Cisco Open-Sources Foundry Security Spec: Agentic AI Framework for Verifiable Cybersecurity

Cisco has open-sourced its Foundry Security Spec, a blueprint for AI-powered cybersecurity evaluation that helps organizations move from noisy, unverifiable alerts to structured, auditable security findings.

This initiative is designed to counter machine-speed vulnerabilities introduced by frontier AI models and empower defenders globally.  

What Is the Foundry Security Spec?

• Open-source specification for building agentic security evaluation systems.
• Model-agnostic and stack-neutral → works with any large language model (LLM) or infrastructure.
• Published as two artifacts:
  • Spec.md → defines 8 core agent roles, 5 extension roles, ~130 functional requirements.
  • Constitution.md → 11 inviolable principles tied to real-world failures Cisco encountered.

Why It Matters

• Traditional “find and patch” cycles can’t keep pace with attackers exploiting vulnerabilities at machine speed.
• Frontier LLMs often produce hallucinated findings and unbounded outputs.
• Foundry’s solution: Wraps AI models in orchestration, roles, and guardrails → ensures bounded, prioritized, verifiable findings with clear “done” signals.

How Defenders Can Use It

• Integration with GitHub’s spec-kit → enables spec-driven workflows.
• Pairing with Project CodeGuard → creates a detection-to-prevention flywheel:
  • Foundry’s exploratory agents detect novel vulnerabilities.
  • CodeGuard rules generalize these into reusable protections.
  • Future scans catch entire bug classes upfront, preventing issues at the keystroke.

Key Features at a Glance

Feature	Benefit
Agent roles	Structured orchestration for detection, validation, reporting
Constitution principles	Guardrails based on real-world failures
Auditable provenance	Traceable chain from detection to publication
Coverage signals	Clear thresholds for completion
Model-agnostic design	Works across Anthropic’s Mythos, OpenAI GPT-5.5-Cyber, and future LLMs

Global Impact

• Collaborative defense: Cisco emphasizes cybersecurity as a “team sport.”
• Standardization trend: Aligns with initiatives like OpenAI’s Daybreak, signaling shared benchmarks in AI security.
• Community-driven: Available on GitHub, inviting contributions from developers and security teams worldwide.

Risks & Considerations

• Not a turnkey scanner → requires adaptation to each organization’s environment.
• Human oversight essential → AI agents must remain under governance of skilled professionals.
• Implementation responsibility lies with adopters; Cisco provides the blueprint, not a managed service.

Next Steps

• Explore the GitHub repository to adapt Foundry for your environment.
• Pair with Project CodeGuard for continuous detection-prevention cycles.
• Follow Cisco’s AI security initiatives to stay aligned with evolving standards.