News Daily Nation Digital News & Media Platform

collapse
Close menu
×
Home / Daily News Analysis / Cisco open-sources agentic AI security spec

Cisco open-sources agentic AI security spec

May 29, 2026  Twila Rosenbaum  10 views
Cisco open-sources agentic AI security spec

Cisco has turned over an internally developed specification for agentic AI security evaluation to the GitHub open-source community. The Foundry Security Spec is meant to be used with GitHub's spec-kit, which is an industry-wide set of development workflows that can be used with different AI agents. The idea is to help customers and the industry create a common framework for evaluating and governing AI agents used in cybersecurity, according to Anthony Grieco, senior vice president and chief security officer at Cisco.

“I’ve said this for many years: Cybersecurity is a team sport,” Grieco said in a prerecorded video about the news. “We’ve all got to come together and work together for a better collective defense. This is one really demonstrable way where we’re trying to raise the bar for everybody and share our knowledge, through this. And so giving folks access to this felt really important.”

While frontier models identify vulnerabilities at machine-speed, most security teams haven’t built a great process or have enough manpower to verify findings, and that’s where Foundry comes in, Grieco said. “Every security team with access to a frontier LLM has tried the same thing at least once: toss a report at the model and ask it to ‘find the bugs.’ The result is usually a wall of unbounded, unverifiable output that mixes sharp insights with hallucinated findings, with no way to know what was missed or when you’re actually done,” wrote Omar Santos, a distinguished engineer at Cisco focusing on AI security, cybersecurity research, incident response, and vulnerability disclosure, in a blog post about Foundry.

“A full agentic system like Foundry Security Spec is the antidote to that chaos: it wraps the model in orchestration, roles, and guardrails so that detection, validation, and coverage are designed up front instead of improvised in a chat window. The difference is stark—one is an interesting demo; the other is a security evaluation system you can defend in front of your CISO and your auditors,” Santos wrote.

“It’s really also important to note, users don’t have to wait for Mythos or the GPT-5.5 Cyber access to make use of this [protective software infrastructure surrounding an AI model] harness. It’s model agnostic,” Grieco said.

According to Santos, Foundry Security Spec is the scaffolding that turns a frontier LLM from “an interesting demo against your codebase” into a security evaluation system that produces:

  • A bounded, prioritized, verifiable set of findings.
  • A clear “done” signal and the conjunction of an operator-defined coverage floor and an economic yield threshold.
  • An auditable provenance chain from detection through triage, validation, and publication.
  • Safety guardrails that assume the model will, at some point, try to do the wrong thing; and constrain it at the substrate, not the prompt.

Foundry is published as two main artifacts and a set of supporting documents. The “spec” artifact includes eight core agent roles, such as orchestrator, indexer, cartographer, and detector; five extension roles; the finding lifecycle; the coordination substrate; and roughly 130 functional requirements, each with an inline rationale explaining why it exists, according to Grieco. The “constitution” artifact incudes 11 firmly defined principles, each of which encodes a real production failure we shipped, diagnosed, and fixed, Grieco stated.

A common question is whether this spec will become obsolete as LLMs evolve, Santos noted. “The answer is it was designed not to be,” he wrote. “Foundry Security Spec is built on functional requirements and roles, not specific model parameters. Whether you are using today’s frontier models or the more complex reasoning agents of tomorrow, the need for an orchestrator, a detector, and a validator will remain constant. The spec is designed to be the stable harness that keeps your security evaluation consistent, regardless of the ‘engine’ under the hood.”

The Foundry specification works hand-in-hand with another Cisco-contributed open-source technology, CodeGuard. Project CodeGuard is a security framework that builds secure-by-default rules into AI coding workflows, according to Cisco. It offers a community-driven ruleset, translators for popular AI coding agents, and validators to help teams enforce security automatically.

“Project CodeGuard is designed to integrate seamlessly across the entire AI coding lifecycle. Before code generation, rules can be used for the design of a product and for spec-driven development. Customers can use the rules in the “planning phase” of an AI coding agent to steer models toward secure patterns from the start. During code generation, rules can help AI agents to prevent security issues as code is being written. After code generation, AI agents like Cursor, GitHub Copilot, Codex, Windsurf, and Claude Code can use the rules for code review,” Santos wrote in a 2025 blog post when the project was introduced.

The rise of agentic AI in cybersecurity has been a major trend over the past few years. As large language models have become more capable, security teams have increasingly used them to automate tasks such as vulnerability detection, threat hunting, and incident response. However, with great power comes great responsibility: these models can produce convincing but inaccurate outputs, often referred to as hallucinations. Without a rigorous verification framework, organizations risk acting on false positives or missing real threats entirely. This is precisely the gap that Foundry aims to fill.

Cisco's move to open-source the specification is part of a broader industry push toward collaborative security. Many major technology companies have contributed to open-source security frameworks, recognizing that no single vendor can solve the problem alone. The Foundry Security Spec builds on lessons learned from Cisco's own security operations, which handle millions of alerts daily. By making the specification freely available, Cisco hopes to accelerate the adoption of reliable agentic AI evaluation practices across the entire cybersecurity community.

The specification's architecture is modeled on a separation of concerns: the eight core agent roles each have distinct responsibilities. The orchestrator manages the workflow, the indexer prepares the codebase for analysis, the cartographer maps dependencies, and the detector performs the actual vulnerability scanning. Extension roles like the triager and validator add layers of verification. This modular design allows teams to swap out components as needed or integrate with existing tools. For example, a company using a different vulnerability scanner can replace the detector role while keeping the rest of the pipeline intact.

Another key aspect is the finding lifecycle, which tracks each potential vulnerability from detection through triage, validation, and eventual publication. This creates an auditable trail that satisfies compliance requirements and builds trust in the system's outputs. The coordination substrate provides a message-passing layer that ensures agents communicate reliably, even if some components fail. This kind of resilience is essential for production security workflows where uptime and consistency are paramount.

Cisco's commitment to open source in this area dates back to earlier projects like the OpenC2 standard and the Security Assertion Markup Language (SAML) contributions. The company has also been active in the Open Cybersecurity Alliance and the OASIS consortium. The Foundry Security Spec is seen as a natural extension of these efforts, applying the same principles to the emerging field of agentic AI. By releasing the spec on GitHub, Cisco invites feedback and contributions from the global security community, which can help refine the specification and ensure it remains relevant as AI technology evolves.

In practical terms, a security team using Foundry would first set up an environment containing the target codebase and the AI model they wish to evaluate. The orchestrator agent would then launch a series of agents: the indexer builds a searchable representation of the code, the cartographer maps dependencies and data flows, and the detector uses the model to look for known vulnerability patterns. Each finding is recorded with metadata about its severity, location, and confidence level. The triager role then prioritizes findings based on risk, while the validator attempts to confirm them with additional techniques such as fuzzing or symbolic execution. Finally, the reporter agent compiles a structured report that can be directly fed into ticketing systems or dashboards.

The integration with Project CodeGuard provides an additional layer: while CodeGuard focuses on preventing security issues during code generation, Foundry focuses on evaluating existing code and AI-generated outputs. Together, they form a complete pipeline for secure AI-assisted development. CodeGuard's rules can be used at the planning stage to guide AI coding agents toward safe patterns, and then Foundry can verify that the resulting code meets security standards before deployment. This end-to-end approach addresses the entire lifecycle, from initial design to final validation.

The industry response to the announcement has been largely positive. Security analysts and practitioners have praised Cisco for taking a practical, vendor-neutral approach that avoids proprietary lock-in. The spec's emphasis on auditable provenance and economic yield thresholds—ensuring that the cost of verifying findings does not exceed the value of the vulnerabilities discovered—has been particularly well received. Some critics have pointed out that the spec is still relatively new and may need time to mature, but the open-source model should accelerate improvements.

Cisco has also committed to using Foundry internally and plans to share case studies and best practices as the community grows. The company's own security team, which monitors one of the largest networks in the world, will be an early adopter. This real-world validation will be crucial for convincing other organizations to adopt the framework. The Foundry Security Spec is available now on GitHub under a permissive license, and Cisco encourages security teams, researchers, and tool vendors to experiment with it and provide feedback.

In summary, the Foundry Security Spec represents a significant step toward making agentic AI a reliable and trustworthy component of modern cybersecurity operations. By providing a common framework for evaluation and governance, Cisco is helping to bridge the gap between the raw power of large language models and the rigorous verification that security requires. The open-source nature ensures that the entire industry can benefit from these advances, and the integration with Project CodeGuard offers a comprehensive solution for secure AI development. As the adoption of AI in security continues to accelerate, frameworks like Foundry will become essential for maintaining trust and effectiveness.


Source: Network World News


Share:

Related posts
Your experience on this site will be improved by allowing cookies Cookie Policy

These cookies are essential for the website to function properly.

These cookies help us understand how visitors interact with the website.

These cookies are used to deliver personalized advertisements.