Cisco AI Defense launches agent-security tooling suite

AI relevance: Cisco open-sourced a suite of scanners that let teams audit AI agent components — MCP servers, agent skills, A2A protocols, and model provenance — before they reach production, directly addressing the agent supply-chain attack surface.

What happened

• MCP Scanner — scans Model Context Protocol servers for hidden instructions, malicious tool definitions, and behavioral code threats using static analysis of MCP server codebases.
• Skill Scanner — detects malicious behaviors, covert data exfiltration patterns, and vulnerable configurations in agent skills and capabilities (applicable to OpenClaw, Claude, and other skill ecosystems).
• A2A Scanner — inspects Agent-to-Agent communication channels for credential passing, unauthorized tool delegation, and cross-agent injection vectors.
• DefenseClaw — enterprise governance layer for OpenClaw with NVIDIA OpenShell integration; scans, enforces, and audits every skill, MCP server, and plugin before execution.
• AI BOM — generates an AI Bill of Materials by scanning source code and dependencies to inventory every model, dataset, and tool an agent depends on.
• Model Provenance Kit — fingerprints models against known base families using weights, tokenizer, and architecture metadata to detect repackaged or poisoned models.
• IDE AI Security Scanner — VS Code extension that lets developers scan MCP servers and skills directly from their editor with CodeGuard integration.
• All tools are guided by Cisco's Integrated AI Security and Safety Framework (arXiv:2512.12921), which maps threats across modalities, agents, and pipelines.

Why it matters

• Agent supply-chain attacks are the fastest-growing threat to AI deployments — poisoned MCP servers, malicious skills, and repackaged models can silently compromise every agent invocation.
• These are open-source tools, meaning any team can integrate scanning into CI/CD pipelines before agents hit production.
• DefenseClaw targets OpenClaw specifically, making this directly relevant to the agent platform ecosystem.
• The framework maps concrete threat categories (tool poisoning, skill injection, A2A abuse) to detectable signals — a rare practical taxonomy.

What to do

• Run MCP Scanner against any third-party MCP servers your agents connect to.
• Integrate Skill Scanner into your agent plugin/skill review workflow.
• Use AI BOM to inventory every model, dataset, and tool dependency in production agents.
• Scan A2A connections if your architecture uses multi-agent delegation.

Sources

• Cisco AI Defense GitHub Org
• MCP Scanner (GitHub)
• Skill Scanner (GitHub)
• DefenseClaw (GitHub)
• Integrated AI Security and Safety Framework (arXiv)