Cisco has taken a significant step towards democratizing AI security by open-sourcing its Foundry Security Spec, an internally developed specification designed to evaluate and govern agentic AI in cybersecurity. The move, announced on May 13, 2026, places the technology into the GitHub open-source community, where it can be used with GitHub's spec-kit development workflows. Cisco's goal is to help customers and the broader industry establish a common framework for evaluating AI agents that are increasingly deployed in cybersecurity operations.

Anthony Grieco, senior vice president and chief security officer at Cisco, emphasized the collaborative nature of cybersecurity. In a prerecorded video, Grieco stated that cybersecurity is a team sport and that sharing knowledge through open-source contributions like Foundry raises the bar for collective defense. The spec addresses a critical gap: while frontier large language models (LLMs) can identify vulnerabilities at machine speed, most security teams lack the processes and manpower to verify findings effectively. Foundry provides the scaffolding to transform raw LLM outputs into actionable, verifiable security evaluations.

The Foundry Security Spec is published as two main artifacts along with supporting documents. The "spec" artifact includes eight core agent roles: orchestrator, indexer, cartographer, detector, and others. It also defines five extension roles, a finding lifecycle, a coordination substrate, and roughly 130 functional requirements, each with inline rationale explaining its purpose. The "constitution" artifact comprises 11 firmly defined principles, each encoding a real production failure that was shipped, diagnosed, and fixed by Cisco's team. These principles ensure that the spec remains grounded in practical, real-world experiences rather than theoretical constructs.

Omar Santos, a distinguished engineer at Cisco focusing on AI security, elaborated on the spec's value in a blog post. He noted that many security teams have tried to use frontier LLMs by simply tossing a report at the model and asking it to find bugs. The result is often a wall of unbounded, unverifiable output mixing sharp insights with hallucinated findings, with no clear indication of what was missed or when the evaluation is complete. Foundry wraps the model in orchestration, roles, and guardrails, ensuring that detection, validation, and coverage are designed upfront. This transforms an interesting demo into a security evaluation system that can be defended in front of a CISO and auditors.

One key feature of Foundry is its model-agnostic nature. Users do not need to wait for specific frontier models like Anthropic's Mythos or OpenAI's GPT-5.5 Cyber to benefit from the spec. It can work with any LLM, making it accessible to a wide range of security teams. The spec's outputs include a bounded, prioritized, verifiable set of findings; a clear "done" signal based on an operator-defined coverage floor and economic yield threshold; an auditable provenance chain from detection through triage, validation, and publication; and safety guardrails that constrain the model at the substrate level rather than just at the prompt layer.

The development of Foundry reflects Cisco's deep investment in AI security. The company has been at the forefront of integrating AI into its networking and security products, and the Foundry spec builds on that momentum. It also complements another Cisco-contributed open-source technology, Project CodeGuard, which is a security framework that builds secure-by-default rules into AI coding workflows. CodeGuard offers a community-driven ruleset, translators for popular AI coding agents, and validators to help teams enforce security automatically. Foundry and CodeGuard work hand-in-hand, covering both the evaluation of AI agents and the secure coding practices that underpin them.

The Foundry spec is designed to remain relevant as LLMs evolve. Santos explained that it is built on functional requirements and roles, not specific model parameters. Whether using today's frontier models or more complex reasoning agents of the future, the need for an orchestrator, detector, and validator will remain constant. The spec serves as a stable harness that keeps security evaluation consistent regardless of the underlying engine. This forward-looking design ensures that organizations can invest in the framework without worrying about obsolescence with each new generation of AI models.

Cisco's open-source contribution comes at a time when the cybersecurity industry is grappling with the rapid adoption of agentic AI. Agentic AI refers to systems that can autonomously perform tasks, such as scanning codebases for vulnerabilities, triaging alerts, and even patching systems. However, these agents also introduce new risks, including the potential for hallucinated findings, lack of explainability, and difficulty in auditing decisions. Foundry provides a structured approach to mitigate these risks by enforcing roles, workflows, and guardrails that ensure agents operate within defined boundaries.

The spec's eight core agent roles each have distinct responsibilities. The orchestrator manages the overall evaluation workflow, the indexer prepares code repositories for analysis, and the cartographer maps the attack surface. Other roles include detector, validator, triager, reporter, and archiver. These roles can be combined or extended with five additional extension roles to accommodate specific use cases. The finding lifecycle ensures that every discovered issue is tracked from initial detection through validation and publication, creating a clear chain of custody.

By open-sourcing Foundry, Cisco is aiming to accelerate industry-wide adoption of best practices for AI security evaluation. The spec is available on GitHub, and the company encourages contributions from the community. This collaborative approach aligns with Cisco's broader strategy of fostering open ecosystems in networking and security. The hope is that Foundry will become a de facto standard for evaluating AI agents, much like how certain frameworks have standardized vulnerability scanning or incident response.

In summary, Cisco's Foundry Security Spec represents a major advancement in the practical application of AI for cybersecurity. It addresses the chaos of unverified LLM outputs by providing a robust, role-based framework that ensures thorough, auditable, and reliable security evaluations. With its open-source nature and model-agnostic design, Foundry has the potential to become a cornerstone of agentic AI security, empowering organizations to harness the power of frontier LLMs without sacrificing trust or accuracy. The combination of Foundry and Project CodeGuard creates a comprehensive ecosystem for secure AI development and evaluation, from code generation to vulnerability detection.

Source: Network World News