惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

量子位
C
CXSECURITY Database RSS Feed - CXSecurity.com
Project Zero
Project Zero
O
OpenAI News
C
Cisco Blogs
Microsoft Azure Blog
Microsoft Azure Blog
Security Latest
Security Latest
T
Tor Project blog
S
SegmentFault 最新的问题
P
Privacy & Cybersecurity Law Blog
博客园 - 【当耐特】
V
Vulnerabilities – Threatpost
W
WeLiveSecurity
小众软件
小众软件
博客园 - 聂微东
Y
Y Combinator Blog
Spread Privacy
Spread Privacy
人人都是产品经理
人人都是产品经理
Know Your Adversary
Know Your Adversary
Scott Helme
Scott Helme
B
Blog RSS Feed
N
News | PayPal Newsroom
J
Java Code Geeks
T
The Blog of Author Tim Ferriss
TaoSecurity Blog
TaoSecurity Blog
D
Docker
阮一峰的网络日志
阮一峰的网络日志
NISL@THU
NISL@THU
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
L
LINUX DO - 最新话题
MongoDB | Blog
MongoDB | Blog
Recorded Future
Recorded Future
Webroot Blog
Webroot Blog
L
Lohrmann on Cybersecurity
博客园 - 三生石上(FineUI控件)
雷峰网
雷峰网
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
L
LangChain Blog
Cloudbric
Cloudbric
罗磊的独立博客
宝玉的分享
宝玉的分享
Jina AI
Jina AI
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
N
News and Events Feed by Topic
GbyAI
GbyAI
大猫的无限游戏
大猫的无限游戏
A
About on SuperTechFans
L
LINUX DO - 热门话题
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC

Cisco Blogs

Deloitte Japan Advances Security Operations with Cisco Foundation AI’s Open-Source Model CCNP Security News Roundup: Free SDSI Training, New Duo Course Cisco AI Defense Policy Studio: Turning Unwritten Policy into Adaptive AI Guardrails From Intelligence to Action: Operationalizing MS-ISAC Threat Data Across SLED Environments Scale. Speed. Trust: Three Imperatives for the AI Era Reflecting on Cisco Live: OT security is the new IT. Are you ready? Security in the Post-Mythos Era Fusing Security and Networking: Your Fastest Path to Profitability How we built an AI foundation for Marketing Revenue Operations at Cisco Cisco SASE with Meraki: Get in the Fast Lane to SASE Powering the AI-ready branch with agentic operations and quantum-era security Voices from the field: How data strengthens livelihoods in coastal communities Cisco Customer Achievement Awards AMER 2026: Honoring Those Transforming IT From tenant-aware to job-aware: scaling shared AI clusters with Cisco Nexus One Protecting SaaS AI Agents with Cisco AI Defense and AppOmni AI Agents Need Built-In Security. Here Is How Cisco Does It AI infrastructure has entered its operational era Cisco Silicon One: Purpose-Built for Secure Networking in the Agentic AI Era Accelerating Growth for Developers with Cisco Compatible AI Solutions in the Cisco 360 Partner Program Share Your Experience: Where the Human Voice Thrives in the Age of AI Layered Defense for the Plant Floor: Simplifying OT Security White House AI Executive Order: Advancing Innovation & Security Streamlining Partner Procurement: Introducing the ‘Shop Cisco Refresh’ eCommerce Platform How Cisco Cloud Control Changes the Partner Motion Strengthening the Foundation: A Predictable, Customer focused Response to AI-Accelerated Vulnerability Discovery Powering resilient ecosystems | FY25 Purpose Report End-to-end AI networking: Cisco’s answer to the inferencing era Quantum Resilience Needs a Common Language. Here’s Where to Start. Security at Cisco Live: Going Shields Up for the Agentic Era From an Idea to a Live App on Cisco, in Minutes Agent Builder in Cloud Control Studio: A new way to extend and customize Cisco Cloud Control Cisco AI Canvas is here: the workspace for agentic operations Cisco Cloud Control: The Secure Harness for the Agentic Era Identity Elevated: A New Unified Identity Experience in Cisco Cloud Control Security Needs a New Operating Model Cisco AI Defense Gets Personal with Agent Security DevNet Sandbox: Building the Future of Developer Experiences Oscar’s Insights: A Conversation on BBVA Argentina’s Network Transformation Cisco Secure Access and Microsoft Purview Integration for Simplified Data Protection Cisco Secure Access and Island Browser Enable Zero Trust Everywhere Finding what lives between the alerts: Announcing Cisco Talos Threat Hunting From Log Flood to Threat Signal: Cisco and Splunk Bring Context to Modern Defense The Skills Payload: What’s Landing at Cisco Live 2026 More efficient and functional workplaces start with smart building data Cisco Secure Access and Microsoft Edge for Business Integration Must-See Cisco U. Theater Sessions at Cisco Live 2026 Las Vegas Navigating the Future of Connected Roadways: Cisco at ITS Americas 2026 In the AI era, defense starts with the network. Here’s how Cisco is doing it. Unlock the power of scale-across with Cisco converged silicon, systems, and optics Trusted network data for end-to-end visibility with Nexus Data Broker Maximizing Managed Security Services Sales & Profitability: Part 2 of 2, A Strategic Guide to Creating New Services Explore Enterprise Networking Automation at Cisco Live US 2026 A new model for infrastructure security: How Cisco defends against AI threats From Research to Reality: Launching the 9th Annual Cisco Partner Innovation Challenge Unlocking Partner Profitability with Lifecycle Advantage APIs Why Financial Agility is the New Competitive Edge Proprietary Problems: No Frontier Model Is Multi-Turn Immune Securing campus and branch networks from boot to transport with full-stack PQC Why Network Segmentation Projects Fail: Four Patterns Accelerating Enterprise-Scale AI Development & Experimentation Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI Powering Modern Data Workloads with Cisco UCS and Qumulo The Fundamentals of AI: What every curious person should know about how language models work The impact of AI on wide area network traffic: we need to talk Cisco Live 2026 Las Vegas: Explore AI and automation across the network One open NOS, any workload: SONiC on Cisco Enhancing Cisco Secure Email Gateway: Safer Clicks and Cleaner Files Cisco Partners With College Board to Launch AP Cybersecurity and Expand Career-Connected Learning Fueling “The Greatest Spectacle in Racing®” AI-generated reporting: Lessons learned from Cisco Talos Incident Response Cisco Named a Leader in the 2026 Gartner® Magic Quadrant™ for Enterprise Wired and Wireless LAN Infrastructure AI network performance with Cisco Intelligent Packet Flow Building a world-class employee experience | FY25 Purpose Report Real-World Skills for Real World Challenges: AI-Led Updates Across Cisco Certification Portfolio Learn with Cisco at Cisco Live 2026: Your Week for Skills, Certs, and What’s Next Cisco N9000 excels in EANTC 2026 VXLAN EVPN and timing tests Innovating at the Speed of Business: Announcing the Customer Achievement Awards AMER 2026 Finalists Future of Sports Analytics: Building Trust and Intelligence with SūmerSports and Cisco Accelerate Your Career and Impact with CCNA Certifications Skills-based volunteering for the AI era: Inside Cisco’s first Tech for Social Good Hackathon Cisco Live 2026: Bringing the Future of Customer Experience to Las Vegas Mission-First: Equipping the Digital Warfighter at AFCEA TechNet Cyber 2026 Edge opportunity for service providers: Turn infrastructure into new services MRC and SRv6: How Foundational Networking Innovations Are Enabling the Next Generation of AI Supercomputers The SMB Marketing Reset: Winning Customer Trust in a Digital-First Economy Inside the SOC: AI-powered DNS defense against ransomware Our Path Forward Securing the Federal Digital Experience with Cisco ThousandEyes for Government Cisco at ONUG Dallas 2026: Securing the AI Data Center in the Agentic Era Cisco and Red Hat are powering intelligent core to edge: Red Hat Summit insights Building the Capabilities That Win: How Cisco Partners Can Lead in the SMB & Mid-Market Era How Two Hours Felt Bigger Than My To-Do List Announcing Foundry Security Spec Ace the CCIE Collaboration Lab: Success Tips from a TAC Engineer Turned CCIE Protecting Agents with Cisco AI Defense and Google Agent Development Kit Powering an Inclusive Future: Your guide to the Purpose Pavilion at Cisco Live Las Vegas The Infrastructure Behind the Mission: SOF Week 2026 Cisco Networking App Marketplace Partners at Cisco Live 2026 Beyond the Pilot: Building the Clinical Data Fabric for the Agentic Era Benchmarking scale-out AI fabrics with Cisco N9000 + AMD Pensando™ Pollara 400 NICs
Extending Zero Trust Across the Agentic AI Workflow
Prabhat Singh · 2026-06-03 · via Cisco Blogs

Earlier this year, Cisco outlined our vision for Zero Trust for the agentic workforce. At its core is a simple principle: trust should not be established once and assumed indefinitely. As agents interact with models, tools, applications, and data, their activity must be continuously evaluated.

Putting that principle into practice requires controls that can follow agents as they work. Consider a coding agent like Claude Code or Codex. To complete a single task, it may call an LLM for reasoning, connect with MCP tools to read Jira and push to GitHub, hit SaaS APIs for data, and browse the web for additional context. It does all this autonomously, at machine speed, carrying whatever credentials it was handed at startup.

Why existing controls fall short

Traditional Zero Trust controls authenticate a user and grant access to a resource. Once access is granted, we rely on humans to exercise judgment or machines to follow pre-defined rules. An agent is neither a user nor a deterministic machine. It is a process that reasons, decides, and acts – with broad scope, exponential scale, and no human judgment.

As a result, access control is no longer enough. A coding agent may be authorized to connect to GitHub, Jira, and an approved set of models. The real question is not whether it can connect to those systems, but what actions it takes across them as it works toward a goal. Reading a repository, creating a pull request, modifying a production configuration, or accessing sensitive data may all carry different levels of risk.

This is the shift from access control to action control. Organizations need to evaluate agent activity not just when access is granted, but throughout the workflow itself. That is the agent security challenge—and it is categorically different from the problems Zero Trust was originally designed to solve.

From Access Control to Action Control

Cisco Secure Access is evolving to help make that shift with Agent Gateway—new functionality that extends policy enforcement across agent interaction with LLMs, MCP servers, SaaS APIs, and web destinations. To move from access control to action control, Agent Gateway will help answer five questions before a request is allowed to proceed:

  • Who is the agent? Cisco uses Duo to identify the Codex, Claude Code, or LangChain agent itself – not just the laptop it runs on.
  • What is it trying to access? Agent Gateway will map requests to a named resource group: an approved model set, a group of MCP tools, a set of SaaS APIs, or a web category.
  • Is this action allowed? Policy will decide whether the request is permitted, observed, or blocked. A “fetch” from the GitHub repo is allowed; a “create_file” to the same repo can be denied.
  • Which credential should be used? Tokens, OAuth grants, and API keys will live in Cisco’s vault. The agent never touches them. Agent Gateway will inject the right credential server-side per method and path.
  • What happened? Every decision – agent identity, resource touched, policy verdict, credential reference, route taken—will land in one audit event.
Cisco AI gateway pks image
Figure: Cisco Secure Access Agent Gateway applies consistent policy across agent interactions

What makes Cisco’s approach different

Many approaches to agent security introduce a second access stack that enterprises adopt alongside their existing SSE and identity infrastructure. Cisco’s approach is different: if you already run Secure Client, Secure Access, and Duo, you already have the enforcement surface. With Agent Gateway, Cisco extends these capabilities into the agentic workflow. No agent code changes. No new management portal. No second identity system.

  • Agent identity via Duo Non-Human Identity (NHI). Duo will identify the agent process itself using Duo identity, extending naturally from user MFA to agent and non-human identities. No separate identity service required. In MCP environments, Duo and Secure Access work together to enable fine-grained tool-level authorization, so organizations can govern which tools an agent is allowed to invoke, not just which MCP servers an agent can access.
  • Shared policy across the workflow. Agents operate across models, MCP tools, APIs, and web activity—not within a single control plane. With Agent Gateway, Cisco will apply a common policy framework across those environments, helping organizations govern approved models, MCP tools, enterprise APIs, and web destinations.
  • Server-side credential injection. Keys and tokens live in Cisco’s vault. The agent never touches them. Agent Gateway will inject the right credential server-side per method and path. This separates agent authorization from credential possession, allowing agents to perform approved actions without access to the underlying credentials. This closes a class of exfiltration risk that no proxy-only solution addresses.

What this means in practice

Consider an enterprise deploying hundreds of coding agents across software development. Each agent may be authorized to use approved LLMs, access Jira through MCP tools, retrieve source code from GitHub, consult internal documentation, and interact with selected enterprise APIs. On paper, that sounds straightforward. In practice, those agents may perform thousands of actions every day across dozens of systems.

Traditional access controls can answer whether an agent is allowed to connect to GitHub. They struggle to show whether a particular action was appropriate once the agent got there. Even basic audit questions require stitching evidence from LLM provider logs, MCP server logs, GitHub audit trails, and whatever the agent’s orchestration framework happens to capture.

With Agent Gateway and Duo, every agent has a named identity tied to its owner and business purpose. Every GitHub interaction shows which method was called, whether it was allowed, and which vault reference provided the token. When a model provider has an outage, requests can automatically fail over to another approved model within the same policy framework. Observation mode can identify unusual patterns—such as a burst of write requests to a normally read-only API—and surface them as policy recommendations.

The value is not another dashboard. It is a single control loop for agent identity, action, credential, policy, and outcome.

Some products or features described may be in various stages of development and offered on a when-and-if available basis. Cisco reserves the right to change delivery timelines and will have no liability for any delays or failures to deliver.

We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social Media

LinkedIn
Facebook
Instagram

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。