Technology
AI Analysis
3 ways Cisco's DefenseClaw aims to make agentic AI safer
AI
AI Legal Analyst
Summary
Innovation Home Innovation Artificial Intelligence 3 ways Cisco's DefenseClaw aims to make agentic AI safer The reason agentic AI has seen slow enterprise adoption is the lack of an orchestration layer to track what agents are doing, the networking giant says. And, so, on Monday, networking and security giant Cisco Systems unveiled DefenseClaw, a play on the name of the open-source OpenClaw agentic AI framework that shot to popularity in January. New research shows how bots talking to bots can go sideways fast DefenseClaw is the "operational layer" for agentic security that has been missing, according to Cisco's head of AI software, DJ Sampath. First, it scans every piece of code before it runs. "Every skill, every tool, every plugin, before it's allowed into your claw environment, and every piece of code generated by the claw gets scanned." That scanning operation is composed of multiple individual tools, such as Cisco's open-source skill-scanner tool.
## Summary
Innovation Home Innovation Artificial Intelligence 3 ways Cisco's DefenseClaw aims to make agentic AI safer The reason agentic AI has seen slow enterprise adoption is the lack of an orchestration layer to track what agents are doing, the networking giant says. And, so, on Monday, networking and security giant Cisco Systems unveiled DefenseClaw, a play on the name of the open-source OpenClaw agentic AI framework that shot to popularity in January. New research shows how bots talking to bots can go sideways fast DefenseClaw is the "operational layer" for agentic security that has been missing, according to Cisco's head of AI software, DJ Sampath. First, it scans every piece of code before it runs. "Every skill, every tool, every plugin, before it's allowed into your claw environment, and every piece of code generated by the claw gets scanned." That scanning operation is composed of multiple individual tools, such as Cisco's open-source skill-scanner tool.
## Article Content
Innovation
Home
Innovation
Artificial Intelligence
3 ways Cisco's DefenseClaw aims to make agentic AI safer
The reason agentic AI has seen slow enterprise adoption is the lack of an orchestration layer to track what agents are doing, the networking giant says.
Written by
Tiernan Ray,
Senior Contributing Writer
Senior Contributing Writer
March 23, 2026 at 12:58 p.m. PT
onurdongel/iStock / Getty Images Plus via Getty Images
Follow ZDNET:
Add us as a preferred source
on Google.
ZDNET's key takeaways
Cisco says DefenseClaw is the oversight that's been missing in agentic AI.
DefenseClaw will automatically block some agentic operations.
Cisco enters a crowded field of security firms offering agentic oversight.
Agentic artificial intelligence, the kind that will automatically watch your email or book your flights, has been an overnight sensation, capturing the imagination but also presenting
massive security risks
.
A natural reaction by enterprise software vendors is to help the "good" agents and block the "bad" agents.
And, so, on Monday, networking and security giant Cisco Systems unveiled DefenseClaw, a play on the name of the open-source
OpenClaw agentic AI framework
that shot to popularity in January.
Also:
AI agents of chaos? New research shows how bots talking to bots can go sideways fast
DefenseClaw is the "operational layer" for agentic security that has been missing, according to Cisco's head of AI software, DJ Sampath. It is a tool for oversight that will "keep a claw governed," he wrote
in a blog post
. "That's zero to governed claw in under five minutes."
DefenseClaw will be
posted on GitHub
starting March 27, said Sampath.
Govern the claws
Announced at the annual RSA security trade show in San Francisco this week, DefenseClaw is meant to address the lack of agentic projects going into production, according to Cisco.
Only 5% of enterprise-agentic AI has moved from testing to production,
according to
a survey
of "major enterprise customers" that Cisco said it recently conducted.
Sampath emphasized that OpenClaw is rapidly becoming every nerd's butler for just about any task. OpenAI has hired
Peter Steinberger
, the creator of OpenClaw, and Nvidia has offered its own version of the agentic framework,
NemoClaw
.
"My wife and I use it to plan our kids' schedules. I built an agent skill that pulls up the school lunch menu every morning as a reminder," he related. His point is that agents via OpenClaw, Nvidia's open-source offering NemoClaw, or other open-source projects are rapidly expanding in an ungoverned, grassroots fashion.
The subtext of Sampath's blog is: Claws are out; better start thinking about them securely.
(In a related development, Meta -- owner of Facebook, Instagram, and WhatsApp -- is acquiring the bot social platform
Moltbook
, which has been a showcase of the good and bad of what can happen when OpenClaw is used to its fullest extent.)
DefenseClaw is designed to plug into and use a variety of tools, according to Sampath.
OpenShell
, the code sandbox software that was unveiled by Nvidia last week at its GTC conference, is important, and so are Cisco's scanning tools, he noted. "But who manages the block lists? Who sees the alerts when something goes wrong at 2 a.m.? That's DefenseClaw."
Also:
Nvidia bets on OpenClaw, but adds a security layer - how NemoClaw works
DefenseClaw does three things, explained Sampath.
First, it scans every piece of code before it runs. "Every skill, every tool, every plugin, before it's allowed into your claw environment, and every piece of code generated by the claw gets scanned." That scanning operation is composed of multiple individual tools, such as Cisco's open-source skill-scanner tool.
Second, the tool detects threats by scanning all messages entering and leaving the agent at runtime.
Third, DefenseClaw will automatically block a "skill," such as an email server account, removing those permissions from the sandbox. The sandbox, in this case, may be Nvidia's OpenShell. Sampath emphasized that the automatic prevention of operations "aren't suggestions; they're walls."
Sampath gave an example of running the tool from the command line to first scan an OpenClaw install operation:
defenseclaw skill install community/jira-triage
With such a request, DefenseClaw would "scan first, check your block/allow lists, generate a manifest, and only then install. Nothing bypasses the admission gate."
Cisco is using its Splunk log analysis tool as the monitoring system of record for all claws, said Sampath. "Every claw is born observable," he wrote, "All stream into Splunk as structured events the moment your claw comes online."
In fact, Cisco announced several additional Splunk extensions intended to make the tool more like an automated security operations center (SOC).
For example, a Guided Response Agent, due in alpha release "soon," said Cisco, will "help SOC teams go from detection hypothesis to production in minutes with accuracy -- allowing teams to quickly import
---
## Expert Analysis
### Merits
- Innovation Home Innovation Artificial Intelligence 3 ways Cisco's DefenseClaw aims to make agentic AI safer The reason agentic AI has seen slow enterprise adoption is the lack of an orchestration layer to track what agents are doing, the networking giant says.
- OpenShell , the code sandbox software that was unveiled by Nvidia last week at its GTC conference, is important, and so are Cisco's scanning tools, he noted. "But who manages the block lists?
### Areas for Consideration
N/A
### Implications
- DefenseClaw will automatically block some agentic operations.
- Agentic artificial intelligence, the kind that will automatically watch your email or book your flights, has been an overnight sensation, capturing the imagination but also presenting massive security risks .
- It is a tool for oversight that will "keep a claw governed," he wrote in a blog post . "That's zero to governed claw in under five minutes." DefenseClaw will be posted on GitHub starting March 27, said Sampath.
- Third, DefenseClaw will automatically block a "skill," such as an email server account, removing those permissions from the sandbox.
### Expert Commentary
This article covers cisco, defenseclaw, agentic topics. Notable strengths include discussion of cisco. Readability: Flesch-Kincaid grade 0.0. Word count: 1351.
Innovation Home Innovation Artificial Intelligence 3 ways Cisco's DefenseClaw aims to make agentic AI safer The reason agentic AI has seen slow enterprise adoption is the lack of an orchestration layer to track what agents are doing, the networking giant says. And, so, on Monday, networking and security giant Cisco Systems unveiled DefenseClaw, a play on the name of the open-source OpenClaw agentic AI framework that shot to popularity in January. New research shows how bots talking to bots can go sideways fast DefenseClaw is the "operational layer" for agentic security that has been missing, according to Cisco's head of AI software, DJ Sampath. First, it scans every piece of code before it runs. "Every skill, every tool, every plugin, before it's allowed into your claw environment, and every piece of code generated by the claw gets scanned." That scanning operation is composed of multiple individual tools, such as Cisco's open-source skill-scanner tool.
## Article Content
Innovation
Home
Innovation
Artificial Intelligence
3 ways Cisco's DefenseClaw aims to make agentic AI safer
The reason agentic AI has seen slow enterprise adoption is the lack of an orchestration layer to track what agents are doing, the networking giant says.
Written by
Tiernan Ray,
Senior Contributing Writer
Senior Contributing Writer
March 23, 2026 at 12:58 p.m. PT
onurdongel/iStock / Getty Images Plus via Getty Images
Follow ZDNET:
Add us as a preferred source
on Google.
ZDNET's key takeaways
Cisco says DefenseClaw is the oversight that's been missing in agentic AI.
DefenseClaw will automatically block some agentic operations.
Cisco enters a crowded field of security firms offering agentic oversight.
Agentic artificial intelligence, the kind that will automatically watch your email or book your flights, has been an overnight sensation, capturing the imagination but also presenting
massive security risks
.
A natural reaction by enterprise software vendors is to help the "good" agents and block the "bad" agents.
And, so, on Monday, networking and security giant Cisco Systems unveiled DefenseClaw, a play on the name of the open-source
OpenClaw agentic AI framework
that shot to popularity in January.
Also:
AI agents of chaos? New research shows how bots talking to bots can go sideways fast
DefenseClaw is the "operational layer" for agentic security that has been missing, according to Cisco's head of AI software, DJ Sampath. It is a tool for oversight that will "keep a claw governed," he wrote
in a blog post
. "That's zero to governed claw in under five minutes."
DefenseClaw will be
posted on GitHub
starting March 27, said Sampath.
Govern the claws
Announced at the annual RSA security trade show in San Francisco this week, DefenseClaw is meant to address the lack of agentic projects going into production, according to Cisco.
Only 5% of enterprise-agentic AI has moved from testing to production,
according to
a survey
of "major enterprise customers" that Cisco said it recently conducted.
Sampath emphasized that OpenClaw is rapidly becoming every nerd's butler for just about any task. OpenAI has hired
Peter Steinberger
, the creator of OpenClaw, and Nvidia has offered its own version of the agentic framework,
NemoClaw
.
"My wife and I use it to plan our kids' schedules. I built an agent skill that pulls up the school lunch menu every morning as a reminder," he related. His point is that agents via OpenClaw, Nvidia's open-source offering NemoClaw, or other open-source projects are rapidly expanding in an ungoverned, grassroots fashion.
The subtext of Sampath's blog is: Claws are out; better start thinking about them securely.
(In a related development, Meta -- owner of Facebook, Instagram, and WhatsApp -- is acquiring the bot social platform
Moltbook
, which has been a showcase of the good and bad of what can happen when OpenClaw is used to its fullest extent.)
DefenseClaw is designed to plug into and use a variety of tools, according to Sampath.
OpenShell
, the code sandbox software that was unveiled by Nvidia last week at its GTC conference, is important, and so are Cisco's scanning tools, he noted. "But who manages the block lists? Who sees the alerts when something goes wrong at 2 a.m.? That's DefenseClaw."
Also:
Nvidia bets on OpenClaw, but adds a security layer - how NemoClaw works
DefenseClaw does three things, explained Sampath.
First, it scans every piece of code before it runs. "Every skill, every tool, every plugin, before it's allowed into your claw environment, and every piece of code generated by the claw gets scanned." That scanning operation is composed of multiple individual tools, such as Cisco's open-source skill-scanner tool.
Second, the tool detects threats by scanning all messages entering and leaving the agent at runtime.
Third, DefenseClaw will automatically block a "skill," such as an email server account, removing those permissions from the sandbox. The sandbox, in this case, may be Nvidia's OpenShell. Sampath emphasized that the automatic prevention of operations "aren't suggestions; they're walls."
Sampath gave an example of running the tool from the command line to first scan an OpenClaw install operation:
defenseclaw skill install community/jira-triage
With such a request, DefenseClaw would "scan first, check your block/allow lists, generate a manifest, and only then install. Nothing bypasses the admission gate."
Cisco is using its Splunk log analysis tool as the monitoring system of record for all claws, said Sampath. "Every claw is born observable," he wrote, "All stream into Splunk as structured events the moment your claw comes online."
In fact, Cisco announced several additional Splunk extensions intended to make the tool more like an automated security operations center (SOC).
For example, a Guided Response Agent, due in alpha release "soon," said Cisco, will "help SOC teams go from detection hypothesis to production in minutes with accuracy -- allowing teams to quickly import
---
## Expert Analysis
### Merits
- Innovation Home Innovation Artificial Intelligence 3 ways Cisco's DefenseClaw aims to make agentic AI safer The reason agentic AI has seen slow enterprise adoption is the lack of an orchestration layer to track what agents are doing, the networking giant says.
- OpenShell , the code sandbox software that was unveiled by Nvidia last week at its GTC conference, is important, and so are Cisco's scanning tools, he noted. "But who manages the block lists?
### Areas for Consideration
N/A
### Implications
- DefenseClaw will automatically block some agentic operations.
- Agentic artificial intelligence, the kind that will automatically watch your email or book your flights, has been an overnight sensation, capturing the imagination but also presenting massive security risks .
- It is a tool for oversight that will "keep a claw governed," he wrote in a blog post . "That's zero to governed claw in under five minutes." DefenseClaw will be posted on GitHub starting March 27, said Sampath.
- Third, DefenseClaw will automatically block a "skill," such as an email server account, removing those permissions from the sandbox.
### Expert Commentary
This article covers cisco, defenseclaw, agentic topics. Notable strengths include discussion of cisco. Readability: Flesch-Kincaid grade 0.0. Word count: 1351.
cisco
defenseclaw
agentic
code
security
sampath
every
agent
Related Articles
Got an old Kindle? How to resurrect your e-reader with new books
30 minutes ago
How to watch the Triple-i Initiative showcase on April 9
30 minutes ago
Meta's Muse Spark model brings reasoning capabilities to the Meta AI app
30 minutes ago
Greece will ban all kids under 15 from using social media
30 minutes ago
