Earlier this year during Cisco Live Amsterdam, we announced the biggest update to Cisco AI Defense since its initial launch. While the update included a wealth of new capabilities, the underlying theme was singular: security for AI agents. 

In the months since, we’ve seen our customers adopt agents at an unimaginable speed for a variety of use cases: personal assistants, engineering copilots, customer support, employee onboarding, AI supply chain optimization, and much, much more. While AI Defense could help businesses develop and deploy these agents securely, it was abundantly clear that no two agents were alike—and that our security approach had to reflect that uniqueness. 

Today, we’re sharing the newest update to Cisco AI Defense—and we’re getting personal with agent security. From the architecture of our solution to our algorithmic testing and runtime protections, this next iteration of AI Defense is deeply customizable and context aware. Whether your agents are streamlining internal operations, delivering personalized care to patients, or providing critical banking services to clients, their behaviors and risks are unique. Now, with AI Defense, your security will be too. 

Let’s take a deeper look at what’s new with AI Defense. 

Simulate and protect against adaptive AI risks 

From the day we launched AI Defense, we’ve offered algorithmic red team testing and runtime guardrails for the broad spectrum of threats facing AI systems. The reality remains that agents are susceptible to unique risks across different industries, applications, and deployment scenarios. 

Today, AI Defense is bringing personalized, context-aware security tailored to every agent with adaptive red teaming and guardrails. 

Adaptive red teaming allows a user to provide custom objectives for vulnerability testing their agents. AI Defense will interpret these objectives, evaluate the target system, ideate, plan, and execute a sophisticated multi-stage attack. Results are analyzed to determine the attack’s feasibility and potential impact. 

The same customizability carries over into adaptive guardrails, which a user can build in the all-new Policy Studio. Simply describe the threat you want to protect against in natural language and upload any organizational policy documents that might be relevant. The Policy Studio agent will ask follow-up questions to refine your policy and ensure precise protection. 

Let’s look at a quick example: you’re a financial institution using agentic AI to help customers with money and asset management. For compliance reasons, you’re worried about your agent providing prescriptive investment advice like stock recommendations. 

First, you leverage adaptive red teaming in AI Defense to see if this is a realistic concern. Indeed, in a simple two-turn interaction, our simulation successfully elicits stock trading advice. You move to Policy Studio and say, “Create a policy to prevent prescriptive financial advice like stock trading tips.” In turn, it asks you to consider several related scenarios: hypotheticals, market data analysis, definitions of financial products, general financial guidance, and more. By defining these boundaries, you create a precise, highly effective guardrail to prevent your agent from risky prescriptive advice while maintaining its usefulness as a customer assistant. 

Secure agentic supply chains seamlessly in development 

The personalization of an AI agent is driven largely by its the key components that constitute its harness—the model, tools, skills, file system, memory and other resources it has access to. An agent with a broad arsenal of capabilities, access to internal data, and sweeping permissions can be incredibly useful—and equally dangerous. As AI supply chains become increasingly complex, businesses need to balance utility with security. 

The latest update to AI Defense makes it easier than ever to strike this balance without impeding the speed of innovation. Agents and their full dependency graphs are now automatically discovered across customer codebases, cloud agent platforms, and container images. Every asset is cataloged in a central AI inventory and scanned for systemic vulnerabilities. Developers can trigger these scans directly from their CI/CD pipelines via the AI Defense CLI or SDK. By validating the security of every agentic building block including models, MCP servers, tools, and skills, AI Defense helps ensure your agents are secure by design. 

A single compromised component can undermine the security of an entire agentic system. Consider a healthcare organization deploying an agent to assist with patient triage. AI Defense discovers that the agent depends on an MCP server with access to patient records and a third-party skill for symptom analysis. A scan reveals that the skill requests broader permissions than necessary, creating a potential data exposure risk. Each of these assets is centrally visible in the AI Defense inventory, and the skill vulnerability is highlighted for security review. This information equips your team to understand potential blast radius and remediate issues before the agent goes live. 

Make AI Defense a part of any agent platform 

When it comes to deploying AI Defense, we recognize that every customer’s requirements are unique. Cloud environments, security tools, compute infrastructure, data sovereignty—every platform is deeply personal. 

Now, AI Defense leads the industry with a truly platform-agnostic approach, protecting agents across any platform, cloud, or model provider. But infrastructure is only half the battle; developers today build agents on frameworks like Amazon Bedrock AgentCore, Google Agent Development Kit, and LangChain. Each of these platforms has its own tool-calling conventions, orchestration patterns, and trust boundaries to navigate. 

AI Defense integrates natively with these agent ecosystems and all three major cloud providers. AI Defense also provides support for NVIDIA accelerated computing in the cloud or for on-premises deployments as an integral component of the Cisco Secure AI Factory with NVIDIA. This includes AI Defense integration with NVIDIA NeMo guardrails and NVIDIA AI Enterprise software, as well as with the open source NVIDIA OpenShell agent harness. 

Together, we’re bringing consistent and robust security wherever your agents are built and run. 

A comprehensive, deeply personal approach to agent security 

Agents are one of the defining transformative technologies of our time. With unprecedented capability and autonomy, agents promise both tremendous potential value and risk—the security measures we put in place will ultimately dictate which way this goes. 

At the end of the day, agent security has many facets: network and infrastructure security, identity management, supply chain validation, red team testing, runtime guardrails, and more. Disparate solutions aren’t sufficient—agents demand a comprehensive, deeply integrated security approach that’s purpose-built for their new risk landscape. 

Cisco is combining decades of leadership in networking and security with deep AI expertise to deliver comprehensive agent security in a way only Cisco can. With this latest update to AI Defense, organizations can secure agents across their platforms, applications, and unique operational requirements. 

Over the next few weeks, we’ll be sharing deep dives into these capabilities right here on our Cisco AI blog. If you’re joining us at Cisco Live Las Vegas, come visit the AI Defense booth to experience truly personal agent security for yourself. 

Some products or features described may be in various stages of development and offered on a when-and-if available basis.