Cisco Launches DefenseClaw at RSA 2026: An Open-Source Security Scanner for AI Agents Built on NVIDIA's OpenShell

Cisco announced DefenseClaw at RSA Conference 2026 on March 23, an open-source security framework designed to scan AI agents for vulnerabilities, enforce MCP server access controls, and quarantine compromised agent skills. The tool builds on NVIDIA’s OpenShell sandbox released at GTC the previous week and is scheduled for GitHub availability on March 27.

The product name is a direct nod to OpenClaw’s ecosystem. DJ Sampath, Cisco’s SVP of AI and software platform, wrote in the announcement blog post that he runs OpenClaw at home on a DGX Spark, uses it to manage his family’s schedules, and has connected it to his email, calendar, and Discord through MCP servers and Zapier. “OpenClaw hasn’t just changed my personal productivity. It has fundamentally altered how we operate as a family unit,” Sampath wrote. “And that’s exactly why I’m terrified about how exposed it could be.”

What DefenseClaw Does

DefenseClaw installs in about five minutes, according to SiliconANGLE, and performs three core functions:

Vulnerability scanning. The tool searches across the MCP tools, plugins, and other resources an AI agent uses to perform tasks. It tracks how those resources change over time so newly introduced vulnerabilities don’t go undetected. If workers use an AI agent to develop software, DefenseClaw can scan its output for malicious code.

Permission enforcement. Administrators can block specific MCP servers with rules applied in two seconds without restarting affected agents. “When you block a skill, its sandbox permissions are revoked, its files are quarantined, and the agent gets an error if it tries to invoke it,” Sampath wrote. “When you block an MCP server, the endpoint is removed from the sandbox network allow-list and OpenShell denies all connections.”

Telemetry pipeline. DefenseClaw sends security risk data to Splunk through a prepackaged connector, feeding directly into Cisco’s SOC automation stack.

The Security Context

Sampath’s blog post laid out the threat landscape that motivated the project. He cited the wave of OpenClaw security incidents from early 2026: CVE-2026-25253, a critical remote code execution vulnerability where visiting a single malicious webpage could hijack an agent; 135,000+ exposed OpenClaw instances found on the public internet; and the ClawHavoc supply chain attack that planted over 800 malicious skills in ClawHub, roughly 20% of the entire registry at the time.

Broader RSA Announcements

DefenseClaw was part of a larger Cisco security package announced at RSA. The company also rolled out Zero Trust Access for AI agents through Duo IAM, which lets organizations register agents, map them to human owners, and assign fine-grained, time-bound permissions. All agent tool traffic routes through an MCP gateway. Cisco’s own survey of enterprise customers found that 85% were experimenting with AI agents but only 5% had moved them to production.

Alongside DefenseClaw, Cisco released two additional free tools: an LLM Security Leaderboard ranking models by their resistance to malicious prompts, and AI Defense: Explorer Edition, a free vulnerability scanner for AI workloads.

What to Watch

The March 27 GitHub release will be the real test. The open-source agent security space is getting crowded fast: NVIDIA released NemoClaw and OpenShell at GTC on March 17, and Surf AI raised $57M for agentic security operations. DefenseClaw’s adoption will depend on whether the five-minute install claim holds up and whether the Splunk telemetry pipeline gives SOC teams enough signal to justify adding another tool to the stack.