The Threat Is Already Here 

In February 2026, security researchers discovered that the SmartLoader malware operation had cloned a legitimate Model Context Protocol (MCP) server, one that connects artificial intelligence (AI) assistants to Oura Ring health data and submitted a trojanized version to legitimate MCP registries. The attackers spent months creating fake GitHub accounts, manufacturing contributor credibility, and building a network of fraudulent forks. Developers searching for a health data integration would have installed credential-stealing malware with no obvious warning signs. 

This was not proof of concept. It was a live attack that successfully poisoned registries used by real developers. And it represents a class of supply chain risk that grows with every new MCP server, tool integration, and AI agent that enterprises deploy. 

Most enterprise AI agent platforms leave it to individual builders to vet every integration manually. That approach does not scale when the attack surface is expanding faster than any team can review. Today, we are announcing that Cisco AI Defense is built directly into Cisco Agent Builder, making it the first enterprise AI agent platform with native security at every lifecycle stage. From scanning third-party integrations before they reach builders, to inspecting every agent execution in real time, security is now part of the platform itself. 

What Is Cisco Agent Builder? 

Agent Builder is one of the capabilities being announced inside Cisco Cloud Control Studio, the new part of Cisco Cloud Control where enterprises turn their third-party tools, operational knowledge, and workflows into AI agents that can act across their entire environment. It is where three types of work happen: 

• Connecting third-party tools. Enterprise ITSM, monitoring, DNS, identity, and alerting tools connect through native integrations. Once connected, a tool’s data and actions become available to AI agents working across the platform, including inside Cisco AI Canvas in Cloud Control. 
• Building custom AI agents. Agents are built in a guided interface that does not require deep coding skills. Builders describe what the agent should do, attach the tools and knowledge it needs, test it, and publish it through a versioned lifecycle. 
• Encoding operational knowledge as skills. Runbooks, standard operating procedures, compliance standards, and remediation procedures are uploaded and converted into reusable skills that agents can call when the work demands it. 

What is added in Agent Builder does not stay there. Connected tools, custom agents, and operational skills surface across Cisco Cloud Control and its workspace, AI Canvas, where human operators and AI agents investigate and resolve issues together. 

The platform makes it straightforward to build and deploy AI agents. The harder question is: how do you secure them? 

Built In, Not Bolted On 

Agent Builder answers that question by embedding security at every stage of the agent lifecycle through Cisco AI Defense working together as one integrated security layer. 

Before an integration is available: Cisco AI Defense scans every third-party MCP server’s code, it’s configuration like tool definitions, and data flows for vulnerabilities, malicious behavior, and supply chain risks. Integrations that fail scanning are never shown to builders. A trojanized MCP server like the SmartLoader Oura clone would be blocked before any builder ever encounters it. 

Before an agent is fully built: AI Defense automatically scans agent configurations for prompt injection patterns, data leakage risks, and policy violations every time a builder saves a draft. 

Before a skill reaches production: AI Defense Skill Scanner validates skill instructions and uploaded skill markdown for embedded adversarial content and sensitive data exposure. 

During every execution: AI Defense inspects every Large Language Model (LLM) call and every tool invocation in real time. User inputs are checked for threats like prompt injection and jailbreak attempts before they reach the model. Agent responses are checked for data leakage (personally identifiable information, credentials, internal network addresses) before they reach the user. Policy Studio is used to automatically create custom guardrails that block actions and then log the events in the execution trace for full auditability. 

Builders do not configure any of this. It happens automatically for them in Cloud Control. They build agents, get a green checkmark, and deploy. Security runs invisibly at every gate. 

Image: An agent in Cisco Agent Builder secured by AI Defense.

One Company. One Platform. One Security Posture.

This is not a marketplace integration or a partnership announcement. This is Cisco’s own AI security capabilities, protecting Cisco’s own AI agentic platform. AI Defense is built by Cisco AI and embedded directly into Agent Builder.

The signal that sends is straightforward: Cisco trusts these security products enough to put them inside the platform it sells to enterprises. If they are trusted by Cisco, they are ready to deliver that same AI security excellence for your organization.

Compare this to the alternative. Most AI agent builders require enterprises to bolt on third-party scanning tools, configure runtime protection separately, and manage security policies across disconnected systems. When something goes wrong, there are integration gaps and finger-pointing. When the platform and the security come from the same company, there is one team to call and no seams to exploit.

The Agent Era Demands Native Security

The MCP ecosystem is growing rapidly, and threat actors have noticed. Traditional trust signals like GitHub stars, fork counts, and contributor lists can now be systematically fabricated. Manual review does not keep pace.

Cisco Agent Builder, secured by Cisco AI Defense, gives enterprises a platform where every integration is vetted, every configuration is checked, and every execution is inspected, automatically, before anything reaches production.

Learn more about Cisco AI Defense and Agent Builder in Cisco Cloud Control. If you’re joining us at Cisco Live Las Vegas this week, you can visit our respective booths to see these firsthand.

Some products or features described may be in various stages of development and offered on a when-and-if available basis.