Cisco has taken a major step toward standardizing the security evaluation of artificial intelligence agents by releasing its internally developed Foundry Security Specification to the open-source community on GitHub. The move is designed to help security teams and the broader industry create a common, repeatable framework for assessing and governing AI agents—especially those tasked with cybersecurity functions. The specification works alongside GitHub's spec-kit, a collection of development workflows that can be adapted to various AI agents. By sharing this knowledge, Cisco aims to elevate collective defense practices and address one of the most pressing challenges in modern cybersecurity: how to trust the output of advanced large language models when they are used to find software vulnerabilities.
Anthony Grieco, senior vice president and chief security officer at Cisco, emphasized the collaborative nature of the initiative. In a video statement, he noted that cybersecurity has always been a team sport and that the industry must come together to raise the bar for everyone. The Foundry Security Spec is one concrete way Cisco is trying to share its experience and help organizations move beyond ad hoc testing with frontier LLMs. The specification provides a structured approach that wraps AI models in orchestration, roles, and guardrails, ensuring that detection, validation, and coverage are designed upfront rather than improvised in a chat window.
The Challenge of Unverified AI Findings
Many security teams have experimented with cutting-edge language models such as Anthropic's Mythos or OpenAI's GPT-5.5-Cyber by feeding them vulnerability reports and asking them to identify bugs. The typical result, according to Cisco distinguished engineer Omar Santos, is a wall of unbounded, unverifiable output that mixes genuine insights with hallucinated findings. There is no clear way to know what was missed or when the analysis is truly complete. The Foundry Security Spec is intended to be the antidote to that chaos, transforming an interesting demo into a production-grade security evaluation system that can be defended in front of CISOs and auditors.
The specification is designed to be model agnostic. Users do not need to wait for specific frontier models—they can apply Foundry with any LLM. This flexibility is critical because the landscape of AI agents is evolving rapidly, and organizations need a stable framework that will not become obsolete as models improve. Santos wrote that Foundry is built on functional requirements and roles—not specific model parameters—so the need for an orchestrator, a detector, and a validator will remain constant, regardless of the engine under the hood.
Components of the Foundry Security Spec
The Foundry Security Spec is published as two main artifacts and a set of supporting documents. The first artifact, called the "spec," includes eight core agent roles: orchestrator, indexer, cartographer, detector, and others. It also defines five extension roles, a detailed finding lifecycle, a coordination substrate for agent communication, and roughly 130 functional requirements. Each requirement includes an inline rationale explaining why it exists, which helps implementers understand the design decisions. The second artifact is a "constitution" consisting of 11 firmly defined principles, each encoding a real production failure that Cisco shipped, diagnosed, and fixed.
Together, these components ensure that an agentic security system produces a bounded, prioritized, and verifiable set of findings. The system yields a clear "done" signal based on an operator-defined coverage floor combined with an economic yield threshold. Every step—from detection through triage, validation, and publication—is recorded in an auditable provenance chain. Safety guardrails are built into the substrate itself, assuming the model will eventually try to do the wrong thing, and constraining it at the infrastructure level rather than relying solely on prompts.
Relationship with Project CodeGuard
The Foundry specification works hand in hand with another Cisco-contributed open-source technology, Project CodeGuard. CodeGuard is a security framework that enforces secure-by-default rules in AI coding workflows. It provides a community-driven ruleset, translators for popular AI coding agents, and validators that automatically enforce security policies. The integration between Foundry and CodeGuard means that security evaluations can be woven into the entire AI coding lifecycle—from planning and design to code generation and post-generation review. For example, during the planning phase, CodeGuard rules can steer models toward secure patterns; during code generation, they can prevent issues; and after code generation, agents like Cursor, GitHub Copilot, and Claude Code can use the rules for code review.
This holistic approach reflects Cisco's broader strategy to embed security into every stage of software development and AI deployment. As organizations increasingly rely on AI agents to accelerate development and find vulnerabilities, the need for verifiable, auditable security evaluation becomes paramount. The Foundry Security Spec addresses that need by providing a stable harness that keeps evaluations consistent, regardless of how advanced the underlying models become.
Industry Implications and the Future of Agentic AI Security
Cisco's decision to open-source Foundry could have significant implications for the cybersecurity industry. By offering a common framework, the company hopes to encourage standardization in how AI agents are tested and governed. This is particularly important as frontier models gain the ability to identify vulnerabilities at machine speed, but security teams often lack the manpower or processes to verify those findings. Foundry helps bridge that gap by providing a repeatable methodology that combines human oversight with automated validation.
The specification also addresses a growing concern among CISOs and regulators: the need for accountability in AI-driven security decisions. When an AI agent flags a potential vulnerability, there must be a clear chain of evidence that the findings were properly triaged, validated, and prioritized. Foundry's auditable provenance chain provides exactly that, making it easier for organizations to defend their security practices to internal stakeholders and external auditors.
Looking ahead, the open-source nature of Foundry invites collaboration from the broader community. Security researchers, developers, and enterprises can contribute to the spec, refine the principles, and build new tools that integrate with the framework. Cisco hopes that this collective effort will accelerate the development of trustworthy AI agents for cybersecurity, ultimately improving the resilience of the entire digital ecosystem. As Grieco stated, sharing knowledge and raising the bar for everyone is a concrete way to achieve better collective defense.
For teams eager to adopt Foundry, the immediate next step is to explore the GitHub repository, review the core roles and functional requirements, and consider how to integrate the spec with existing security workflows. Whether an organization is using today's frontier LLMs or future reasoning agents, the Foundry Security Spec provides a stable, model-agnostic harness that can scale with the fast-evolving landscape of AI cybersecurity.
Source: Network World News