Cisco has taken a significant step forward in the realm of artificial intelligence security by open-sourcing its internally developed specification for evaluating agentic AI. The Foundry Security Spec, now available on GitHub, is designed to work with the platform's spec-kit, an industry-wide set of development workflows compatible with various AI agents. The move is intended to help customers and the broader industry establish a common framework for evaluating and governing AI agents used in cybersecurity, according to Anthony Grieco, senior vice president and chief security officer at Cisco.
"I've said this for many years: Cybersecurity is a team sport," Grieco stated in a prerecorded video about the announcement. "We've all got to come together and work together for a better collective defense. This is one really demonstrable way where we're trying to raise the bar for everybody and share our knowledge through this. And so giving folks access to this felt really important."
While frontier models can identify vulnerabilities at machine speed, most security teams lack the processes or manpower to verify those findings. Foundry aims to bridge that gap by providing a structured evaluation system that wraps the model in orchestration, roles, and guardrails. Omar Santos, a distinguished engineer at Cisco focusing on AI security, explained in a blog post that the spec produces a bounded, prioritized, verifiable set of findings, a clear "done" signal, an auditable provenance chain, and safety guardrails that constrain the model at the substrate level rather than relying solely on prompts.
The Foundry Security Spec is published as two main artifacts and supporting documents. The "spec" artifact includes eight core agent roles—orchestrator, indexer, cartographer, detector, and others—along with five extension roles, a finding lifecycle, a coordination substrate, and roughly 130 functional requirements, each with an inline rationale. The "constitution" artifact comprises 11 firmly defined principles, each encoding a real production failure that was shipped, diagnosed, and fixed. Santos noted that the spec is designed not to become obsolete as LLMs evolve, since it is built on functional requirements and roles rather than specific model parameters. The need for an orchestrator, detector, and validator will remain constant regardless of the underlying model.
Cisco's Foundry specification works hand-in-hand with Project CodeGuard, another Cisco-contributed open-source technology. CodeGuard is a security framework that builds secure-by-default rules into AI coding workflows. It offers a community-driven ruleset, translators for popular AI coding agents, and validators to help teams enforce security automatically. Together, these tools provide a comprehensive approach to securing the entire AI lifecycle—from design and planning to code generation and review.
The release of Foundry comes at a time when agentic AI is becoming increasingly prevalent in cybersecurity operations. Agentic systems can autonomously perform tasks such as scanning codebases for vulnerabilities, generating patches, and even conducting penetration tests. However, the lack of standardized evaluation frameworks has led to inconsistent and often unreliable results. Many security teams have tried using frontier LLMs to find bugs by tossing a report at the model, only to receive a wall of unbounded, unverifiable output mixed with sharp insights and hallucinated findings—with no way to determine what was missed or when the analysis is complete.
Foundry addresses these challenges by providing a structured evaluation process that includes detection, validation, and coverage from the outset. The spec is model agnostic, meaning users do not need specific access to frontier models like Anthropic's Mythos or OpenAI's GPT-5.5-Cyber to benefit from the harness. This accessibility ensures that even teams with limited resources can adopt the framework and improve their security posture.
Grieco emphasized that the open-source nature of Foundry is crucial for fostering collaboration across the industry. By sharing Cisco's knowledge and experience, the company hopes to accelerate the development of secure AI systems and reduce the risk of catastrophic failures. The spec is already being used internally at Cisco and has been tested against a variety of models and scenarios.
The broader context of this announcement is the rapid growth of agentic AI in cybersecurity. According to industry reports, the market for AI-driven security solutions is expected to reach billions of dollars in the coming years, driven by the increasing complexity of cyber threats and the shortage of skilled professionals. Agentic systems promise to automate many routine tasks, but they also introduce new risks, such as the possibility of the AI taking unintended actions or being manipulated by adversaries. A robust evaluation framework like Foundry is essential for building trust in these systems and ensuring they operate safely and effectively.
Cisco's decision to open-source Foundry aligns with its long-standing commitment to open standards and community-driven innovation. The company has a history of contributing to open-source projects, including the development of the Cisco Security Suite and various networking tools. By providing the spec as a public good, Cisco aims to set a baseline for agentic AI security that can be adopted and adapted by organizations of all sizes.
Looking ahead, Santos noted that the spec will continue to evolve as new threats and technologies emerge. The current version is designed to be extensible, allowing users to add custom roles, principles, and requirements. Cisco plans to actively maintain the repository on GitHub, incorporating feedback from the community and updating the spec to address emerging challenges.
In summary, Cisco's open-sourcing of the Foundry Security Spec represents a significant milestone in the field of AI security. It provides a practical, tested framework for evaluating agentic AI systems in cybersecurity, helping organizations move from chaotic, hallucination-prone demos to reliable, auditable security evaluations. By sharing this knowledge openly, Cisco is not only enhancing its own products but also contributing to the collective defense of the digital ecosystem.
The spec is available now on GitHub under the Foundry Security Spec repository, along with documentation and examples to help teams get started. With the integration of Project CodeGuard, users have a comprehensive toolkit for building secure AI agents from the ground up.
Source: Network World News