Cisco introduced Agent Runtime Protection in its AI Defense Python SDK, a one-line integration that brings AI Defense inspection to every LLM and MCP interaction across chat apps, agent frameworks, and managed agent runtimes. Security researchers demonstrated how a simple instruction hidden in a Google Doc can hijack an AI agent, causing it to exfiltrate sensitive data to an external server without requiring special access. AI agents now execute code, send emails, query databases, and browse the web autonomously, and when an agent processes a malicious prompt embedded in external content, it does something harmful. According to Cisco’s AI Readiness Index 2025, 83% of companies plan to develop or deploy AI agents. The protection uses dynamic code rewrites to wrap every LLM call and MCP tool invocation in AI Defense inspection without other code changes. The agentic stack has three levels of complexity: Level 1 (chat applications) secures the prompt/response boundary; Level 2 (agentic frameworks like LangChain, LangGraph, CrewAI, AutoGen, Strands, Google ADK, and the OpenAI Agents SDK) requires securing calls inside the framework; Level 3 (PaaS agent runtimes such as AWS Bedrock AgentCore, Google Vertex AI Agent Engine, and Microsoft Azure AI Foundry) involves deploying agents into managed containers or serverless functions.