Cisco just dropped the most ambitious open-source project for AI agent security to date. DefenseClaw, announced at RSAC 2026 on March 23, is a framework that automates the security lifecycle of AI agents — from skill scanning to runtime sandboxing to automated asset inventory.

And it’s free on GitHub.

The Problem DefenseClaw Solves

Here’s a stat that should concern every CISO: 85% of enterprises are experimenting with AI agents, but only 5% have moved them into production. The gap isn’t capability — it’s trust.

“AI agents aren’t just making existing work faster; they’re a new workforce of co-workers,” said Jeetu Patel, Cisco’s President and Chief Product Officer. “The difference between delegation and trusted delegation is the difference between bankruptcy and market leadership.”

The core issue: traditional security tools were built for human users and static applications. AI agents plan, reason, and act autonomously. They call APIs, execute code, read databases, and interact with other agents — all without a human in the loop for each action. Existing IAM, SSE, and AppSec tooling wasn’t designed for this.

What DefenseClaw Actually Does

DefenseClaw is a reference architecture with five open-source components:

  1. Skills Scanner — Static analysis of agent skills before deployment. Checks for dangerous patterns, excessive permissions, and known vulnerabilities in skill code.

  2. MCP Scanner — Verifies Model Context Protocol servers that agents connect to. Ensures MCP endpoints are authenticated, authorized, and haven’t been tampered with.

  3. AI Bill of Materials (AI BoM) — Automatically inventories every AI asset in the organization: models, agents, skills, MCP connections, and data flows.

  4. A2A Scanner — Audits agent-to-agent communication channels for authentication, authorization, and data leakage risks.

  5. CodeGuard — Static analysis for agent-generated and agent-consumed code, catching vulnerabilities before they reach production.

The framework hooks into NVIDIA’s OpenShell as a sandboxed runtime environment, creating a zero-trust execution layer where agents run with verified identities and enforced boundaries.

Three Pillars of Agentic Security

Cisco organized its entire RSAC announcement around three security pillars:

Pillar 1: Protect the World from Agents

Agents need onboarding like new employees. Cisco’s new Duo IAM capabilities let organizations:

  • Register agents with verified identities mapped to human owners
  • Assign fine-grained, time-bound permissions
  • Route all tool traffic through an MCP gateway for visibility
  • Discover shadow agents via Cisco Identity Intelligence

Pillar 2: Protect Agents from the World

New AI Defense: Explorer Edition provides self-service red teaming for AI agents:

  • Dynamic multi-turn adversarial testing
  • Prompt injection and jailbreak resistance validation
  • Actionable security reporting before deployment

Pillar 3: Detect and Respond at Machine Speed

When you’re managing potentially trillions of agent interactions, human-speed response isn’t enough. Cisco’s integrated Splunk and XDR capabilities automate threat detection and response for agentic workloads.

What This Means for OpenClaw Users

DefenseClaw validates a security model that the OpenClaw community has been building toward: treat agents as first-class identities, not just software. Every agent should have:

  • Verified identity — Who is this agent, and who’s responsible for it?
  • Least-privilege access — What exactly can it do, and for how long?
  • Auditable actions — What did it do, and can we trace it?
  • Runtime guardrails — What stops it from going off-script?

If you’re running OpenClaw agents in production, DefenseClaw’s Skills Scanner and MCP Scanner are worth evaluating. They’re open-source, they integrate with the broader NVIDIA OpenShell ecosystem, and they address the exact trust gap that’s keeping enterprises from deploying agents at scale.

The framework is available on GitHub as of March 27, 2026.

The Bigger Picture

RSAC 2026 made one thing clear: the security industry has fully pivoted to agentic AI as the defining challenge of this era. Cisco, Google, CrowdStrike, Palo Alto Networks, Splunk, and dozens of startups all announced agent-specific security products in the same week.

The fact that Cisco chose to open-source DefenseClaw — rather than lock it behind a commercial license — signals that the industry recognizes agent security needs to be a shared standard, not a competitive moat.

For the OpenClaw ecosystem, this is unambiguously good news. More open standards, more security tooling, and more enterprise buy-in for the model of autonomous, tool-using AI agents that OpenClaw pioneered.