Cisco Announces Agent Gateway to Extend Zero Trust Across Agentic AI Workflows
What Happened – Cisco released a new “Agent Gateway” capability that expands Zero Trust policy enforcement from traditional user‑centric access control to continuous “action control” for autonomous AI agents (e.g., Claude Code, Codex, LangChain). The feature identifies agents, maps their requests to resource groups, evaluates actions against policy, and injects credentials from a vault without exposing secrets.
Why It Matters for TPRM –
- AI‑driven agents can traverse multiple SaaS tools and LLMs at machine speed, creating a novel attack surface that traditional controls miss.
- Third‑party risk programs must verify that vendors handling AI agents enforce continuous policy checks and protect credential stores.
- Failure to adopt action‑control can lead to unauthorized code changes, data exfiltration, or supply‑chain compromise.
Who Is Affected – Enterprises using AI‑assisted development or automation tools; SaaS providers exposing APIs to autonomous agents; MSPs and MSSPs that manage AI workloads for clients.
Recommended Actions –
- Review contracts and security questionnaires for any vendor that supplies or consumes autonomous AI agents.
- Validate that the vendor employs continuous action‑control (e.g., Cisco Agent Gateway) and stores credentials in a hardened vault.
- Update internal Zero Trust policies to include “agent identity” and “action risk” criteria.
Technical Notes – The solution leverages Cisco Duo for agent identity, maps requests to named resource groups, enforces allow/observe/block decisions, and injects OAuth tokens or API keys from a secure vault. No specific CVE is referenced; the focus is on architectural control. Source: Cisco Security Blog – Extending Zero Trust Across the Agentic AI Workflow