The dialog round AI and its enterprise purposes has quickly shifted focus to AI brokers—autonomous AI methods that aren’t solely able to conversing, but additionally reasoning, planning, and executing autonomous actions.
Our Cisco AI Readiness Index 2025 underscores this pleasure, as 83% of firms surveyed already intend to develop or deploy AI brokers throughout quite a lot of use instances. On the identical time, these companies are clear about their sensible challenges: infrastructure limitations, workforce planning gaps, and naturally, safety.
At a time limit the place many safety groups are nonetheless contending with AI safety at a excessive degree, brokers increase the AI danger floor even additional. In spite of everything, a chatbot can say one thing dangerous, however an AI agent can do one thing dangerous.
We launched Cisco AI Protection originally of this 12 months as our reply to AI danger—a really complete safety resolution for the event and deployment of enterprise AI purposes. As this danger floor grows, we need to spotlight how AI Protection has advanced to fulfill these challenges head-on with AI provide chain scanning and purpose-built runtime protections for AI brokers.
Beneath, we’ll share actual examples of AI provide chain and agent vulnerabilities, unpack their potential implications for enterprise purposes, and share how AI Protection allows companies to instantly mitigate these dangers.
Figuring out vulnerabilities in your AI provide chain
Fashionable AI improvement depends on a myriad of third-party and open-source elements similar to fashions and datasets. With the appearance of AI brokers, that listing has grown to incorporate belongings like MCP servers, instruments, and extra.
Whereas they make AI improvement extra accessible and environment friendly than ever, third-party AI belongings introduce danger. A compromised part within the provide chain successfully undermines your entire system, creating alternatives for code execution, delicate knowledge exfiltration, and different insecure outcomes.
This isn’t simply theoretical, both. Just a few months in the past, researchers at Koi Safety recognized the primary identified malicious MCP server within the wild. This bundle, which had already garnered 1000’s of downloads, included malicious code to discreetly BCC an unsanctioned third-party on each single electronic mail. Related malicious inclusions have been present in open-source fashions, instrument information, and varied different AI belongings.
Cisco AI Protection will instantly deal with AI provide chain danger by scanning mannequin information and MCP servers in enterprise repositories to determine and flag potential vulnerabilities.
By surfacing potential points like mannequin manipulation, arbitrary code execution, knowledge exfiltration, and power compromise, our resolution helps stop AI builders from constructing with insecure elements. By integrating provide chain scanning tightly throughout the improvement lifecycle, companies can construct and deploy AI purposes on a dependable and safe basis.
Safeguarding AI brokers with purpose-built protections
A manufacturing AI software is prone to any variety of explicitly malicious assaults or unintentionally dangerous outcomes—immediate injections, knowledge leakage, toxicity, denial of service, and extra.
After we launched Cisco AI Protection, our runtime safety guardrails had been particularly designed to guard towards these eventualities. Bi-directional inspection and filtering prevented dangerous content material from each person prompts and mannequin responses, maintaining interactions with enterprise AI purposes secure and safe.
With agentic AI and the introduction of multi-agent methods, there are new vectors to contemplate: better entry to delicate knowledge, autonomous decision-making, and sophisticated interactions between human customers, brokers, and instruments.
To satisfy this rising danger, Cisco AI Protection has advanced with purpose-built runtime safety for brokers. AI Protection will operate as a kind of MCP gateway, intercepting calls between an agent and MCP server to fight new threats like instrument compromise.
Let’s drill into an instance to raised perceive it. Think about a instrument which brokers leverage to go looking and summarize content material on the net. One of many web sites searched incorporates discreet directions to hijack the AI, a well-known situation often known as an “oblique immediate injection.”
With easy AI chatbots, oblique immediate injections would possibly unfold misinformation, elicit a dangerous response, or distribute a phishing hyperlink. With brokers, the potential grows—the immediate would possibly instruct the AI to steal delicate knowledge, distribute malicious emails, or hijack a related instrument.
Cisco AI Protection will defend these agentic interactions on two fronts. Our beforehand current AI guardrails will monitor interactions between the applying and mannequin, simply as they’ve since day one. Our new, purpose-built agentic guardrails will look at interactions between the mannequin and MCP server to make sure that these too are secure and safe.
Our aim with these new capabilities is unchanged—we need to allow companies to deploy and innovate with AI confidently and with out concern. Cisco stays on the forefront of AI safety analysis, collaborating with AI requirements our bodies, main enterprises, and even partnering with Hugging Face to scan each public file uploaded to the world’s largest AI repository. Combining this experience with a long time of Cisco’s networking management, AI Protection delivers an AI safety resolution that’s complete and achieved at a community degree.
For these excited by MCP safety, take a look at an open-source model of our MCP Scanner you can get began with at present. Enterprises searching for a extra complete resolution to deal with their AI and agentic safety issues ought to schedule time with an knowledgeable from our crew.
Lots of the merchandise and options described herein stay in various phases of improvement and might be provided on a when-and-if-available foundation.
