595. Cisco - DefenseClaw Collaboration
Basic Information
| Field | Content |
|---|---|
| Product ID | 595 |
| Name | Cisco - DefenseClaw Collaboration |
| Type | Cybersecurity Giant/Security Tool |
| Company | Cisco |
| Release Date | March 23, 2026 (Before RSAC 2026) |
| GitHub Availability | March 27, 2026 |
Collaboration Overview
Cisco launches DefenseClaw—an open-source security tool specifically designed to protect OpenClaw AI agents. This project is a direct response to the coordinated supply chain attacks faced by OpenClaw during its rapid adoption.
Core Products
DefenseClaw
- Definition: A governance layer on top of OpenShell
- Includes: A collection of scanners open-sourced by Cisco
- Deployment Time: Developers can deploy it in 5 minutes
Scanning Engines (5 Tools)
| Tool | Function |
|---|---|
| skill-scanner | Security scanning for skill packages |
| mcp-scanner | Security checks for MCP protocol |
| a2a-scanner | Security scanning for inter-agent communication |
| CodeGuard | Static code analysis |
| AI BOM Generator | AI Bill of Materials generation |
Runtime Protection
- Real-time Message Inspection: Inspects every message flowing in and out during agent execution
- Not Limited to Installation: Monitors throughout runtime
- Anomaly Detection: Analyzes the intent of operation sequences to detect anomalies
- Example: An agent suddenly attempting to access sensitive financial data it has never touched before
Telemetry and Monitoring
- Streams every tool invocation, prompt-response pair, and policy decision directly to Splunk
- Complete audit trail and observability
Collaboration with NVIDIA
- DefenseClaw functionality is directly integrated into NVIDIA's OpenShell
- Continues the ongoing collaboration between the two in AI security
- Provides robust automated security at the runtime level
Background Events
ClawHavoc Supply Chain Attack
- The direct reason for Cisco's development of DefenseClaw was the supply chain attack on OpenClaw
- OpenClaw became a target of coordinated attacks within weeks of its popularity
- Attacks included malicious skill packages, npm package tampering, etc.
Cisco's Own Use of OpenClaw
- Cisco blog title: "I Run OpenClaw at Home. That's Exactly Why We Built DefenseClaw."
- Cisco engineers themselves are OpenClaw users, understanding security needs from an internal perspective
RSAC 2026 Launch
- Cisco showcased DefenseClaw at RSAC (RSA Conference) 2026
- Theme: "Building Trust for the Agentic Workforce"
- Presented a new paradigm for AI agent security
Key Insights
- From User to Builder - Cisco engineers transitioned from OpenClaw users to security tool builders
- Open Source Security - DefenseClaw itself is open-source, aligning with OpenClaw's open-source ethos
- Full Lifecycle Security - Covers the complete security chain from pre-installation scanning to runtime monitoring
- Industry Standardization - Launching at RSAC indicates that AI agent security is moving towards industry standardization
Relationship with OpenClaw Ecosystem
Cisco's DefenseClaw is one of the most comprehensive security tools in the OpenClaw security ecosystem. Its collaboration with NVIDIA NemoClaw forms the complete stack for enterprise-level OpenClaw security—NemoClaw provides runtime security, while DefenseClaw offers governance layer security.