGuard, helps ensure that every skill is analyzed and tested in an isolated environment, every MCP server is verified, and every AI asset is automatically inventoried, allowing developers to deploy secure agents more quickly and with greater confidence. DefenseClaw features will integrate directly with NVIDIA’s OpenShell, expanding the ongoing collaboration to provide robust, automated runtime-level security for agents.

Boosting autonomous SOC

The same AI agents that pose new security challenges may also be the most powerful tool in a defender’s arsenal. Today’s SOC analysts face alert fatigue and fragmented data, spending more time investigating than responding. Splunk, part of Cisco’s security offering, already integrates AI capabilities into key SOC workflows through the use of specialized agents:

Cisco expands Zero Trust access to AI agents, making them accountable to a human employee and protecting their actions

• Exposure Analytics: Now integrated into Splunk Enterprise Security, it provides a continuously updated inventory of all assets and users. Provides real-time risk scoring and agent-supported relationship mapping.

• Detection Studio: A unified workspace that streamlines the entire detection engineering lifecycle—planning, building, testing, deploying, and monitoring—with the help of agents. Automatically maps detection coverage to the MITER ATT&CK framework to accurately identify and close gaps.

• Federated Search: A unified search that enables SOC analysts to discover and correlate data across multiple environments, reducing costs and accelerating investigations with agent support.

• The expansion of agentic SOC: specialized AI agents that go beyond simple data extraction to active evaluation and execution. By automating security workflows, tasks are no longer a bottleneck and become an accelerator thanks to these agents.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.