“We're living in one of the most exciting and simultaneously the most disorienting times in human history,” said Cisco’s Jeetu Patel at RSAC 2026 in San Franciso this week.

Given the lightning-fast changes driven by agentic AI, he wasn’t exaggerating.

Building trust into agentic AI is critical to lessening that disorientation — and unleashing the vast promise of AI.

“The ability to delegate a task in a trusted form, versus just delegating a task, not being trusted, is going to be the difference between being a market leader versus being bankrupt,” said Patel, who is Cisco’s president and chief product officer.

Cisco is taking on the challenge of ensuring that they are secure and trusted, especially as we approach a time when organizations will deploy thousands of agents, all acting independently.

At RSA, the company announced essential solutions like extended Zero Trust Access for agents; DefenseClaw, an open-source secure agent framework; and AI Defense: Explorer Edition, which democratizes AI safety and security for builders. New innovations from Splunk, a Cisco company, include Exposure Analytics, Detection Studio, Federated Search, and agentic security operations center (SOC) expansions.

Because as Patel stressed, “We need to fundamentally reimagine security for the agentic workforce.”

From a Cisco perspective that centers on three key strategies: protecting agents from the world; protecting the world from agents; and responding to threats at machine speed and scale.

DefenseClaw: Protecting agents from the world

To protect agents from being compromised, Cisco has implemented a variety of solutions — many open sourced. And since OpenClaw has made it easier and faster to develop and deploy agentic solutions, additional security is ever more imperative.

“We've had a multitude of these tools,” Patel said of open-source offerings from Cisco available free in AI Defense Explorer Edition. “Because what's really important is making sure that we work together as a community and provide tools and knowledge to each other. And so, we have this open-source community where all of these different tools — from a Skill Scanner to an AI Bill of Materials, to an MCP Scanner — all of these tools are available on GitHub.”

Any of these will be activated by a new solution, DefenseClaw, a security framework for OpenClaw deployments.

“If you're using OpenClaw and you want to make sure that you're safe and secure, DefenseClaw will help you do that,” Patel added. “This also is completely open sourced.”

DefenseClaw is also designed to work with OpenShell, NVIDIA’s container for OpenClaw deployments.

“Every single time an agent executes with an OpenShell,” Patel continued, “you're going to automatically activate these open-source services so that it can scan the skills and make sure that it's checking for vulnerabilities and scan the MCP servers… because we have to make sure that these agents are delegated work in a trusted manner.”

DJ Sampath, Cisco’s SVP and general manager for AI software and platform, stressed that these solutions cover the full life cycle of AI projects, from pilot to production.

“AI Defense Explorer Edition allows you to try all these fun things,” he said. “And then when you upgrade that to the enterprise version of AI Defense, you seamlessly connect into Cisco Secure Access, into how you are pushing out these guardrails, how you do MCP scanning, all of that. That is the entire continuum of the lifecycle of understanding what AI attacks exist.”

Protecting the world from rogue agents: Zero Trust

In a seminar titled From Chatbots to Change Agents: Securing Agentic AI, Cisco’s Matt Caulfield, VP of product management for identity, and Kevin Kennedy VP of product and solutions for security, laid out some of the key challenges — and solutions — around identity and access in vastly complicated agentic AI environments. One in which thousands of agents roam freely through internal data and SAAS applications — all with the agency to act independently.

“When it comes to giving tools to agentic AI,” Caulfield warned, “we are now opening up our organizations to a whole new level of security risk.”

So how do organizations protect against their own agents being compromised or from outside agents set loose by bad actors?

Caulfield summed up three key steps.

“Knowing your risk is first,” he said. “If you don't have an agent-discovery tool, if you're not looking for agents in your environment, that's step number one. Second step is then controlling that access. So having a consistent place to do enforcement, investing in an AI gateway that can sit in between the agents and the resources, and supplying it with policy about what those agents are allowed to do and a life cycle for what they should do, and then prioritizing which tools you want to onboard. And then third, and most importantly, is agent governance and life cycle.”

Or as Kennedy summarized, “The key is know your agents, authorize every action, what they are allowed to do, what they are not allowed to do, and then adapt to risk because even actions that are allowed by policy are not necessarily safe.”

From a customer perspective, Jeremy Nelson, Insight’s CISO for North America, weighed in on the importance of securing access, not just for humans, but for agents — along with his excitement around Cisco’s extended Zero Trust solution.

"Organizations are eager to embrace AI,” he said, “but they need to do so without creating security coverage gaps. Cisco’s Zero Trust Access for AI Agents gives visibility into agentic identities and restricts access to exactly what’s needed. We're excited to bring these capabilities to customers to secure their data while scaling their AI initiatives."

Securing the SOC at machine speed and scale

Of course, agents don’t sleep and work faster and on a vastly larger scale than humans. So, when they fall into the wrong (human) hands they can be a formidable threat.

The answer is defensive measures that never sleep, operate at massive scale, and act independently.

John Morgan, SVP and general manager of Splunk Security, and Fred Frey, Splunk’s director of software engineering, discussed how agentic AI is becoming a critical tool in the SOC.

“The industry has been modernizing the security operations center for many years,” Morgan said, “but it's still the case that threats are overwhelming our analysts. Now we have an obligation to stop analyst burnouts and stop threats from entering into our SOC. And we're going to think about doing this with AI and with agents. This is what we call the Agentic SOC.”

Frey emphasized that getting the Agentic SOC right is imperative, and he outlined key elements.

“Agents out of the box is not what we need,” Frey said. “We need agents to understand our business practices, our data, our query structure, the way we investigate alerts today. Agents can consume, retain, and recall massive amounts of data, and it's critical for them to surface them at just the right time. This builds trust; as it's learning our systems and our processes, we're building trust.”

Morgan believes that agentic systems, while not without risk, can be a game changer in empowering security teams — to enable an agentic future that’s secure, trusted, and driving all-new efficiencies and innovations.

“With the right trust and governance model,” he concluded, “agentic systems can be powerful allies with us. An Agentic SOC provides certainty in a world that's full of non-predictability at this point. With threats running at machine speed, humans are going to need help. We need agents in our SOC, but this is not about replacing people. This is about empowerment. Empowering people to not just respond, but to predict and be proactive.”