AWS and Cisco have introduced an automated security framework for enterprise AI agents, addressing vulnerabilities arising from the widespread adoption of Model Context Protocol (MCP) servers and Agent-to-Agent (A2A) communication protocols. Since the launch of MCP in November 2024 and A2A in April 2025, organizations have struggled with visibility gaps and manual security bottlenecks that delay deployments by several weeks. The new collaboration integrates Cisco AI Defense’s scanning technology with the AI Registry, an open-source project managed on AWS to provide centralized governance for AI components.

The integrated solution enables automated security scanning for every registered MCP server, A2A agent, and AI Skill. When a new component is added, the system automatically analyzes its metadata, descriptions, and capabilities to identify threats like prompt injection, data exfiltration, or malicious code patterns. Components flagged as vulnerable are automatically disabled with a security-pending tag, preventing them from accessing sensitive data or infrastructure until an administrator conducts a manual review. This process supports compliance with regulatory frameworks such as SOX and GDPR by generating audit trails for all AI agent activities.

Technical scanning approaches include the YARA Analyzer for known threat detection, an LLM Analyzer that utilizes frontier models via Amazon Bedrock for semantic analysis of agent logic, and proprietary scanners from Cisco. These tools support CI/CD integration, allowing security evaluations to occur before assets are published. Organizations can further automate their security posture by integrating these scanning workflows with existing enterprise systems like ServiceNow, Slack, Splunk, or Datadog for real-time alerting and incident management. The AI Registry maintains compatibility with the REST API specifications established by Anthropic to facilitate federation across diverse MCP environments.

AWS and Cisco have introduced an automated security framework for enterprise AI agents, addressing vulnerabilities arising from the widespread adoption of Model Context Protocol (MCP) servers and Agent-to-Agent (A2A) communication protocols. Since the launch of MCP in November 2024 and A2A in April 2025, organizations have struggled with visibility gaps and manual security bottlenecks that delay deployments by several weeks. The new collaboration integrates Cisco AI Defense’s scanning technology with the AI Registry, an open-source project managed on AWS to provide centralized governance for AI components.

The integrated solution enables automated security scanning for every registered MCP server, A2A agent, and AI Skill. When a new component is added, the system automatically analyzes its metadata, descriptions, and capabilities to identify threats like prompt injection, data exfiltration, or malicious code patterns. Components flagged as vulnerable are automatically disabled with a security-pending tag, preventing them from accessing sensitive data or infrastructure until an administrator conducts a manual review. This process supports compliance with regulatory frameworks such as SOX and GDPR by generating audit trails for all AI agent activities.

Technical scanning approaches include the YARA Analyzer for known threat detection, an LLM Analyzer that utilizes frontier models via Amazon Bedrock for semantic analysis of agent logic, and proprietary scanners from Cisco. These tools support CI/CD integration, allowing security evaluations to occur before assets are published. Organizations can further automate their security posture by integrating these scanning workflows with existing enterprise systems like ServiceNow, Slack, Splunk, or Datadog for real-time alerting and incident management. The AI Registry maintains compatibility with the REST API specifications established by Anthropic to facilitate federation across diverse MCP environments.