Cisco AI Defense — Open-Source Agent Security Toolkit Launch
AI relevance: Cisco has open-sourced a comprehensive suite of AI agent security tools — including scanners for MCP servers, agent skills, agent-to-agent communication, and model supply chains — giving defenders practical tooling to audit and harden agentic AI deployments against the OWASP Top 10 for Agentic Applications.
- Cisco's AI Defense team published a suite of open-source security tools on GitHub under the cisco-ai-defense organization, licensed under Apache 2.0
- DefenseClaw provides enterprise governance for AI agents — scanning, enforcing, and auditing every skill, MCP server, and plugin before execution, with specific integration support for OpenClaw and NVIDIA OpenShell
- MCP Scanner performs behavioral code threat analysis on Model Context Protocol servers to identify injection vulnerabilities, unsafe tool configurations, and credential exposure risks
- Skill Scanner detects malicious behaviors, hidden instructions, and vulnerable patterns in agent skills and capabilities — addressing the agent supply-chain risk vector highlighted in the BadSkill research and OWASP ASI04
- A2A Scanner inspects Agent-to-Agent communication patterns for security issues, backed by a companion arXiv paper on A2A security threats
- AI BOM generates an AI Bill of Materials through automated source code scanning and dependency analysis, supporting supply-chain transparency for AI pipelines
- Pickle Fuzzer provides structure-aware test case generation for Python pickle parsers — a critical tool for model supply-chain security given the known pickle deserialization attack surface
- Adversarial Hubness Detector audits vector indices and embeddings to detect adversarial hubs in RAG and vector database systems, with a published paper
- SecureBERT 2 is a domain-adapted language model for cybersecurity intelligence, supporting semantic search, NER, code vulnerability detection, and threat analysis
- The toolkit is guided by Cisco's Integrated AI Security and Safety Framework (arXiv:2512.12921), which provides a unified taxonomy mapping AI threats across modalities, agents, pipelines, and the broader ecosystem
- An IDE extension (VS Code) provides scanning for MCP servers, agent skills, and secure AI code generation via CodeGuard — enabling developer-left-shift security workflows
Why It Matters
The agentic AI security tooling gap has been widely discussed — researchers publish novel attacks, OWASP defines risk categories, but practitioners lack practical scanning tools. Cisco's open-source toolkit bridges that gap by providing ready-to-run scanners for the most pressing AI security domains: MCP server analysis, skill supply-chain vetting, inter-agent communication auditing, and model artifact integrity checking. The integration with OpenClaw (DefenseClaw) and NVIDIA OpenShell is particularly notable given the rapid adoption of personal AI agents and the exposure events of early 2026. The fact that this is open-source (Apache 2.0) means security teams can integrate these scanners into CI/CD pipelines without vendor lock-in.
What To Do
- Run MCP Scanner against your MCP servers — especially any third-party or community-contributed servers before adding them to your agent's tool chain
- Scan agent skills with Skill Scanner before deploying or sharing — detect hidden instructions, policy bypasses, and exfiltration patterns
- Generate an AI BOM for your AI applications — understand the full dependency surface including models, frameworks, MCP servers, and skills
- Integrate scanners into CI/CD — use the pre-commit hooks (available for Skill Scanner) to catch issues before they reach production
- Review the Integrated AI Security Framework (arXiv:2512.12921) to map your existing controls against the full AI threat taxonomy
- If you use OpenClaw — evaluate DefenseClaw for centralized governance of skills, MCP servers, and plugin configurations
Sources: