Cisco released a major update to its AI Defense platform on Monday, shifting from one-size-fits-all guardrails to per-agent security profiles that adapt to each agent’s specific risk surface. The update includes adaptive red teaming, a natural-language Policy Studio, automatic agent supply chain discovery, and native integrations with Amazon Bedrock AgentCore, Google Agent Development Kit, and LangChain.
The announcement follows Cisco’s earlier AI Defense update at Cisco Live Amsterdam in Q1 2026, and reflects a pattern the company says it observed across its customer base: agents deployed for different use cases have fundamentally different risk profiles, and static security policies cannot account for that variation.
Adaptive Red Teaming and Policy Studio
The headline feature is adaptive red teaming, which lets security teams define custom attack objectives for specific agents. AI Defense then interprets those objectives, evaluates the target system, and executes multi-stage attacks to test whether the agent can be manipulated into unwanted behavior, according to Cisco’s blog post.
Cisco illustrated the capability with a financial services example: a bank deploys an agent for customer asset management and wants to verify it cannot be coaxed into giving prescriptive stock trading advice. Adaptive red teaming successfully elicited stock recommendations in a two-turn interaction, confirming the risk.
The companion feature is Policy Studio, where security teams describe the threat they want to block in plain English and upload relevant organizational policy documents. The Policy Studio agent asks follow-up questions to refine the guardrail boundaries. In the financial example, it prompted the team to consider edge cases: hypothetical scenarios, market data analysis, general financial guidance, and definitions of financial products.
Agent Supply Chain Scanning
The update also introduces automatic discovery of agents and their full dependency graphs across customer codebases, cloud agent platforms, and container images. Every component, including models, MCP servers, tools, and skills, is cataloged in a central AI inventory and scanned for systemic vulnerabilities. Developers can trigger scans from CI/CD pipelines via the AI Defense CLI or SDK, per the Cisco blog.
Cisco framed this through a healthcare scenario: an agent used for patient triage depends on an MCP server with access to patient records and a third-party skill for symptom analysis. AI Defense discovers that the skill requests broader permissions than necessary, flagging the data exposure risk before the agent reaches production.
The open-source DefenseClaw framework, available on GitHub, provides the governance layer for scanning skills, MCP servers, plugins, and code with admission control that blocks unsafe capabilities based on policy.
Platform-Agnostic Integration
AI Defense now integrates natively with the three major agent development frameworks (Amazon Bedrock AgentCore, Google ADK, LangChain) and all three major cloud providers. It also supports NVIDIA accelerated computing for on-premises deployments as part of the Cisco Secure AI Factory with NVIDIA, including integration with NVIDIA NeMo guardrails and the open-source NVIDIA OpenShell agent harness.
The breadth of integration reflects an emerging reality in enterprise agent deployments: most organizations run agents on multiple frameworks and clouds simultaneously. A security solution that only covers one platform creates gaps that attackers can target through the weakest link.
For agent builders operating at enterprise scale, the update establishes a new baseline expectation: security profiles tailored to individual agents, not classes of agents. Whether that expectation becomes an industry standard depends on whether Cisco’s competitors, including Palo Alto Networks (which recently acquired Portkey for its own AI security gateway), follow with similar per-agent approaches.