At RSA Conference 2026 in San Francisco, Cisco announced a sweeping set of security capabilities designed to meet the rapid rise of AI agents in enterprise operations.
“AI agents aren’t just making existing work faster; they’re a new workforce of co-workers that dramatically expand what organizations can accomplish,”
said Jeetu Patel, President and Chief Product Officer at Cisco.
The headline announcements include the extension of Zero Trust Access to AI agents through Cisco Identity Intelligence, a new self-service security testing tool called AI Defense: Explorer Edition, an open-source agent security framework named DefenseClaw, and a major expansion of AI-powered threat response capabilities inside Splunk.
Together, these represent one of the most comprehensive attempts yet by a major vendor to build a security foundation purpose-built for agentic AI.
Breaking Down the Announcements
The first and most foundational announcement is the extension of Zero Trust Access to AI agents. Until now, this framework largely applied to human identities. Cisco is expanding it through updates to its Duo identity platform and Secure Access product. Organizations can register agents, assign them to an accountable human owner, and restrict access to only the tools and data required for specific tasks. An MCP gateway (a routing layer for agent-to-tool communications) ensures all agent activity is visible and auditable, eliminating the blind spots legacy tools often create.
The second major announcement is AI Defense: Explorer Edition, a self-service tool that allows developers and security teams to stress-test AI agents before they reach production. Built on the same validation engine used by Cisco’s Global 2000 customers, it runs multi-turn adversarial simulations that mimic the sustained, manipulative interactions of a bad actor. It tests resilience against prompt injection, jailbreaks, and unsafe outputs. The tool generates exportable security reports for compliance review and integrates directly into developer pipelines through GitHub Actions, GitLab, Jenkins, and other platforms.
Alongside this, Cisco is releasing an Agent Runtime SDK that embeds security controls directly into agent code during the build process and an LLM Security Leaderboard that scores AI models on resilience to attacks, helping organizations choose which models to trust.
The third key announcement is DefenseClaw, an open-source secure agent framework designed to remove friction between development and security teams. It bundles a suite of scanning and inventory tools including Skills Scanner, MCP Scanner, AI BoM, and CodeGuard, ensuring that every agent skill is scanned, every MCP server verified, and every AI asset cataloged automatically. Cisco plans to integrate DefenseClaw with NVIDIA’s OpenShell sandbox environment, automating security checks that previously required manual steps or separate tool installations.
The fourth pillar is the expansion of AI-powered capabilities inside Splunk, Cisco’s security operations platform. The headline addition is the Agentic SOC, a suite of specialized AI agents including a Detection Builder, Triage Agent, Malware Threat Reversing Agent, and Guided Response Agent. These shift security operations from a manual, reactive model to one in which routine investigation and response tasks run autonomously at machine speed. Supporting these functions are new features such as Exposure Analytics for real-time asset risk scoring, Detection Studio for managing the full detection engineering lifecycle, and Federated Search for correlating data across multiple environments in a single query.
Why This Announcement Matters Now
Cisco’s ambition is grounded in a stark reality the company uncovered in its own research. Eighty-five percent of major enterprise customers are already experimenting with AI agents, but only 5% have moved them into live production.
That gap isn’t about ambition or budget, it’s about trust. Cisco’s message is clear: solve the security problem, and adoption will accelerate.
“Projects shelved for lack of resources are now within reach. The only limit is imagination, and security teams are the key to unlocking this opportunity by making the agentic workforce safe enough to trust,” Patel explained.
Governance has become a recurring theme in conversations about AI agents. Research shows the share of UK organizations actively deploying AI agents has nearly tripled in twelve months, from 22% to 62%. Yet 86% of leaders acknowledge that AI agents introduce security and compliance challenges existing frameworks were not designed to handle, and 85% believe deployment is outpacing traditional oversight methods.
This is the gap Cisco is aiming to close. By providing what amounts to a control plane for the agentic workforce, a centralized way to onboard, govern, monitor, and if necessary halt AI agents, Cisco argues that security should no longer be the barrier keeping agentic AI in pilot mode or hindering its adoption.
The Bigger Picture
Cisco’s announcement at RSA 2026 reflects a broader shift in how enterprise security vendors are positioning themselves. The focus is no longer simply on protecting humans or systems from cyber threats but on governing a new category of actor operating inside the enterprise.
As Patel noted, AI agents represent a new kind of workforce that requires onboarding, oversight, and accountability, just like humans in a zero trust environment.
The announced capabilities range from those already available, such as Detection Studio and the Malware Threat Reversing Agent, to features rolling out between April and June 2026.
For B2B technology leaders assessing their AI strategy, the central question is evolving. It’s no longer merely “What can AI agents do for us?” but “Do we have the infrastructure to govern what they do?” Cisco is betting that security will be the key to unlocking the agentic opportunity at scale and that organizations mastering governance first will move fastest.
