The 80-point gap killing enterprise AI agents is Cisco's sales opportunity

Eighty-five percent of Cisco's enterprise customers are experimenting with AI agents. Five percent have them in production. That 80-point gap is the most honest thing in Cisco's RSA Conference 2026 announcement — and it's the gap Cisco is trying to sell its way into.

The announcement, dropped Monday at RSA Conference 2026, is a mix of shipping software and June 2026 roadmap. Untangling which is which matters more than the headline.

One thing ships today. AI Defense Explorer Edition is live at explorer.aidefense.cisco.com. Per Cisco's launch post, it's the free tier of Cisco AI Defense Enterprise: 20-minute red teaming across 200-plus risk categories, multi-turn adversarial testing, and support for MCP-connected agents. That last part is meaningful — adversarial testing that understands the Model Context Protocol means you can probe agent tool-call behavior, not just model outputs.

DefenseClaw was also announced today — but the code isn't here yet. The repository at github.com/cisco-ai-defense/defenseclaw is up as a stub; Cisco's launch blog and the repo's own README both say the code goes public March 27. DefenseClaw is best understood as a wrapper: its scan engine bundles five tools — skill-scanner, mcp-scanner, a2a-scanner, aibom (AI BoM), and CodeGuard — into a single installation workflow. All are Apache-2.0. The wrapper label isn't a knock — a governance toolkit that works is more valuable than a novel runtime that doesn't, and the component tools have real traction. Skill-scanner has 1,500 stars on GitHub as of publication; it scans agent skills across OpenAI Codex, Cursor, and the agentskills.io spec using a combination of pattern detection, LLM-as-a-judge, and behavioral dataflow analysis with SARIF output for CI/CD pipelines. mcp-scanner sits at 853 stars on GitHub as of publication. The point is that DefenseClaw bundles proven tools, not that it invented them.

The announcement's most interesting infrastructure claim — that NVIDIA OpenShell integration is coming — is roadmap, not shipped. NVIDIA's March 20 blog post describes a capable out-of-process enforcement layer: YAML-based policy, kernel isolation, deny-by-default networking, one command to sandbox OpenClaw, Claude Code, or Codex. That's the runtime enforcement surface that would complete the DefenseClaw story. Without it, DefenseClaw handles scanning and attestation but lacks the enforcement layer to act on what it finds. We covered the OpenShell architecture at GTC when NVIDIA announced it; the Cisco integration was flagged as a future direction then too.

The larger roadmap items target June 2026: Zero Trust for agents via Duo IAM, Cisco Identity Intelligence, and Secure Access SSE with MCP policy enforcement. So do the Splunk SOC agents. The MCP gateway is the genuinely new infrastructure piece — Cisco's architecture would route all MCP tool traffic through an enforcement point tied to Duo, making every tool call from an agent credentialed and auditable. Tom Gillis, Cisco's senior vice president for infrastructure and security, framed the architectural shift cleanly in an interview with CRN's Kyle Alspach: enterprises need to move from "access control to action control" — task-specific permissions for agents, not long-lived credentials that accumulate over time. The problem is real. Long-lived credentials were already a liability in human identity management. Agents compound the exposure at every step in the delegation chain.

Back to the survey. 85 percent experimenting, 5 percent in production — per Cisco's own customer survey, methodology unspecified. Cisco asking Cisco's enterprise customers whether they're experimenting with agents is not an independent data point. But the ratio is consistent with what the beat has been showing for months — widespread experimentation, narrow production footprints. Jeetu Patel, Cisco's executive vice president and chief product officer, positioned the gap as an enterprise readiness problem in the newsroom announcement: the security layer is what separates experiments from production. That's one answer. Integration complexity, reliability, and total cost are others that Cisco's product lineup doesn't claim to solve.

One detail in DJ Sampath's DefenseClaw launch blog is worth flagging for context. Sampath, Cisco's head of AI software, explicitly names CVE-2026-25253 and the ClawHavoc ClawHub supply chain attack as the operational motivation behind DefenseClaw — directly connecting this announcement to our earlier coverage of OpenClaw security vulnerabilities. That's unusual for a corporate product blog: naming specific CVEs and named exploits rather than gesturing at "the evolving threat landscape." It also makes DefenseClaw's intent clearer. This is a direct response to the supply chain risk profile that emerged from ClawHub, not a general-purpose governance framework that happened to ship this week.

Tiernan Ray at ZDNet notes that Cisco is entering a crowded field. The agent security space is pulling in endpoint vendors, identity providers, and cloud platforms simultaneously. Cisco's structural advantage is its integration surface: Duo IAM, Splunk, and Secure Access SSE are already embedded in enterprise security stacks. The MCP gateway, when it ships, doesn't require replacing existing tooling — it threads through it. Whether that's a moat or just a familiar face in a crowded room depends on whether the June 2026 GA date holds.

March 27 is the real first date — when the DefenseClaw repository opens fully and the code can be read, forked, and stress-tested. The OpenShell integration timeline is the second variable worth tracking — it's what turns a scanning toolkit into an enforcement layer. Until that integration ships, DefenseClaw is useful for finding problems. It's not yet built to stop them at runtime.