惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hacker News: Ask HN
Hacker News: Ask HN
C
Cisco Blogs
The Hacker News
The Hacker News
T
Tor Project blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
The GitHub Blog
The GitHub Blog
A
Arctic Wolf
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The Register - Security
The Register - Security
云风的 BLOG
云风的 BLOG
Simon Willison's Weblog
Simon Willison's Weblog
P
Palo Alto Networks Blog
Vercel News
Vercel News
C
CERT Recently Published Vulnerability Notes
I
InfoQ
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
M
MIT News - Artificial intelligence
I
Intezer
aimingoo的专栏
aimingoo的专栏
U
Unit 42
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LINUX DO - 热门话题
Microsoft Security Blog
Microsoft Security Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
Cyberwarzone
Cyberwarzone
P
Proofpoint News Feed
P
Proofpoint News Feed
B
Blog
T
Threat Research - Cisco Blogs
博客园 - 叶小钗
Recorded Future
Recorded Future
Last Week in AI
Last Week in AI
N
News and Events Feed by Topic
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
Engineering at Meta
Engineering at Meta
G
Google Developers Blog
PCI Perspectives
PCI Perspectives
Google DeepMind News
Google DeepMind News
WordPress大学
WordPress大学
Application and Cybersecurity Blog
Application and Cybersecurity Blog
MyScale Blog
MyScale Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
Schneier on Security
Schneier on Security
N
News | PayPal Newsroom
C
Cybersecurity and Infrastructure Security Agency CISA
H
Help Net Security
博客园 - 聂微东
H
Hackread – Cybersecurity News, Data Breaches, AI and More
G
GRAHAM CLULEY

Security @ Cisco Blogs

We third-party tested our firewall built for AI-scale. The test tools hit their limit first. SharpHound Recon Attack - How AI enhanced the threat hunt Machine Speed, Human Judgement: How AI Changed the SOC in 2026 Elevating Expertise in the SOC Educate at Event Speed: Cisco Live Security Operations Center What Working the Cisco Live SOC Taught Me About AI, Detection, and Response Cable to Cloud - A Product Engineer's Journey Through the Cisco Live AMER 2026 SOC The Experience Dividend: How Better Digital Experience Protects Revenue, Trust, and Growth AIM: Building an Agentic Tier-2 SOC Analyst at Cisco Live AMER 2026 Building the Agentic SOC at Cisco Live Americas 2026 Ten Years in the SOC at RSAC: What We Learned in 2026 Uplevelling Black Hat Threat Hunters Making Workflow Runs Explain Themselves: AI-Powered Run Summaries in Cisco XDR Automate Independent Testing Confirms Secure Email Threat Defense’s Email Security Strength Defenseclaw for On-Prem AI SOC Workflow at Black Hat Asia Cisco Secure Access with MCP Infrastructure at Black Hat Asia 2026 The Essence of Black Hat – Collaboration with Partners Black Hat Asia 2026: A Decade in Singapore Black Hat Asia 2026: Threat Hunters’ Corner Unveiling the Power of Integration: XDR, Splunk, Corelight, Arista and Palo Alto Networks in Action at Black Hat Asia Security in the Post-Mythos Era Cisco SASE with Meraki: Get in the Fast Lane to SASE Extending Zero Trust Across the Agentic AI Workflow Strengthening the Foundation: A Predictable, Customer focused Response to AI-Accelerated Vulnerability Discovery Quantum Resilience Needs a Common Language. Here’s Where to Start. Security at Cisco Live: Going Shields Up for the Agentic Era Identity Elevated: A New Unified Identity Experience in Cisco Cloud Control Security Needs a New Operating Model Cisco Secure Access and Microsoft Purview Integration for Simplified Data Protection Cisco Secure Access and Island Browser Enable Zero Trust Everywhere Finding what lives between the alerts: Announcing Cisco Talos Threat Hunting From Log Flood to Threat Signal: Cisco and Splunk Bring Context to Modern Defense Cisco Secure Access and Microsoft Edge for Business Integration Why Network Segmentation Projects Fail: Four Patterns Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI Enhancing Cisco Secure Email Gateway: Safer Clicks and Cleaner Files AI-generated reporting: Lessons learned from Cisco Talos Incident Response Inside the SOC: AI-powered DNS defense against ransomware Security Insights: A Threat-First View for the Platform That Enforces Access From Strategy to Architecture: How Cisco is Building a Quantum-Safe Future AI-Ready, Simpler, and More Secure WAN: Cisco SD-WAN Innovations Designing for What’s Next: Securing AI-Scale Infrastructure Without Compromise Preparing for Post-Quantum Cryptography: The Secure Firewall Roadmap Mobile World Congress 2026: AI-powered Network Security Powering MWC Barcelona – Building a Unified SOC and NOC with Splunk in Record Time AI-powered Network Security at the Mobile World Congress 2026 SNOC Inside the Mobile World Congress 2026 SOC: Detecting Shadow Traffic with Firepower 6100 Data Optimization in Security: A Splunk Architect’s Perspective Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders The Agent Trust gap: What Our Research Reveals About Agentic AI Security Meet Your Incident Responders
Zero Trust for Agentic AI: Safeguarding your Digital Workforce
2026-03-23 · via Security @ Cisco Blogs

Welcome to the Agentic AI Era

Enterprise interest in agentic AI is accelerating. We did a recent poll of Cisco security customers that shows 85% of organizations are actively adopting AI agents, yet only 5% report broad production deployments today. Most deployments remain limited to internal workflows while companies look at governance, security, and operational controls. But, agents as a new digital workforce that need to be managed are here to stay. Common concerns were around enforcing consistent access controls, preventing data exfiltration, and managing agent autonomy and behavior.

AI agents operate at machine speeds to execute complex tasks, yet they completely lack essential human judgment and contextual awareness. We need security in place to govern this new workforce.

Current challenges in the agentic AI ecosystem

When our teams were analyzing the problem around governing this new digital AI workforce, we saw three areas across our customer and prospect conversations on why zero trust access built for humans must adapt to agentic workflows:

  • Early and fragmented ecosystem. Agents are everywhere and the technology is constantly changing. Agents don’t just use browser sessions and static APIs—they use tool brokers MCP, toolchains, and they rely on identities that don’t have humanlike characteristics. This means identity, access, inspection, logging—everything—must be updated to understand agent-to-agent-to-tool traffic and enforce policy at the level agents operate on.
  • Inconsistent policy enforcement. It’s not that there isn’t security. It’s that safeguards are scattered across multiple, disconnected layers and oftentimes too blunt. Each service in each layer has its own authentication model and security controls – often inconsistent and outside of the security team’s direct control. And across MCP servers, we’re seeing that security is wildly inconsistent. But agents need nearly ad hoc access to do their jobs – the more agency they take, broader is their access. If a single MCP server exposes excessive privileges or an application limits access by only coarse scopes, agents will find their way to burrow through the environment to be ‘helpful’ – they are task oriented after all; most of the time without any human like judgement.
  • Dynamic, non-deterministic actions. Agents interact with tools and resources in unpredictable ways to complete their tasks. This breaks static, predefined security controls, making agents difficult to govern with legacy security solutions. Agents may try to access tools or perform actions outside of the intended scope or purpose, needing governance that can detect intent and match back to appropriate actions and access.

As we built our solution, the key design requirement was that enforcement doesn’t depend on an agent’s “cooperation.” That the enforcement has to be agent- and intent-aware, with context around identity, and consistent across tools.

Intention becomes the new perimeter.

The common control point is at the point of access of company tools and data, meaning our SSE is the natural place for enforcement. We tie that together with identity, so the SSE has full context on what the agent is, who owns it, and what it’s allowed to do.

The Solution: Zero Trust for Agentic AI

Extending Cisco Zero trust access to secure agentic AI
Figure 1. Cisco Zero Trust Solution

Today, I’m proud to announce that Cisco now extends our Zero Trust Access architecture to organizations’ agentic AI workforce by combining identity discovery and management, access enforcement, and runtime behavioral protection to govern how agents operate across enterprise systems. We’ve designed an end-to-end solution to help protect your world from agents taking unintended or unaligned actions.

Agent Visibility and Identity Management. Cisco discovers and registers AI agents, MCP servers, and associated tools, creating a centralized inventory of agent identities and activity. Each agent is mapped to a human owner and integrated with enterprise identity systems for consistent authentication, lifecycle management, and governance.

Fine-grained Access Control. Cisco enforces least-privilege policies that define not only which services an agent can access, but the actions it can perform. Identity-aware, time-bound credentials limit the scope and duration of access, while the MCP gateway applies authorization policies consistently across tools and services.

Real-time Behavioral Monitoring and Protection. Cisco continuously evaluates agent interactions across APIs, MCP servers, and enterprise systems to detect abnormal behavior or manipulated instructions. By analyzing intent, the platform can identify risks like unauthorized tool usage, policy violations, and attempts to access sensitive data before actions propagate across systems.

Zero trust for agentic AI in practice

Let’s look at a typical scenario — a financial automation agent kicking off vendor payments. Imagine someone tries to manipulate that agent, maybe by sneaking in a tricky prompt or sending an unauthorized request. Here’s where the security layers come in.

  1. First, knowing the agent is critical. Each agent checks in through Cisco’s agent directory with a verified identity tied back to a human owner, so you know exactly who (or what) is doing what, and authentication is managed in one place — no hardcoded credentials to worry about.
  2. Next, we focus on action control, not the access control of yore. Permissions are set so the agent can only pay approved vendors, within set dollar amounts and during the right hours. Anything out of bounds gets stopped by the MCP gateway before it even hits your back-end systems. Tight integration with identity enables these detailed access policies and enforcement.
  3. Finally, behavioral protection adds another safety net. Cisco keeps an eye on the agent’s intent and actions in real time through semantic inspection. If it starts doing something odd — say, using the wrong tool or straying from its expected routine — the system blocks the action right away. 

With these layers working together, you get strong protection against agent missteps or foul play, all while keeping the speed and efficiency that make agentic AI so valuable.

Security for the agentic AI workforce with Cisco

As a single vendor with integrated solutions across identity, access, and behavior, we were able to take a platform approach, integrating identity, fine-grained access enforcement and real-time behavioral protection into one unified solution.

I’m excited to get your feedback as we work to onboard customers in the coming months. We are thrilled to partner with AI-driven organizations to empower secure, confident agentic AI adoption.

Get Started 

Learn more
Join us at RSA

Disclaimer: Many of the products and features mentioned are still in development and will be made available as they are finalized, subject to ongoing evolution in development and innovation. The timeline for their release is subject to change. 


We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social Media

LinkedIn
Facebook
Instagram