Defending Brokers with Cisco AI Protection and Google Agent Improvement Equipment

Posted by techforbes May 11, 2026

Brokers are highly effective as a result of they do greater than reply questions. They name instruments, retrieve context, and act throughout a number of steps. That’s what makes frameworks like Google’s Agent Improvement Equipment (ADK) so helpful, and it is usually what modifications the safety downside. Cisco AI Protection offers runtime safety for AI brokers. With this integration, AI Protection now plugs into Google’s ADK and carries the identical runtime controls from native improvement to Agent Runtime on Gemini Enterprise Agent Platform.

Google’s ADK is used to construct tool-using brokers. Agent Runtime is the managed runtime to deploy them. This integration makes it simple to maintain Cisco AI Protection runtime safety hooked up in each locations.

The safety downside modifications with brokers

The true threat is not only that an agent produces a nasty reply. The larger problem is that untrusted immediate content material can affect device conduct, and gear output can ship delicate information again into the mannequin. As soon as brokers begin interacting with exterior methods, the safety query shifts from “What did the mannequin say?” to “What did the agent do, and what information crossed runtime boundaries?” That’s the place runtime safety issues.

Whether or not an agent runs regionally or on Gemini Enterprise Agent Platform, groups want a strategy to examine and implement coverage throughout the complete execution path—not simply on the first mannequin name. They want visibility into what crosses these boundaries and a mechanism to resolve whether or not a run ought to proceed, be noticed, or be stopped.

Cisco AI Protection provides safety with out disrupting the developer stream

The Cisco AI Protection integration for Google’s ADK is designed so as to add runtime safety controls with out forcing builders to rebuild their software round a separate safety workflow. As an alternative of making a parallel management airplane, it plugs into the ADK lifecycle builders are already utilizing.

Begin with two traces of code

For an area ADK agent, the quickest path is deliberately small:

from aidefense_google_adk import defend
agent = defend(agent, mode="implement")

That’s the easiest agent-level integration. You retain the ADK agent construction you have already got and connect coverage enforcement on to it.

Deploy the identical protected agent to Agent Runtime

As soon as the agent is protected, you should use the usual ADK deployment stream to run it on Agent Runtime: 

app = agent_engines.AdkApp(agent=agent)
remote_agent = shopper.agent_engines.create(
agent=app,
config={
“necessities”: [“google-cloud-aiplatform[agent_engines,adk]>=1.112”], “staging_bucket”: “gs://YOUR-STAGING-BUCKET”,
},
)

The essential element is that safety is hooked up earlier than deployment. The identical protected ADK agent can transfer from native improvement into Agent Runtime with out requiring a unique safety sample.

Why ADK is the precise integration level

Google ADK is a powerful seam for runtime safety as a result of it already defines clear lifecycle boundaries round mannequin and gear execution. These boundaries create pure inspection factors:

  • Earlier than a mannequin name
  • After a mannequin response
  • Earlier than a device name
  • After a device response

These are the moments the place agent conduct modifications. Untrusted immediate content material can form a device request. Software output can leak delicate information again into the mannequin. Runtime safety is best when it sits at these transitions as a substitute of being scattered throughout prompts and customized wrappers.

Two methods to connect safety in ADK


There are two most important integration patterns relying on whether or not you need shared app-wide controls or agent-specific safety.

 

1) App-level plugin

Use the plugin path once you need shared safety throughout the ADK app runtime.

plugin = defend(mode="implement")
app = App(identify="my_app", root_agent=agent, plugins=[plugin])

2) Agent-level callbacks

Use callbacks once you need safety hooked up on to a particular agent.

from aidefense_google_adk import make_aidefense_callbackscbs = make_aidefense_callbacks(mode="implement")
cbs.apply_to(agent)

Use the plugin for app-wide controls; use callbacks once you need agent-specific safety.

Monitor vs. implement

This distinction often issues most to each builders and platform groups.


For instance, a delicate information request could be noticed in monitor mode after which blocked in implement mode at tool_response, as a result of that’s the level the place the violation turns into seen. That distinction issues. Monitor helps groups perceive threat in a reside workflow. Implement turns the identical choice level right into a runtime management.

What a block choice appears like

That is what makes enforcement auditable for builders and safety groups. Determination: block

  • Stage: tool_response
  • Classification: PRIVACY_VIOLATION
  • Rule: PII

In easy phrases, this implies the request was allowed to proceed till the device returned delicate information, and the runtime blocked the stream on the level the place the violation turned seen. For builders, that is particularly helpful as a result of it explains not simply that a run was stopped, however the place the unsafe conduct surfaced.

From native ADK to Agent Runtime on Gemini Enterprise Agent Platform

Some of the sensible advantages of this integration is that the identical ADK software mannequin works throughout two environments:

  • Native ADK runs for quick improvement and iteration
  • Hosted Agent Runtime runs for managed deployment

That doesn’t imply each runtime floor appears equivalent on a regular basis. Hosted proof ought to nonetheless be handled as request-correlated information tied to a particular invocation, with logs used as supporting context. However the identical coverage mannequin follows the agent from native improvement into the hosted runtime. Groups don’t want one safety sample for native testing and one other for deployment. The identical runtime controls journey with the agent.

Constructed on the official Google’s ADK path

This integration makes use of the extension factors that Google’s ADK already offers as a substitute of asking builders to work across the framework. That issues for 2 causes:

  • It retains the appliance readable.
  • It makes the safety layer simpler to undertake in regular ADK workflows.

For groups evaluating platform match, that may matter as a lot because the coverage final result itself. Safety ought to really feel like a part of the framework lifecycle—not a parallel workflow bolted onto the aspect.

Why this integration issues

Google’s ADK and Gemini Enterprise Agent Platform make it simpler to maneuver from prototype to hosted agent runtime rapidly. That’s good for improvement pace, but it surely additionally means agent conduct can attain actual methods quicker. If runtime safety is simply too disruptive, groups will delay it. If it suits naturally into the ADK mannequin, lets groups begin in monitor mode, and offers a transparent path to implement, it turns into a lot simpler to maintain safety turned on because the agent matures.

Ultimate ideas

The worth of this integration comes all the way down to a easy mixture:

  • A small ADK integration floor
  • Dwell proof in each native ADK and hosted Agent Runtime
  • Clear runtime choices in monitor and implement modes
  • Deployment flexibility: groups can route calls both on to Cisco AI Protection or via Google Cloud’s Agent Gateway, relying on how they need to operationalize enforcement

That mixture turns agent safety from an summary requirement into one thing builders can consider rapidly and undertake with confidence.

Get began with Cisco AI Protection on Google ADK and Vertex Agent Engine

  • The quickest strategy to see the worth is to run the identical agent workflow in Monitor and Implement and examine what AI Protection does at runtime: what it flags, what it blocks, and the “blocked and why” choice hint.
  • Begin right here (reside demo runner):
  • If you wish to run it your self end-to-end, use the official Google ADK path and examine native vs hosted conduct with AI Protection enabled:
    • Google ADK + Vertex quickstart
    • Native Google ADK demo
    • Hosted Vertex AI Agent Engine demo
  • To get entry to an AI Protection analysis (together with API key), request a demo right here: cs.co/aidefensedemo

Get began with Cisco AI Protection on Google’s ADK and Agent Runtime

  • The quickest strategy to see the worth is to run the identical agent workflow in Monitor and Implement and examine what AI Protection does at runtime: what it flags, what it blocks, and the “blocked and why” choice hint.
  • Begin right here (reside demo runner):

  • If you wish to run it your self end-to-end, use the official Google’s ADK path and examine native vs hosted conduct with AI Protection enabled.

  • To get entry to an AI Protection analysis (together with API key), request a demo right here: https://www.cisco.com/c/en/us/products/security/ai-defense/request-demo.html?linkclickid=primary

Why this issues

Google’s ADK is the framework for constructing tool-using brokers and Agent Runtime is the managed runtime to deploy them. Cisco AI Protection Runtime Safety is designed to observe that very same path, so the identical runtime coverage enforcement applies in native improvement and in hosted execution on Agent Runtime.

Google ADK demoGoogle ADK demo