Cisco has taken a significant step toward standardizing how organizations evaluate and govern AI agents in cybersecurity by open-sourcing its internally developed Foundry Security Spec. Released through GitHub, the specification is designed to work with the industry-wide spec-kit framework, providing a common set of workflows that can be applied across different AI agents. The move reflects Cisco's belief that cybersecurity is a collaborative effort, as stated by Anthony Grieco, senior vice president and chief security officer at Cisco, who emphasized the need for collective defense in a prerecorded video announcing the news.
The Foundry Security Spec addresses a critical challenge faced by security teams today: while frontier large language models can identify vulnerabilities at machine speed, most teams lack the processes and manpower to verify those findings. The result is often a flood of unverified outputs that mix genuine insights with hallucinations, leaving teams unsure of what to trust or when they are done. The Foundry spec aims to replace that chaos with a structured, auditable system that wraps the model in orchestration, roles, and guardrails, turning a simple demo into a defensible security evaluation framework.
According to Omar Santos, a distinguished engineer at Cisco focusing on AI security, the spec is the proper scaffolding that transforms a frontier LLM from a tool that produces interesting outputs against a codebase into a system that generates bounded, prioritized, and verifiable findings. The spec produces a clear "done" signal based on an operator-defined coverage floor and economic yield threshold, along with an auditable provenance chain from detection through triage, validation, and publication. Safety guardrails are built in at the substrate level, constraining the model before it can act on erroneous or malicious instructions.
Core Components of the Foundry Security Spec
The Foundry Security Spec is published as two main artifacts along with a set of supporting documents. The first artifact, the spec itself, includes eight core agent roles: orchestrator, indexer, cartographer, and detector, among others. It also defines five extension roles, the finding lifecycle, the coordination substrate, and roughly 130 functional requirements, each with an inline rationale explaining why it exists. The second artifact is a constitution that contains 11 firmly defined principles, each encoding a real production failure that Cisco experienced, diagnosed, and fixed. These principles serve as guardrails to ensure that the system remains stable and reliable as models evolve.
A common question about the spec is whether it will become obsolete as LLMs advance. Santos addressed this by stating that the spec is built on functional requirements and roles, not specific model parameters. Whether using today's frontier models or more complex reasoning agents of the future, the need for an orchestrator, detector, and validator will remain constant. The spec is designed to be the stable harness that keeps security evaluation consistent regardless of the underlying engine.
Broader Context and Industry Implications
The open-sourcing of the Foundry Security Spec comes at a time when agentic AI is rapidly gaining traction in cybersecurity. Agentic AI refers to AI systems that can autonomously perform tasks, make decisions, and take actions without constant human oversight. While this capability offers immense potential for accelerating threat detection and response, it also introduces new risks, such as unintended actions, hallucinations, and security vulnerabilities. The Foundry spec aims to mitigate these risks by providing a standardized framework for evaluating and governing AI agents across different environments.
Cisco's move is part of a broader trend toward open-source collaboration in AI security. By making the spec available on GitHub, Cisco invites contributions from the global security community, fostering a collaborative approach to building and refining best practices. This aligns with the company's longstanding commitment to open-source projects and its belief that collective intelligence leads to more robust security solutions. The spec is designed to be model-agnostic, meaning it can work with any AI model, including Anthropic's Mythos and OpenAI's GPT-5.5-Cyber, without requiring organizations to wait for specific model access.
Complementary Technologies: Project CodeGuard
The Foundry specification works hand-in-hand with another Cisco-contributed open-source technology called Project CodeGuard. CodeGuard is a security framework that builds secure-by-default rules into AI coding workflows. It offers a community-driven ruleset, translators for popular AI coding agents, and validators to help teams enforce security automatically. The integration between Foundry and CodeGuard ensures that security is woven into the entire AI lifecycle, from design and planning through code generation and review. By using the rules in the planning phase, AI coding agents can be steered toward secure patterns from the start, preventing issues before they arise.
Cisco's contributions to open-source AI security are part of a larger strategy to position itself as a leader in the AI-driven cybersecurity market. The company has been investing heavily in AI and machine learning technologies, including the acquisition of Astrix to secure AI agents and the development of new tools for autonomous network operations. The Foundry spec and CodeGuard are expected to complement these efforts, providing customers with a comprehensive set of tools to manage the security implications of AI adoption.
In the coming months, Cisco plans to continue refining the Foundry Security Spec based on community feedback and real-world deployments. The company encourages security teams to download the spec, integrate it into their workflows, and contribute improvements back to the open-source community. As agentic AI becomes more pervasive, having a standardized evaluation framework will be critical for ensuring that these systems operate safely, reliably, and transparently.
Source: Network World News