The dialog round AI and its enterprise purposes has quickly shifted focus to AI brokers—autonomous AI techniques that aren’t solely able to conversing, but in addition reasoning, planning, and executing autonomous actions.
Our Cisco AI Readiness Index 2025 underscores this pleasure, as 83% of corporations surveyed already intend to develop or deploy AI brokers throughout quite a lot of use circumstances. On the identical time, these companies are clear about their sensible challenges: infrastructure limitations, workforce planning gaps, and naturally, safety.
At a cut-off date the place many safety groups are nonetheless contending with AI safety at a excessive degree, brokers develop the AI threat floor even additional. In any case, a chatbot can say one thing dangerous, however an AI agent can do one thing dangerous.
We launched Cisco AI Protection at first of this 12 months as our reply to AI threat—a very complete safety answer for the event and deployment of enterprise AI purposes. As this threat floor grows, we wish to spotlight how AI Protection has developed to satisfy these challenges head-on with AI provide chain scanning and purpose-built runtime protections for AI brokers.
Under, we’ll share actual examples of AI provide chain and agent vulnerabilities, unpack their potential implications for enterprise purposes, and share how AI Protection allows companies to straight mitigate these dangers.
Figuring out vulnerabilities in your AI provide chain
Fashionable AI growth depends on a myriad of third-party and open-source parts similar to fashions and datasets. With the appearance of AI brokers, that checklist has grown to incorporate property like MCP servers, instruments, and extra.
Whereas they make AI growth extra accessible and environment friendly than ever, third-party AI property introduce threat. A compromised element within the provide chain successfully undermines your complete system, creating alternatives for code execution, delicate information exfiltration, and different insecure outcomes.
This isn’t simply theoretical, both. A number of months in the past, researchers at Koi Safety recognized the primary recognized malicious MCP server within the wild. This package deal, which had already garnered hundreds of downloads, included malicious code to discreetly BCC an unsanctioned third-party on each single e mail. Comparable malicious inclusions have been present in open-source fashions, software information, and varied different AI property.
Cisco AI Protection will straight deal with AI provide chain threat by scanning mannequin information and MCP servers in enterprise repositories to establish and flag potential vulnerabilities.
By surfacing potential points like mannequin manipulation, arbitrary code execution, information exfiltration, and gear compromise, our answer helps stop AI builders from constructing with insecure parts. By integrating provide chain scanning tightly inside the growth lifecycle, companies can construct and deploy AI purposes on a dependable and safe basis.
Safeguarding AI brokers with purpose-built protections
A manufacturing AI utility is prone to any variety of explicitly malicious assaults or unintentionally dangerous outcomes—immediate injections, information leakage, toxicity, denial of service, and extra.
After we launched Cisco AI Protection, our runtime safety guardrails had been particularly designed to guard towards these eventualities. Bi-directional inspection and filtering prevented dangerous content material from each consumer prompts and mannequin responses, preserving interactions with enterprise AI purposes protected and safe.
With agentic AI and the introduction of multi-agent techniques, there are new vectors to think about: higher entry to delicate information, autonomous decision-making, and sophisticated interactions between human customers, brokers, and instruments.
To satisfy this rising threat, Cisco AI Protection has developed with purpose-built runtime safety for brokers. AI Protection will operate as a kind of MCP gateway, intercepting calls between an agent and MCP server to fight new threats like software compromise.
Let’s drill into an instance to higher perceive it. Think about a software which brokers leverage to look and summarize content material on the internet. One of many web sites searched accommodates discreet directions to hijack the AI, a well-known situation generally known as an “oblique immediate injection.”
With easy AI chatbots, oblique immediate injections would possibly unfold misinformation, elicit a dangerous response, or distribute a phishing hyperlink. With brokers, the potential grows—the immediate would possibly instruct the AI to steal delicate information, distribute malicious emails, or hijack a related software.
Cisco AI Protection will shield these agentic interactions on two fronts. Our beforehand current AI guardrails will monitor interactions between the appliance and mannequin, simply as they’ve since day one. Our new, purpose-built agentic guardrails will study interactions between the mannequin and MCP server to make sure that these too are protected and safe.
Our purpose with these new capabilities is unchanged—we wish to allow companies to deploy and innovate with AI confidently and with out worry. Cisco stays on the forefront of AI safety analysis, collaborating with AI requirements our bodies, main enterprises, and even partnering with Hugging Face to scan each public file uploaded to the world’s largest AI repository. Combining this experience with a long time of Cisco’s networking management, AI Protection delivers an AI safety answer that’s complete and accomplished at a community degree.
For these serious about MCP safety, try an open-source model of our MCP Scanner which you can get began with right now. Enterprises searching for a extra complete answer to handle their AI and agentic safety considerations ought to schedule time with an knowledgeable from our staff.
Lots of the merchandise and options described herein stay in various levels of growth and might be provided on a when-and-if-available foundation.