Agent21Start Free Trial
Enterprise AI Security

Every Agent Action
Secured by Cisco

Agent21 integrates Cisco's DefenseClaw — the open-source security governance framework for AI agents. Every tool call scanned. Every credential redacted. Every action auditable.

How DefenseClaw Protects Your Agents

🤖
1. Agent Decides to Act
CTO agent: "I should create a Jira ticket for the stale PRs"
passes through
CISCO DEFENSECLAW SECURITY PIPELINE
Skill Scanner
No blocked commands
No credential leaks
No privilege escalation
No data exfiltration
CodeGuard
Static analysis on output
Auto-redact leaked keys
Injection pattern detection
Safe content verification
AI BOM
Model: claude-haiku-4.5
Tool: jira_create_issue
Data: company context
Full audit trail logged
Policy Guards
Domain allowlist OK
Token limit within bounds
No human approval needed
Company policy compliant
SCAN PASSED — Action Allowed
executes safely
3. Action Executes Safely
Jira ticket XSPAN-1500 created. Result scanned by CodeGuard before returning to user. Audit trail logged.

What DefenseClaw Blocks

Real-time protection against the most common AI agent security threats.

🔑
Credential Leaks
THREAT

Agent output accidentally contains API keys, passwords, or tokens

DEFENSECLAW RESPONSE

CodeGuard auto-detects and redacts Stripe keys, GitHub tokens, AWS keys, Anthropic keys, and more — before they reach the user

sk_live_51TDe2z... → sk_live_[REDACTED]
💀
Dangerous Commands
THREAT

Agent tries to execute destructive shell commands

DEFENSECLAW RESPONSE

Skill Scanner blocks rm -rf, DROP TABLE, fork bombs, pipe-to-shell, and other dangerous patterns

rm -rf / → BLOCKED: Dangerous command detected
📤
Data Exfiltration
THREAT

Agent attempts to send company data to external endpoints

DEFENSECLAW RESPONSE

Domain allowlist restricts outbound connections. Webhook.site, requestbin, and other exfil patterns blocked

curl webhook.site/... → BLOCKED: Data exfiltration pattern
⬆️
Privilege Escalation
THREAT

Cloud agent tries to execute shell commands (only CTO local can)

DEFENSECLAW RESPONSE

Policy guardrails enforce separation: cloud agents call APIs only. Shell access requires CTO local CLI with full DefenseClaw scanning

exec('sudo ...') → BLOCKED: Shell commands not allowed for cloud agents
💉
Prompt Injection
THREAT

Malicious input tries to override agent instructions

DEFENSECLAW RESPONSE

Input sanitization, instruction hierarchy enforcement, and output validation prevent injection attacks

Ignore all instructions → Agent stays in character, injection detected
👤
Shadow AI Usage
THREAT

No visibility into what models, tools, and data agents are using

DEFENSECLAW RESPONSE

AI BOM (Bill of Materials) tracks every model, tool, and data source per agent per call. Full audit trail for compliance

AI BOM: cto → haiku → github_create_issue → company_context

Two Deployment Modes, One Security Layer

Cloud Agents (7 of 8)
Chief of Staff, CFO, CLO, Sales, Marketing, Product, HR
Run on Agent21 cloud (Vercel)
API-only access to external tools
No shell access, no file system
DefenseClaw scans every API call
Credentials encrypted AES-256-GCM
No installation needed. Works in the browser. All security handled server-side.
CTO Local Agent
Full dev machine access — secured by DefenseClaw
Runs on developer's local machine
SSH, git, npm, docker access
DefenseClaw scans every command
Blocks destructive operations
Credential leak prevention
npm install -g @agent21/cto
agent21-cto "deploy to staging"
🛡️ Scanned by Cisco DefenseClaw

Live Scan Example

$ agent21-cto "check for security vulnerabilities in our dependencies"
🛡️ DefenseClawScanning request...
Skill Scanner:PASS— No blocked patterns
CodeGuard:PASS— No credential leaks
AI BOM:LOGGED— Model: haiku, Tools: github_list_issues
Policy:PASS— Within company policy
✅ All scans passed. Executing...
Found 2 vulnerabilities in dependencies:

1. CVE-2026-1234 — lodash@4.17.20 (HIGH)
   Fix: npm update lodash

2. CVE-2026-5678 — axios@0.21.0 (MEDIUM)
   Fix: npm update axios

Created Jira ticket: ENG-456 "Update vulnerable dependencies"
Posted to #engineering on Slack
🛡️ Output scanned by Cisco DefenseClaw — no credentials detected

Open Source

DefenseClaw is open source, auditable by anyone. No black boxes.

Full Transparency

AI BOM tracks every model, tool, and data source. Complete audit trail.

Zero Trust

Every action verified. No implicit trust. Agents earn access per-call.

Run Your Company with Confidence

8 AI agents, pre-trained in your function and industry, executing real work across 25 platforms — all secured by Cisco DefenseClaw. Enterprise-grade security, startup-speed deployment.

Start Free Trial Full Security Overview

Based on cisco-ai-defense/defenseclaw — open source AI agent security governance