Agent skill scanning/sandboxing, MCP server verification, AI asset inventory.

Cisco Open-Sources DefenseClaw: Security Framework for Scanning AI Agent Vulnerabilities

Cisco open-sourced DefenseClaw on March 23, a security audit framework for AI agents. It scans for prompt injection, tool call privilege escalation, data leakage, and unsafe API interactions. Supports adversarial attack simulation and CI/CD integration for pre-deployment security scanning.

Cisco Open-Sources DefenseClaw: The First Line of Defense for AI Agent Security

On March 24, 2026, Cisco announced DefenseClaw at RSA Conference 2026 — an open-source agent security scanning framework built on NVIDIA OpenShell. DefenseClaw addresses an increasingly urgent problem: how to systematically evaluate and protect the security of AI Agent systems. The project is scheduled for public GitHub release on March 27.

Why Agent-Specific Security Scanning Is Necessary

As AI Agents achieve mass enterprise deployment, traditional application security testing tools can no longer cover agent-specific security risks. Agent systems possess autonomous decision-making capabilities, dynamic tool invocation, and continuous learning characteristics that introduce entirely new attack surfaces. A file-operation-capable agent might be induced through prompt injection to execute malicious operations; an agent connected to multiple MCP Servers might leak sensitive data through insecure server connections.

DefenseClaw is designed to address these novel security challenges by providing an automated security scanning pipeline that systematically detects vulnerabilities and risky configurations in agent systems.

Core Functional Modules

Skill Scanning: Security assessment of all registered agent skills (tools, functions, MCP connections). Checks for excessive permissions, insufficient input validation, and potential sensitive information leakage. The scanning engine combines static analysis with dynamic fuzz testing, automatically generating and executing test cases.

MCP Server Verification: Dedicated security auditing for the MCP ecosystem. Verifies whether MCP Servers implement necessary authentication, adequately validate tool call parameters, and correctly enforce execution sandboxing. Also checks MCP Server dependencies for known vulnerabilities.

AI Asset Inventory: Automatically discovers and catalogs all AI components within an organization: model endpoints, agent instances, MCP Servers, and tool integrations. This solves the pervasive enterprise problem of not knowing how many AI systems are deployed. The inventory cross-references with CVE databases and OWASP risk catalogs, helping security teams prioritize high-risk assets.

Sandbox Testing: Runs agents in controlled sandbox environments simulating various attack scenarios (prompt injection, privilege escalation, data exfiltration), observing behavioral responses. Test results generate detailed security reports with risk level assessments and remediation recommendations.

Technical Architecture

Built on NVIDIA OpenShell, DefenseClaw leverages OpenShell's agent execution environment and security primitives. The plugin-based architecture comprises three core layers:

The **Scanning Engine Layer** provides an extensible rule engine supporting custom scanning rules and detection logic, with built-in detection rule sets covering the OWASP Agentic Top 10.

The **Execution Environment Layer** uses OpenShell-based isolation for safely running agent test cases, supporting Docker and Kubernetes deployment modes.

The **Reporting and Integration Layer** generates standardized security reports in SARIF format, integrating with GitHub Advanced Security, GitLab SAST, Jenkins, and other CI/CD tools for automated continuous agent security detection.

Relationship with Existing Security Tools

DefenseClaw does not replace existing application security tools like Snyk or SonarQube. Instead, it serves as a specialized complement for AI Agent security. Traditional tools handle code-level and network-level security checks, while DefenseClaw handles agent behavior-level and MCP protocol-level security assessments.

Industry Response

AWS and Azure security teams have indicated they will recommend DefenseClaw in their AI security best practices. Anthropic's security team participated in early testing and contributed detection rules. For enterprise security teams deploying AI Agents, DefenseClaw provides an essential pre-deployment systematic security evaluation tool. As OWASP's Agentic Top 10 elevates agent security from optional to mandatory, DefenseClaw provides the practical tooling to implement these standards.

Furthermore, this development signifies a broader transformation in the global technology landscape. As governments and enterprises worldwide continue to increase their investments in AI technologies, the accompanying legal and regulatory frameworks are also evolving rapidly. Regulators face the ongoing challenge of balancing innovation promotion with user protection.

From an industry perspective, these changes are driving increased cross-sector collaboration and integration. The convergence of traditional industries with AI technologies is creating new business models and value chains. Simultaneously, talent development and technology standardization have become critical factors for industry advancement.

Looking ahead, we can anticipate continued rapid development in this field, bringing forth more innovative applications and solutions. Companies must maintain acute market awareness and adjust their strategic directions promptly to adapt to emerging technological trends. User experience enhancement and data security assurance will become core competitive elements.

The implications extend beyond immediate technical considerations to encompass broader socioeconomic impacts. Organizations must prepare for significant shifts in operational paradigms while ensuring sustainable and responsible implementation of these technologies.