Cisco’s DefenseClaw Boosts Agentic AI Safety
▼ Summary
– Cisco has introduced DefenseClaw, a security tool designed to provide oversight and governance for agentic AI systems.
– The tool automatically scans code, detects runtime threats, and can block specific agent operations to prevent unauthorized actions.
– Cisco is entering a competitive market, as numerous other security and tech firms are also developing solutions for agentic AI oversight.
– The company links DefenseClaw to its Splunk platform for monitoring and plans additional tools for automated security response and model testing.
– A Cisco survey indicates only 5% of enterprise agentic AI projects have moved from testing to production, highlighting a governance gap.
The rapid adoption of agentic artificial intelligence for automating complex tasks has introduced significant new security challenges. In response, Cisco Systems has launched DefenseClaw, an operational security layer designed to provide the critical oversight these autonomous systems require. Announced at the RSA Conference, the tool aims to address the stark reality that, according to Cisco’s research, only about 5% of enterprise agentic AI projects have progressed from testing to full production, largely due to security concerns.
DefenseClaw functions as a governance platform for environments built on frameworks like the popular OpenClaw or Nvidia’s NemoClaw. DJ Sampath, Cisco’s head of AI software, described it as the missing component to “keep a claw governed,” enabling secure deployment in minutes. The open-source tool will be available on GitHub starting March 27.
The system operates through a three-pronged security approach. First, it performs comprehensive code scanning on every skill, tool, and plugin before they enter the agent environment, including code generated by the agents themselves. Second, it monitors all incoming and outgoing messages at runtime to detect threats. Third, and most critically, it can automatically block specific agent skills, such as access to an email server, enforcing these restrictions as immutable security walls rather than suggestions.
Integration is a key feature. DefenseClaw plugs into various tools, including Nvidia’s OpenShell sandbox and Cisco’s own scanning utilities. Cisco leverages its Splunk analytics platform as the centralized monitoring system, ensuring every agent’s activity is logged as structured events from the moment it goes online. The company is also enhancing Splunk with new extensions, like a forthcoming Guided Response Agent, to help security teams rapidly investigate and respond to threats.
DefenseClaw is part of a broader agentic security toolkit Cisco unveiled. This includes strengthening Cisco Secure Access to enforce agent identity verification and apply zero-trust principles. The company is also moving beyond static analysis with Cisco AI Defense: Explorer Edition, which conducts adversarial testing on AI models to evaluate their resistance to prompt injection and jailbreaks. An agent runtime SDK promises to embed policy enforcement directly into the development process.
However, Cisco enters a highly competitive market. Traditional cybersecurity firms like Palo Alto Networks, DevOps specialists like GitLab, and observability leaders like Datadog all offer overlapping capabilities for securing autonomous agents. Furthermore, AI giants like Anthropic, OpenAI, and Google provide their own code-scanning and safety tools. Cisco’s potential advantage may lie in its dominant position in enterprise networking, though it remains unclear whether organizations will manage agentic AI through dedicated security teams or mandate stricter developer controls from the start. Some enterprises may opt for the simplest solution, prohibiting the use of such agentic frameworks entirely until the security landscape matures.
(Source: ZDNet)
