DefenseClaw (Cisco)

Basic Information

• Company/Brand: Cisco
• Country/Region: USA
• Official Website: https://blogs.cisco.com/ai/cisco-announces-defenseclaw
• Type: Open-source Security Framework
• Launch Date: Announced on March 23, 2026, released on GitHub on March 27, 2026

Product Description

DefenseClaw is an open-source security tool announced by Cisco at the RSAC 2026 Security Conference on March 23, 2026, specifically designed to secure the deployment of the OpenClaw AI agent framework. The tool was released in response to a series of severe security incidents that occurred after OpenClaw gained widespread popularity.

The security crisis that prompted the creation of DefenseClaw included critical remote code execution vulnerabilities within three weeks of OpenClaw's rise to fame, over 135,000 OpenClaw instances exposed to the public internet, and a coordinated supply chain attack named "ClawHavoc"—which planted more than 800 malicious skills in the skill registry.

DefenseClaw complements NVIDIA's OpenShell: while OpenShell constrains what agents can do, DefenseClaw verifies what agents have done—and intercepts threats before execution. It protects AI agents interacting with MCP tools, plugins, and external resources, offering permission management (instant blocking of MCP servers), scanning AI-generated outputs for malicious code, and integrating telemetry with Splunk.

Core Features

• MCP Server Permission Management (instant blocking of suspicious servers)
• Malicious Code Scanning for AI-Generated Outputs
• Skill Scanner (ensures each skill is scanned and sandboxed)
• Model Security Checks
• Automated Asset Inventory System
• MCP Server Verification
• Security Telemetry Integration with Splunk
• Automatic Inventory of Each AI Asset
• Supply Chain Attack Protection

Business Model

Open-source project, free to use. Cisco indirectly profits through its enterprise security product line (e.g., Splunk integration) and security services. DefenseClaw is also a strategic move by Cisco to establish technical leadership in AI agent security.

Target Users

• Enterprises and organizations deploying OpenClaw
• Security operations teams
• IT security administrators
• Enterprises requiring compliance audits for AI agent behavior

Competitive Advantages

• Cisco's deep expertise and brand reputation in security
• Dual security mechanism: post-event verification + preemptive interception
• Integration with enterprise-grade security tools like Splunk
• Protection designed against real-world supply chain attacks (ClawHavoc)
• Launched at RSAC 2026, recognized by the security community
• Complements NVIDIA NemoClaw/OpenShell

Market Performance

Gained widespread attention after its launch at RSAC 2026, covered by multiple tech and security media outlets such as SiliconANGLE, BizTech Magazine, Open Source For You, and H2S Media. Cisco positioned it as an "open-source framework redefining AI agent security."

Relationship with OpenClaw Ecosystem

DefenseClaw serves as the security layer in the OpenClaw ecosystem, provided by one of the world's largest cybersecurity companies, Cisco. It complements NVIDIA's NemoClaw/OpenShell: NemoClaw constrains agent behavior at the runtime level, while DefenseClaw verifies and audits agent behavior at the application level. Together, they form the security infrastructure for enterprise-grade OpenClaw deployments.

Sources

• Cisco Blogs - DefenseClaw Announcement
• SiliconANGLE - Cisco Debuts DefenseClaw
• H2S Media - ClawHavoc Supply Chain Attack
• BizTech Magazine - RSAC 2026 OpenClaw Security
• Cisco Newsroom - RSAC 2026