惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Cyberwarzone
Cyberwarzone
The GitHub Blog
The GitHub Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
小众软件
小众软件
Recent Announcements
Recent Announcements
博客园 - 三生石上(FineUI控件)
Security Archives - TechRepublic
Security Archives - TechRepublic
W
WeLiveSecurity
Cloudbric
Cloudbric
博客园 - 司徒正美
美团技术团队
N
News and Events Feed by Topic
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
PCI Perspectives
PCI Perspectives
宝玉的分享
宝玉的分享
H
Help Net Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Google DeepMind News
Google DeepMind News
Help Net Security
Help Net Security
Last Week in AI
Last Week in AI
S
Schneier on Security
N
News | PayPal Newsroom
B
Blog RSS Feed
L
LINUX DO - 最新话题
T
Troy Hunt's Blog
S
Secure Thoughts
雷峰网
雷峰网
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tenable Blog
S
Securelist
L
LangChain Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
I
InfoQ
H
Heimdal Security Blog
Cisco Talos Blog
Cisco Talos Blog
F
Full Disclosure
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
K
Kaspersky official blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
阮一峰的网络日志
阮一峰的网络日志
C
Cisco Blogs

Cisco Blogs

Edge opportunity for service providers: Turn infrastructure into new services MRC and SRv6: How Foundational Networking Innovations Are Enabling the Next Generation of AI Supercomputers The SMB Marketing Reset: Winning Customer Trust in a Digital-First Economy Inside the SOC: AI-powered DNS defense against ransomware Our Path Forward Securing the Federal Digital Experience with Cisco ThousandEyes for Government Cisco at ONUG Dallas 2026: Securing the AI Data Center in the Agentic Era Cisco and Red Hat are powering intelligent core to edge: Red Hat Summit insights Building the Capabilities That Win: How Cisco Partners Can Lead in the SMB & Mid-Market Era How Two Hours Felt Bigger Than My To-Do List Announcing Foundry Security Spec Ace the CCIE Collaboration Lab: Success Tips from a TAC Engineer Turned CCIE Protecting Agents with Cisco AI Defense and Google Agent Development Kit Powering an Inclusive Future: Your guide to the Purpose Pavilion at Cisco Live Las Vegas The Infrastructure Behind the Mission: SOF Week 2026 Cisco Networking App Marketplace Partners at Cisco Live 2026 Beyond the Pilot: Building the Clinical Data Fabric for the Agentic Era Benchmarking scale-out AI fabrics with Cisco N9000 + AMD Pensando™ Pollara 400 NICs Month of Developer Productivity: Build and Forget The race to autonomous transport networks: A new study Lean IT, future-ready: How to save time and simplify wireless management with AI Reading Between the Pixels: Failure Modes in Vision Language Models Biochar’s triple win: Healthier soils, improved crops, and decarbonization Designing a Proactive Customer Journey Modernize your data center operations with Cisco Nexus Dashboard Why your automation stack needs Cisco Agentic Workflows Try Cisco AI Defense Explorer Edition in this hands-on lab From Bandwidth to Intelligence: How Cisco is Powering AI-Ready Networks Spotlight on digital transformation | FY25 Purpose Report Galaxy Mode is live: A limited-time look at what your Cisco AI Assistant and AgenticOps can already do Securing the Agentic Workforce: Cisco Announces Intent to Acquire Astrix Security Understanding CISA BOD 26-02: Mitigating Risk from End-of-Support Edge Devices Digging Deeper: The Future of Mining with Automation and Ultra-Reliable Wireless Voices from the field: Helping farmers build resilient local economies across rural America Built like a startup, scaled like Cisco: Transforming data center cooling for the AI era Defining Model Provenance: A Constitution for AI Supply Chain Safety and Security Introducing Model Provenance Kit: Know Where Your AI Models Come From Security Insights: A Threat-First View for the Platform That Enforces Access How I Turned My Curiosity into a Patent From Strategy to Architecture: How Cisco is Building a Quantum-Safe Future Maximizing Managed Security Services: A Strategic Guide to Optimizing Your Portfolio (Part 1 of 2) Simplify access control in five easy steps Trust: Why security is your next growth engine Cisco IQ is generally available. Here’s what that actually means. From Vision to Reality: Intelligence in Action with Cisco IQ How connectivity is shaping the future of surgical care The power of your network: Solving a physical security incident on Vision portal 5 signs your data center is holding your AI strategy back Stop Overthinking OT Security: The Total Cost of Ownership and Being Smart with Refreshes AI-Ready, Simpler, and More Secure WAN: Cisco SD-WAN Innovations Scaling the digital future: Why AI and skills investments matter for business and society Expanding our Product Organization Recap Scaling the Future: Reddit AMA on Network Automation at Scale Bringing Professional-Level Skills to Cisco Networking Academy Announcing Cisco Availability in Google Cloud Marketplace: A New Path to Scalable, Partner-Led Growth The Innovation Paradox: How We Reduced Incidents by 25% While Deploying Faster Funding the AI-ready data center: Why flexibility wins The switch that quantum networking has been waiting for From a Message I Couldn’t Believe to a Stage I’ll Never Forget The Hidden Bottleneck Slowing Down Manufacturing Transformation 30 Years as a CCIE: Why Certifications Matter in the AI Era Securing Enterprise AI: Cisco AI Defense Expands to Google Cloud How ThousandEyes Closed the Cloud Visibility Gap by Solving It Themselves First Energy Will Define the Scale of AI Introducing the AI Agent Security Scanner for IDEs: Verify Your Agents Stop Overthinking OT Security: People, Process and Technology Powering the Future of Research: Join Cisco at NLIT 2026 Building the Digital Foundation for a Smarter West Lincoln Memorial Hospital How Cisco built an AI-RRM that maximizes your wireless solution From Automation to Autonomy: Cisco and Rockwell Power a New Era for Manufacturing Unlocking the Future of Fan Engagement: The Power of VisionEDGE Find Yourself in the Future: AI Is the New Baseline—Here’s How to Build Your Skills One Day with Our Customers: Driving better outcomes through customer centricity What It Really Takes to Build an AI-First Workforce From Connectivity to Security: How E80 Future-proofed its AGV Operations with Cisco The Infrastructure of a Floating City: AIDA Cruises’ CX-Led Digital Transformation Scaling your network for AI without a forklift upgrade Why modern networks are moving DDoS defense to the edge Evolve IP Media to AI-Driven Media Fabrics: Future-Proof Broadcast with Cisco and NVIDIA Cisco and Generation are scaling AI-powered pathways to employment Reading Between the Pixels: Assessing Prompt Injection Attack Success in Images Lean IT, future-ready: Why Wi-Fi is your AI growth strategy Cisco Modeling Labs: Bringing the Network Digital Twin to Life AI on the Factory Floor: Why Manufacturing Requires a New Architecture with Cisco Unified Edge Designing for What’s Next: Securing AI-Scale Infrastructure Without Compromise Scaling the Future: Join Our Reddit AMA on Network Automation at Scale 5 wireless trends retail IT teams can’t ignore in 2026 Can your infrastructure management tools do that? Sustainability 101: Let’s talk about energy efficiency From Chai Breaks to Checkpoints: A Day at Cisco Bengaluru Preparing for Post-Quantum Cryptography: The Secure Firewall Roadmap Non-Obvious Patterns in Building Enterprise AI Assistants Making AI Trustworthy and Observable in Real-Time: Cisco Announces Intent to Acquire Galileo A simpler path to unified, AI-ready network operations Cisco Celebrates The Smart Industry Industrial Transformation Award Winners Mobile World Congress 2026: AI-powered Network Security Powering MWC Barcelona – Building a Unified SOC and NOC with Splunk in Record Time How New Data Streams Transformed Cisco Store’s Decision-Making AI-powered Network Security at the Mobile World Congress 2026 SNOC Inside the Mobile World Congress 2026 SOC: Detecting Shadow Traffic with Firepower 6100
Introducing Agent Harness Testing in Cisco AI Defense
Nicholas Conley · 2026-06-17 · via Cisco Blogs

Today, we are excited to introduce Agent Validation as a new evaluation capability in AI Defense: Explorer Edition, the free self-service version of Cisco AI Defense, that is built specifically for agentic AI systems. Agent Validation builds on the agentic security enhancements to Cisco AI Defense announced at Cisco Live, which introduced adaptive red teaming, Policy Studio guardrails, and supply chain discovery for agents. Agent Validation joins the existing suite of red teaming features, extending Explorer Edition’s coverage to the surfaces that are unique to agent harnesses: tool routes, indirect content channels, and persistent state across sessions. 

Agent Validation is the first capability in what will become a broader portfolio of agent harness testing in Cisco AI Defense. We will continue expanding coverage as new agent patterns, frameworks, and attack classes emerge in the threat landscape. 

Why Agents Need Their Own Red Teaming 

Chat-based red teaming is essential for evaluating how a model handles adversarial prompts, jailbreaks, and multi-turn manipulation. It tests the conversational surface thoroughly, because it is how most users interact with most models. When a model is wrapped in an agent harness, the scaffolding of tools, memory, retrieval, and orchestration logic that turns a standalone model into an agent, new attack surfaces appear that a conversational evaluator was never designed to observe or exploit. 

Agents read support tickets, fetch documentation, install skills, and write to files. They may call tools with arguments the user never typed or run multi-step workflows that span across multiple sessions. An attacker who understands agent harnesses may focus on plant instructions in content the agent will retrieve, shape tool arguments in ways the user never typed, or coerce the agent into modifying persistent state that survives the current session. 

A conversational evaluation will not observe any of this. The chat transcript looks clean.  Meanwhile, the actual exploit exists outside the chat interaction itself. 

We built Agent Validation to test the surfaces that matter for agentic systems: 

  • Tool routes: what the agent does when its own legitimate tools are invoked with malicious arguments
  • Indirect channels: instructions hidden in retrieved documents, tool outputs, support tickets, and other content the agent treats as data
  • Persistent state: modifications to policy files, workflow definitions, approval state, and installed capabilities that survive past the current session 

These threats map back to the Cisco AI Security and Safety Framework taxonomy, covering attacker objectives like OB-001 Goal Hijacking, OB-007 Sabotage / Integrity Degradation, and OB-009 Supply Chain Compromise, alongside agent-specific techniques like indirect prompt injection, tool parameter abuse, and untrusted skill installation. The framework gives us a shared vocabulary for what we are testing and why it matters. 

What Makes Our Approach Different 

Every agent deployment has different tools, content sources, and policy artifacts; the attack surface is shaped by what’s wired into the harness itself. Agent Validation runs an autonomous attacker that performs live reconnaissance against your specific agent, builds a structured profile of the attack surface, and adapts if initial attacks were unsuccessful. 

A difficult problem in agent red teaming is knowing whether an attack actually succeeded. If the agent says “I installed the skill” or “I fetched that URL,” that’s a claim, not evidence. Agent Validation solves this with a verification approach that produces independent ground truth by correlating the agent’s response with what the framework actually observed and with out-of-band telemetry the agent has no reason to treat as significant. A finding is only marked confirmed when these independent signals agree. 

The Agent Validation UX is three easy steps: connect an agentic target, pick Agent Validation as the validation type, and click Run. No objective picker, budget slider, or goal text box. Figure 1 shows this in detail. 

Figure 1. Starting an Agent Validation Run


Every run executes a pre-defined coverage matrix curated by Cisco’s AI Threat Intelligence & Security Research team—the same team that maintains the Cisco AI Security and Safety Framework. The objectives cover indirect prompt injection, system-prompt integrity, tool argument abuse, exfiltration, persistence and policy mutation, capability chaining, untrusted code paths, and sensitive-data solicitation. 
 

What the Report Delivers 

Figure 2. Coverage matrix and overview visible after run completion

Every Agent Validation run produces a report organized around what a security leader needs to act on: 

  • Coverage transparency: objectives total versus objectives exercised, so customers can see honestly what was executed for any given run (Figure 2) 
  • Findings sorted by severity: each with the originating attempt, the agent’s response, the tool calls observed, the canary signal if any, the benign-control replay result, and a remediation note (Figure 3) 
  • Discovered, attacked, and skipped tools: what reconnaissance enumerated, what the attacker exercised, and what it skipped and why 
  • A full evidence trail: the prompt, the response, the baseline behavior on a neutral surface, the control replay, and the generated “malicious” artifact 


Figure
3. Findings overview of an Agent Validation run

Looking Ahead

As agent frameworks, tool ecosystems, and skill formats evolve, the attack surfaces will evolve with them. The threat landscape will drive what we build next: new objectives, new attacker tactics, and broader coverage as agent patterns shift in real deployments. 

To see Agent Validation in action, visit Cisco AI Defense: Explorer Edition today. 

Disclaimer: Agent Validation evaluation results reflect agent behavior against the described methodology at the time of testing and do not constitute an endorsement, certification, or guarantee that any agent is safe, secure, or fit for a specific use case. Customers are responsible for conducting their own assessments and for layering appropriate runtime protections on top of validation results. Cisco AI Defense: Explorer Edition is provided as-is without warranties of any kind.