Cisco Open-Sources Foundry Security Spec for AI Cyber Defense

Cisco has open-sourced the Foundry Security Spec, an agentic AI cybersecurity evaluation framework designed to generate verifiable, auditable, and structured security findings against machine-speed cyber threats. The release represents a strategic pivot from proprietary security tools toward community-driven standardization in AI-powered defense.

According to the official Cisco blog announcement, the specification is model-agnostic and stack-neutral, enabling compatibility across different large language models and infrastructure environments. This includes systems such as Anthropic Mythos and OpenAI GPT-5.5-Cyber.

The framework addresses a fundamental problem: traditional "find and patch" security workflows struggle against AI-driven attacks and hallucinated outputs from frontier LLMs. When security teams point an LLM at a repository and ask it to "find the bugs," they often receive a wall of unbounded, unverifiable output that mixes sharp insights with hallucinated findings, with no way to know what was missed or when they're actually done.

Foundry wraps AI models with structured orchestration, governance layers, and guardrails to produce bounded, prioritized, and verifiable findings with clear completion signals. The release includes two core components: Spec.md, which defines eight core agent roles, five extension roles, and nearly 130 functional requirements; and Constitution.md, which outlines 11 inviolable principles derived from real-world failures encountered by Cisco.

Every principle in the Constitution artifact encodes a real production failure Cisco has shipped, diagnosed, and fixed. This design choice means when an engineer is tempted to weaken a principle for convenience, they encounter the cost of that decision before they make it (which is exactly the kind of friction that prevents security theater).

The eight core agent roles include Orchestrator, Indexer, Cartographer, Detector, Triager, Validator, Coverage-Guide, and Reporter. Each has a defined purpose, defined inputs and outputs, and a list of functional requirements with rationale. Organizations can implement them as subprocess loops, graph-based pipelines, serverless functions, or a bespoke harness. The shape transfers; the implementation is yours.

Foundry integrates with GitHub's spec-kit and can pair with Project CodeGuard to create a continuous detection-to-prevention cycle. Project CodeGuard, which Cisco open-sourced before Foundry Security Spec existed and donated to the Coalition for Secure AI (CoSAI), provides comprehensive security rules and agent skills that guide AI coding agents to generate more secure code automatically.

Independent reporting from SDxCentral confirms Cisco's unique positioning in this space. The networking giant is one of only a handful of entities Anthropic has deemed worthy of accessing the Mythos LLM, giving Cisco a temporary advantage over threat actors who lack similar model access.

Anthony Greco, chief security and trust officer at Cisco, noted in an accompanying fireside chat that the vendor's access to Mythos and GPT-5.5-Cyber showed a "material step forward in terms of the model and their capabilities from the foundational model providers." Peter Bailey, SVP and GM for security at Cisco, added that this time advantage is critical: "We've got to use that time advantage right now because once these models are in the hands of threat actors... then it's offense and defense, and frankly it always favors the attacker because you just have to be wrong once."

The physical reality of using Foundry differs markedly from typical AI security tools. Instead of typing a prompt into a chat window and waiting for a response, security teams run the seed through spec-kit, which gets the spec-driven project into a known, ready-to-work state. The AI agent builds the architecture based on the specification, producing findings with auditable provenance chains from detection through triage, validation, and publication.

Industry context matters here. Microsoft has introduced a competing agentic security system called MDASH, which combines more than 100 specialized AI agents to detect vulnerabilities across Windows infrastructure. According to CX Today, Microsoft's platform helped researchers find 16 new vulnerabilities across the Windows networking and authentication stack, including four Critical remote code execution flaws.

Unlike Microsoft's productized approach, Cisco's Foundry Security Spec is not a turnkey scanner. It still requires organization-specific implementation and human oversight. Omar Santos, a distinguished engineer at Cisco, stated: "As with any security tool, the responsibility for implementation, oversight, and final decision-making remains with the user. We provide the blueprint for the guardrails, but it's up to you to ensure that the 'human-in-the-loop' remains the final arbiter of security decisions."

The framework is designed to be picked up and adapted, not consumed as-is. It serves as the starting point of an organization's agentic security evaluation journey. The difference between Foundry and improvised chat-based security analysis is stark—one is an interesting demo; the other is a security evaluation system you can defend in front of your CISO and your auditors.

Whether organizations actually invest the engineering effort to implement Foundry properly remains the real question. Open-source specifications are easy to release; building production-grade agentic security systems around them is where the rubber meets the road. Most security teams will probably just keep using their existing tools until something breaks badly enough to force a change.

The Foundry Security Spec is available on GitHub for organizations ready to build auditable AI-driven security evaluation systems. Whether that's you or not depends on whether your security budget can absorb the implementation complexity.

Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt Connect on LinkedIn