Cisco introduced DefenseClaw — an orchestration and blocking layer for securing AI agents

Cisco Introduces DefenseClaw — An Orchestration and Blocking Layer for Secure AI Agents

Cisco introduced DefenseClaw — an open-source management layer for agentic AI, designed to close the main barrier to enterprise adoption: the lack of clear control over what an agent does in production. According to the company, 85% of large clients are already experimenting with AI agents, but only 5% have moved them to production.

Why Pilots Are Stalling

At RSA Conference 2026, Cisco explained the gap between pilots and production quite pragmatically: companies already have models, frameworks, and sandboxes, but lack a unified operational layer that sees agent actions, verifies its tools, and can quickly stop dangerous behavior. In other words, business is not afraid of the LLM itself, but of autonomous actions: access to email, Jira, file systems, and other internal services, where an agent error quickly becomes a real incident. DefenseClaw is positioned as a wrapper on top of OpenShell and other open agentic stacks.

Cisco calls it a way to "keep claw under control" and promises to go "from zero to managed claw in less than five minutes." The product does not replace the agent framework but adds a layer of policy, observability, and enforced control on top of it. Cisco opened the project on GitHub on March 27, 2026, and bet on an open-source distribution model.

Three Levels of Control

The basic idea of DefenseClaw is not to trust the agent at the installation stage, during operation, or after changing its skills. Cisco builds protection at several points so that developers and security don't argue over who should catch the risk: the system tries to close the entrance, monitor execution, and instantly suppress dangerous actions if the agent starts misbehaving.

• Pre-launch verification. Before installation, skills, plugins, tools, and code generated by the agent itself are scanned. The chain includes Skill Scanner, MCP Scanner, A2A Scanner, CodeGuard, and an AI bill of materials generator.
• Runtime observation. The system monitors messages entering and leaving the agent to catch data leaks, prompt injection, and other dangerous scenarios during execution.
• Hard policy enforcement. If a skill or MCP server ends up on the blocklist, DefenseClaw doesn't just send a warning but removes rights in the sandbox, quarantines files, and cuts network access without a restart.
• Telemetry from day one. All decisions, tool calls, and policy events immediately go to Splunk as structured events so the team sees the full history of agent actions.

"These are not recommendations, but walls," is how Cisco describes the automatic blocking of dangerous operations.

Cisco also shows a practical scenario: the skill installation team first goes through scanning, verification against allow/block lists, and manifest generation, and only then does the agent receive the new tool. For a corporate environment, this is an important shift. The agent stops being a "smart script with access" and becomes a managed object with an action log, admission policy, and an instant kill switch if the next skill starts leaking data or executing suspicious commands.

Betting on a Platform

DefenseClaw is not a one-off release but part of Cisco's broader lineup for agent security. The company simultaneously updated Secure Access to more strictly verify agent identity and apply zero trust to each new workflow. In parallel, AI Defense: Explorer Edition was released — a tool for multi-step adversarial testing of models and applications designed to find vulnerabilities to prompt injection, jailbreak, and unsafe responses before production release.

Another element is the Agent Runtime SDK, which embeds policy enforcement directly in code during development. In other words, Cisco is trying to cover the entire loop: testing before release, runtime control, and observability after launch. At the same time, the market is already crowded: Palo Alto Networks, Zscaler, JFrog, GitLab, Dynatrace, Datadog, and AI vendors like OpenAI, Google, and Anthropic are competing for the same budgets.

Cisco's bet is that its strong position in enterprise networks and security can give the company an advantage in this market.

What This Means

The AI agents market has hit a wall not in model quality but in trust in their actions. If Cisco can turn DefenseClaw from a nice idea into a truly working layer of policy and observability, companies will have a chance to move agent pilots to production faster without giving agents blind access.