Cisco Open-Sources DefenseClaw: Security Governance for AI Agent Deployments
Cisco has released DefenseClaw on GitHub today (March 27), an open-source security governance framework for AI agent deployments. Announced at RSAC 2026, DefenseClaw automates security scanning and inventory management for agentic AI systems.
The framework integrates four core security tools: Skills Scanner (pre-installation scanning of every skill, tool, and plugin), MCP Scanner (verification of all MCP servers), AI BoM (automatic inventory of AI assets), and CodeGuard (runtime message inspection). When a malicious skill is detected, DefenseClaw revokes sandbox permissions, quarantines files, and blocks further invocation.
DefenseClaw was built in direct response to recent supply chain attacks targeting agent ecosystems β including the LiteLLM compromise that affected 95M downloads. The framework ensures every skill is scanned before installation, every MCP server is verified, and every AI asset is inventoried automatically.
The project is available at https://github.com/cisco-ai-defense/defenseclaw with plans to integrate NVIDIA OpenShell as the sandbox runtime.
As the first open-source, end-to-end security framework from a major networking company specifically targeting AI agent deployments, DefenseClaw fills a critical gap between the rapid adoption of coding agents and enterprise security requirements.
← Back to all articles
The framework integrates four core security tools: Skills Scanner (pre-installation scanning of every skill, tool, and plugin), MCP Scanner (verification of all MCP servers), AI BoM (automatic inventory of AI assets), and CodeGuard (runtime message inspection). When a malicious skill is detected, DefenseClaw revokes sandbox permissions, quarantines files, and blocks further invocation.
DefenseClaw was built in direct response to recent supply chain attacks targeting agent ecosystems β including the LiteLLM compromise that affected 95M downloads. The framework ensures every skill is scanned before installation, every MCP server is verified, and every AI asset is inventoried automatically.
The project is available at https://github.com/cisco-ai-defense/defenseclaw with plans to integrate NVIDIA OpenShell as the sandbox runtime.
As the first open-source, end-to-end security framework from a major networking company specifically targeting AI agent deployments, DefenseClaw fills a critical gap between the rapid adoption of coding agents and enterprise security requirements.
Comments