Cisco has open-sourced its internally developed specification for agentic AI security evaluation, releasing the Foundry Security Spec to the GitHub community. This initiative is designed to help organizations create a common framework for evaluating and governing AI agents used in cybersecurity, addressing the growing challenges of verifying vulnerabilities identified by frontier large language models (LLMs) such as Anthropic's Mythos and OpenAI's GPT-5.5-Cyber.
The Foundry Security Spec is intended to be used with GitHub’s spec-kit, an industry-wide set of development workflows that can be integrated with various AI agents. According to Anthony Grieco, senior vice president and chief security officer at Cisco, the goal is to enable customers and the broader industry to collectively improve security evaluation practices. “Cybersecurity is a team sport,” Grieco stated in a prerecorded video about the release. “We’ve all got to come together and work together for a better collective defense. This is one really demonstrable way where we’re trying to raise the bar for everybody and share our knowledge, through this. And so giving folks access to this felt really important.”
While frontier models can identify vulnerabilities at machine speed, most security teams lack efficient processes or sufficient manpower to verify those findings. This gap is where Foundry comes into play. Omar Santos, a distinguished engineer at Cisco focusing on AI security, cybersecurity research, incident response, and vulnerability disclosure, explained in a blog post that every security team with access to a frontier LLM has likely tried to toss a vulnerability report at the model and ask it to find bugs. The result is often a wall of unbounded, unverifiable output that mixes sharp insights with hallucinated findings, leaving teams unsure of what was missed or when the process is complete. Santos described Foundry Security Spec as the antidote to that chaos, wrapping the model in orchestration, roles, and guardrails to ensure detection, validation, and coverage are designed upfront rather than improvised in a chat window. He emphasized that the difference is stark: one is an interesting demo, the other is a security evaluation system that can be defended in front of a CISO and auditors.
How Foundry Security Spec Works
Foundry Security Spec is model-agnostic, meaning users do not need to wait for access to specific frontier models like Mythos or GPT-5.5-Cyber to benefit from its capabilities. According to Grieco, the spec provides a protective software infrastructure, or harness, that surrounds an AI model and ensures consistent, verifiable results. The spec is published as two main artifacts along with a set of supporting documents. The first artifact, the “spec,” includes eight core agent roles: orchestrator, indexer, cartographer, detector, and others, plus five extension roles. It also defines the finding lifecycle, coordination substrate, and roughly 130 functional requirements, each with an inline rationale explaining why it exists. The second artifact, the “constitution,” contains 11 firmly defined principles, each encoding a real production failure that Cisco shipped, diagnosed, and fixed.
The spec is designed to produce a bounded, prioritized, and verifiable set of findings. It establishes a clear “done” signal based on an operator-defined coverage floor and an economic yield threshold. Additionally, it creates an auditable provenance chain that traces findings from detection through triage, validation, and publication. Safety guardrails are built into the system, assuming the model will at some point try to do the wrong thing, and constraining it at the substrate level rather than relying solely on prompt engineering.
Complementary Technology: Project CodeGuard
Foundry Security Spec works hand-in-hand with another Cisco-contributed open-source technology called Project CodeGuard. CodeGuard is a security framework that builds secure-by-default rules into AI coding workflows. It offers a community-driven ruleset, translators for popular AI coding agents, and validators to help teams enforce security automatically. According to Santos, CodeGuard integrates seamlessly across the entire AI coding lifecycle: before code generation, rules can guide design and spec-driven development; during code generation, they can prevent security issues as code is written; and after code generation, AI agents like Cursor, GitHub Copilot, Codex, Windsurf, and Claude Code can use the rules for code review. The combination of Foundry and CodeGuard provides a comprehensive approach to securing AI-driven development and evaluation.
Industry Context and Implications
The release of Foundry Security Spec comes at a time when agentic AI is rapidly transforming cybersecurity. Agentic AI refers to systems that can autonomously plan and execute tasks to achieve goals, often using LLMs as their reasoning cores. In security, these agents are used for tasks ranging from vulnerability discovery to incident response. However, the lack of standardized evaluation frameworks has hindered adoption and trust. Cisco’s open-source contribution aims to address that gap by providing a repeatable, auditable methodology that any organization can adopt, modify, and improve. The spec is built on functional requirements and roles, not specific model parameters, ensuring it remains relevant as LLMs evolve. Santos noted that whether teams are using today’s frontier models or future reasoning agents, the need for an orchestrator, detector, and validator will remain constant. Foundry is designed to be the stable harness that keeps security evaluation consistent, regardless of the underlying engine.
This move also reflects Cisco’s broader strategy to embed security into its networking and AI products. The company has been actively acquiring AI security startups and developing new tools to address emerging threats. The open-sourcing of Foundry aligns with Cisco’s commitment to open standards and community-driven innovation, similar to its past contributions to networking protocols and security frameworks. By sharing this specification publicly, Cisco hopes to accelerate the adoption of agentic AI in security while reducing the risks associated with unverified AI outputs.
For security teams, the practical benefits are significant. Foundry provides a clear methodology for evaluating AI agents, enabling teams to confidently use frontier LLMs for vulnerability detection without worrying about hallucinated findings or incomplete coverage. It also offers a path to compliance and audit readiness, as all findings are traceable through an auditable chain. Additionally, the model-agnostic nature of the spec means organizations are not locked into a single vendor’s AI platform; they can use Foundry with any compatible model, maintaining flexibility and avoiding vendor lock-in.
The open-source release on GitHub allows the community to contribute feedback, enhancements, and extensions to the spec. Cisco expects that this collaborative approach will lead to faster innovation and broader adoption. Early adopters include several large enterprises and security vendors who have already begun testing Foundry in their environments. The spec is available now under an open-source license, and Cisco has provided documentation, examples, and tools to help teams get started. As agentic AI continues to mature, frameworks like Foundry will become essential for ensuring that AI-driven security tools are both effective and trustworthy.
Source: Network World News