We are announcing Duo Agentic Identity this week at RSAC! Part of the broader Cisco Zero Trust for Agents architecture to help organizations accelerate the adoption of Agentic AI without worrying about the massive risk. We've added a nice set of capabilities (some in alpha so reach out if you want to try them!). Three easy steps.... 1. Add MCP servers as protected applications 🔐 in the app catalog! You can add an MCP server just like you would any other application in Duo like SSH, RDP, OAuth, SAML resources that we already protect today. 2. Register types of MCP clients 🤖 that you expect to show up (e.g. Claude Code) and let them use those MCP servers, setting policy as you go for the tools they need, but now protected by Duo for authorization. 3. Gain visibility 🔍 in Cisco Identity Intelligence to see all your agent identities from third-party providers. Agents are everywhere from laptops to servers to virtual machines to running in AI providers, clouds, and SaaS. And oh by the way you if you don't trust your MCP servers to enforce security all on their own (you shouldn't), we support AI gateway integrations. More on that soon but your best enterprise option will be Cisco AI Defense or Cisco Secure Access which provides a built-in MCP API gateway as part of it is distributed edge architecture. Very cool. Amazing work by Duo Security and a big shout out to Colin Medfisch, Cindy Qu, Weston Andros Adamson, Jamie Pringle, Alan Pinkert and many many more folks in Duo and Cisco R&D. 🙌
Renato Marinho
2mo
The identity layer for agentic AI is overdue — Zero Trust for agents makes complete sense as the attack surface expands. Addy Sharma's point about mid-session escalation is exactly the gap most MCP implementations have: policy is set at connection time and the session is effectively trusted after that. An agent authorized to read a database can, in many current implementations, have its behavior silently extended by a prompt injection or a poorly scoped tool. One layer this needs to pair with is egress control at the MCP server level. Even with perfect identity and session management, if the MCP server pipes full backend responses to the LLM, you're leaking data through the model itself. We built .redactPII() and a Presenter layer into Vurb.ts specifically for this — PII fields are stripped before the LLM sees the response, and new DB columns are invisible by default. Zero Trust at the identity layer + strict egress at the server layer seems like the right combination. github.com/vinkius-labs/vurb.ts
Addy Sharma
2mo
This is a critical step Matt — treating MCP servers as first-class protected resources changes the game. The gap I see in most current implementations is that policy is applied at connection time, not during the session. An agent that was authorized to query a database can silently escalate to write operations mid-session if there’s no continuous behavioral assessment. Duo handling authorization is the right entry point, but the real challenge is runtime governance: what happens after the agent gets its initial token? That’s where identity posture management for non-human identities becomes essential.
Swaraj Vinjapuri
2mo
Thrilled to be partnering with the Duo team! 🌐 We are building the foundational security needed for Agentic Identities, ensuring that the next wave of AI agents is secure by design. 🛡️ Excited to help drive the proliferation of truly secure, autonomous agents. 🤖
SafeWeave
2mo
Zero trust for agentic AI is the right model. Agents need scoped, auditable access to tools and code, not open-ended permissions set at deploy time.
Duo Security
2mo
Huge shoutout to all involved 💪
Patrick Welch
2mo
Congratulations, extremely innovative that’s desperately needed!
Blas P.
2mo
👏👏👏👏
Matt Zanderigo
2mo
🔥
More info here: https://duo.com/blog/introducing-duo-agentic-identity