A year ago, we introduced the world to Cisco AI Defense, the industry’s first truly comprehensive enterprise AI security solution.

In the year since, AI technology has evolved at an unbelievable pace, and the AI security landscape has seen seismic shifts in parallel. Teams were once concerned that their chatbots might produce harmful or sensitive results; today, they must account for those concerns and also contend with the integrity of third-party AI components, AI applications with access to troves of sensitive data, and compromised agents working on an adversary’s behalf.

Our mission has always been to keep our customers protected against a rapidly changing AI risk landscape. Today, we’re raising the bar yet again with the most significant leap forward for Cisco AI Defense since its debut to protect AI applications and agents across three key areas: end-to-end AI supply chain security, advanced algorithmic red teaming, and real-time agentic guardrails.

Let’s take a closer look at some of the latest capabilities we’re delivering with this next leap forward.

Bring end-to-end security to the AI supply chain

The availability of third-party and open-source assets has made AI development more accessible than ever. Developers have no shortage of options; there are over 2 million models and 500,000 datasets on the Hugging Face platform alone.

Ensuring the integrity and security of these externally sourced components is critical when using them for enterprise AI applications. Models, libraries, datasets—and with the introduction of agents, MCP servers, resources, and tools, too—can all contain vulnerabilities that compromise a broader AI system if unchecked.

Cisco AI Defense brings seamless supply chain scanning to the AI development workflow, cataloging assets and surfacing potential risks before they can undermine the foundation of your AI applications.

AI Bill of Materials (BOM) connects to repositories to create a consolidated inventory of AI assets and determine their provenance. MCP Catalog extends this discovery to MCP servers across public and private registries across the organization. These capabilities bring transparency and centralized governance for models, datasets, tools, third-party dependencies, and other critical AI resources.

To verify that these assets are safe to use, AI Defense scans model files, MCP servers, and complete repositories to uncover vulnerabilities, malicious insertions, and other latent risks. Model backdoors, executable code, and compromised tools can turn AI applications and agents from helpful assistants into an adversary’s most powerful tools against your business. With AI Defense, supply chain scanning integrates seamlessly into the AI development workflow.

Experience the next evolution in algorithmic AI red teaming

Whether you’re working with an open-source model or developing your own, it’s important to know how an AI application will perform in real world scenarios before deploying. After all, agents are capable not only of producing harmful content or revealing sensitive data but also taking potentially damaging actions when prompted by a bad actor.

When Cisco AI Defense launched last year, our proprietary algorithmic red teaming technology set the standard for model security assessments. In-depth testing across hundreds of safety and security subcategories would take a human analyst weeks to perform; with AI Validation, we delivered this in minutes.

Today, we’re introducing the next evolution in algorithmic AI red teaming. Our completely redesigned AI Validation enables single and adaptive multi-turn testing for models and agents with even broader multi-lingual support.

This new interface isn’t just easy on the eyes. It provides clear insights and immediate security recommendations based on findings from AI Validation assessments. It also weaves prominent AI security frameworks and standards throughout testing, including those from NIST, MITRE, OWASP, and our all-new Cisco AI Security and Safety Framework as well. This taxonomy provides a clearer understanding of adversary objectives and overall AI risk exposure at an enterprise-wide level.

Protect your AI agents against threats in real time

Agentic AI unlocks new possibilities for businesses, but its access and autonomy must be balanced with robust security measures. After all, an AI chatbot can be manipulated into saying something harmful; an AI agent can be manipulated into doing something harmful.

Cisco AI Defense debuted with runtime guardrails that monitored interactions between a user and AI application to mitigate threats like prompt injection, sensitive data leakage, and toxic content. Coverage has continuously expanded over the last year as our team transforms threat intelligence signals into in-product protections.

Agents aren’t just interfacing with users, however; they’re making calls to tools and additional resources to execute their given tasks. That’s why AI Defense now inspects and protects MCP traffic in real time, bringing comprehensive runtime security to complex interactions between users, agents, and tools.

Moreover, we’re expanding the arsenal of runtime protections available in Cisco AI Defense with purpose-built agentic guardrails. These are designed to address an entirely new class of emerging threats targeting AI agents. For example, our Tool Exploitation guardrail prevents adversaries from hijacking connected tools to steal sensitive data or execute some other harmful outcome.

Get started with Cisco AI Defense

We first introduced AI Defense to directly address fears about AI security and enable bold, fearless innovation. A year later, as agents are reshaping what we believe is possible, our mission remains unchanged.

What we’ve shared in this blog are just some of the ways we’re driving security in this agentic era. There’s even more to get into: availability across four global regions; support for cloud, hybrid, and on-premises deployments with Cisco AI PODs and Cisco Secure AI Factory with NVIDIA; and native integrations with Splunk, ServiceNow, and CI/CD systems, just to name a few examples.

If you’re joining us at Cisco Live in Amsterdam, stop by our booth and see what’s new with AI Defense in person. As always, you can see the latest by scheduling time with an expert from our team too.

Many of the products and features described herein remain in varying stages of development. The delivery timeline of these products and features is subject to change at the sole discretion of Cisco.