Cisco took advantage of RSA Conference 2026 to launch a broad offensive around one of the most delicate debates in enterprise Artificial Intelligence: how to secure agents that no longer just answer questions but make decisions, execute tasks, and access corporate systems. The company unveiled new capabilities in identity, access control, security testing for models and agents, a new open source framework, and several innovations in Splunk aimed at automating SOC operations. All of this under one core idea: agentic AI will not truly go into production unless companies solve their trust issues first.
Indeed, Cisco provides a figure that sums up this gap between enthusiasm and actual deployment quite well. According to a recent company survey among large enterprise clients, 85% report experimenting with AI agents, but only 5% have already put them into production. Cisco’s interpretation is clear: the main bottleneck is no longer technical but related to security, governance, and operational control.
From Chatbots to Actionable Agents
The fundamental shift is significant. In the early stages of generative AI, the biggest risk was usually an incorrect response or an awkward hallucination. In the agentic realm, however, the issue is different: errors can lead to wrong actions, inappropriate queries, unauthorized commands, or excessive access to critical resources. Therefore, Cisco proposes that the security of agent work should be managed across three fronts: protecting the world from agents, protecting agents from the world, and enabling security teams with machine-speed detection and response capabilities.
This approach aligns with Cisco’s threat intelligence unit Talos. In its 2025 annual report published on March 23, Talos highlights that attackers continue to focus on identity, authentication, and trust components between systems—precisely a surface that gains importance as non-human workloads and capable agents proliferate. Cisco argues that the expansion of agentic AI will necessitate a review of traditional identity and access models.
Zero Trust Also for Agents
The first major update in this announcement is there. Cisco has decided to extend its Zero Trust Access approach to AI agents through new features in Cisco Identity Intelligence, Duo, and Secure Access. The initiative includes discovery of non-human identities and agents, registration of agents in Duo IAM with a responsible human linked, granular and short-duration access controls, and routing tool traffic through an MCP gateway to reduce blind spots. On paper, the goal is for each agent to have a verifiable identity, a clear owner, and permissions strictly limited to the tasks they are meant to perform.
This is no small feat. Many traditional security tools were designed for human users, not for software capable of chaining autonomous actions. Cisco argues that this gap creates visibility holes and inconsistent policy enforcement. With its new Duo and Secure Access features, Cisco aims to close this gap by bringing IAM and SSE logic into a scenario where “employees” can also be agents.
AI Defense, Pre-Deployment Testing, and a New Model Ranking
The second pillar of the announcement focuses on protecting agents before deployment. Cisco introduced AI Defense: Explorer Edition, a self-service version designed for developers, AppSec teams, and researchers to test models and agents against attacks such as prompt injection, jailbreaks, or unsafe outputs. Cisco claims this free edition reuses the validation engine present in its enterprise version and enables red teaming of models and agents in just minutes.
Alongside, Cisco unveiled an Agent Runtime SDK to embed policies within the workflow of agents during development, supporting frameworks like AWS Bedrock AgentCore, Google Vertex Agent Builder, Azure AI Foundry, and LangChain. Additionally, they announced a new LLM Security Leaderboard, a public resource providing comparative assessments of models’ resilience against adversarial attacks, jailbreaks, and other manipulation techniques. Cisco positions this as a way to add security signals to a market that has so far mainly compared models based on capability benchmarks, not resilience.
DefenseClaw and the Open Source Commitment
Cisco also aimed to send a message to the technical community with DefenseClaw—a new open source framework to deploy agents with enhanced security controls from the outset. The company explains that it integrates tools such as Skills Scanner, MCP Scanner, AI BoM, and CodeGuard to scan skills, verify MCP servers, inventory AI assets, and review risks in generated code. Furthermore, Cisco plans to connect it with NVIDIA OpenShell as a sandbox environment to reduce manual steps and accelerate secure agent deployment. According to Cisco’s official blog, DefenseClaw will be available on GitHub starting March 27, 2026.
Beyond the name, this move carries strategic significance. Cisco aims to position itself not just as a provider of enterprise security solutions but also as a supporter of open tools, especially as development teams rapidly assemble agents that don’t always wait for security measures to be implemented afterward. DefenseClaw reflects an effort to incorporate security into the build process, rather than only during post-deployment auditing.
Splunk and the Agentic SOC
The third aspect of the announcement targets the security operations center (SOC). Cisco leverages its Splunk portfolio to promote a more agentic, less reactive SOC. New features include Exposure Analytics (enabled by default in Splunk Enterprise Security), Detection Studio as a unified space for detection engineering, Federated Search to unify data correlation across multiple environments, and specialized agents for tasks such as triage, detection building, procedure generation, guided response, automation, and malware analysis.
Not all features will become generally available simultaneously. Cisco indicated that Detection Studio and the Malware Threat Reversing Agent are already generally accessible. Exposure Analytics, SOP Agent, and Federated Search are expected between April and May; Automation Builder and Triage Agents by June; and Detection Builder along with Guided Response Agents will enter pre-release testing also in June 2026. This timeline shows that part of the announcement is already operational, while other parts are still closer to a roadmap or prototype stage.
Overall, Cisco seeks a bold position within the enterprise AI security market. It’s not only about model protection but links together identity, access, red teaming, agent validation, secure deployment, and SOC automation within one comprehensive narrative. It remains to be seen how much of this vision translates into real adoption versus demonstration, but the underlying message is clear: if agents are to become a new digital workforce, security must shift from blocking to enabling.
Frequently Asked Questions
What exactly did Cisco announce at RSA Conference 2026?
Cisco presented new security features for agentic AI across multiple layers: identity and access with Duo, agent visibility with Identity Intelligence, access control in Secure Access, testing tools with AI Defense: Explorer Edition, the open source DefenseClaw framework, and new agent-centric capabilities in Splunk for the SOC.
What does it mean for Cisco to bring Zero Trust to AI agents?
It means treating agents as identities with restricted permissions, assigned human owners, visibility in the corporate inventory, and controlled access to tools and resources based on task, context, and time.
What is AI Defense: Explorer Edition?
It’s a self-service edition of Cisco AI Defense aimed at developers, AppSec teams, and researchers to perform red teaming of models and agentic applications, verifying their robustness against attacks before deployment.
What is DefenseClaw and when will it be available?
DefenseClaw is a new open source Cisco framework for deploying secure agents. Cisco states it will be available on GitHub from March 27, 2026, and plans to integrate it with NVIDIA OpenShell.