Cisco has taken a significant step toward democratizing AI security evaluation by open-sourcing its Foundry Security Spec, an internally developed specification designed to evaluate and govern agentic AI systems used in cybersecurity. The move, announced on May 13, 2026, aims to provide a common framework that enables security teams to systematically assess the effectiveness and reliability of AI agents, whether they rely on frontier models like Anthropic's Mythos or OpenAI's GPT-5.5-Cyber, or any other language model.
The Genesis of Foundry
The Foundry Security Spec originated from Cisco's internal need to create a structured, repeatable process for evaluating AI agents in security contexts. According to Anthony Grieco, senior vice president and chief security officer at Cisco, the spec is meant to raise the bar for collective defense by sharing knowledge across the industry. In a prerecorded video, Grieco emphasized that cybersecurity is a team sport and that open-sourcing the spec was a natural way to foster collaboration.
The spec is built around the concept of agentic AI—autonomous systems that can perform tasks such as vulnerability detection, triage, and validation without constant human oversight. While frontier LLMs can identify vulnerabilities at machine speed, most security teams lack the process or manpower to verify those findings. This gap is where Foundry comes in, providing a harness that wraps the model in orchestration, roles, and guardrails.
Core Components of the Spec
Omar Santos, a distinguished engineer at Cisco focusing on AI security, described the spec in a blog post as "the scaffolding that turns a frontier LLM from an interesting demo against your codebase into a security evaluation system." The spec is published as two main artifacts: the "spec" and the "constitution." The spec artifact includes eight core agent roles—such as orchestrator, indexer, cartographer, and detector—along with five extension roles, a finding lifecycle, a coordination substrate, and approximately 130 functional requirements, each with an inline rationale. The constitution artifact contains 11 firmly defined principles, each encoding a real production failure that Cisco shipped, diagnosed, and fixed.
The system is designed to produce a bounded, prioritized, verifiable set of findings; a clear "done" signal based on an operator-defined coverage floor and economic yield threshold; an auditable provenance chain from detection through publication; and safety guardrails that constrain the model at the substrate level rather than relying on prompts. Santos noted that the spec is model agnostic, meaning it works with today's frontier models and future reasoning agents alike.
Addressing the Verification Problem
One of the biggest challenges security teams face with AI-generated outputs is the mixture of sharp insights with hallucinated findings, leaving teams unsure of what was missed or when the work is truly complete. Foundry aims to eliminate this chaos by designing detection, validation, and coverage up front instead of improvising in a chat window. The difference, Santos argued, is stark: one is an interesting demo, the other is a security evaluation system defensible in front of a CISO and auditors.
The spec is published on GitHub using GitHub's spec-kit, an industry-wide set of development workflows that can be used with different AI agents. This integration allows customers to incorporate Foundry into their existing development pipelines without waiting for access to frontier models like Mythos or GPT-5.5-Cyber. Grieco emphasized that the protective software infrastructure surrounding the AI model—the "harness"—is what makes the system practical and scalable.
Relationship with CodeGuard
Foundry Security Spec works hand-in-hand with CodeGuard, another Cisco-contributed open-source technology. Project CodeGuard is a security framework that builds secure-by-default rules into AI coding workflows. It offers a community-driven ruleset, translators for popular AI coding agents, and validators to help teams enforce security automatically. CodeGuard integrates across the entire AI coding lifecycle: before code generation, rules guide design and spec-driven development; during code generation, they help prevent security issues; and after code generation, agents like Cursor, GitHub Copilot, Codex, Windsurf, and Claude Code can use the rules for code review.
The combination of Foundry and CodeGuard provides a holistic approach to AI security, covering both the evaluation of AI agents and the secure generation of code. This synergy reflects Cisco's broader strategy of embedding security into every stage of the AI lifecycle, from development to deployment.
Industry Context and Impact
The open-sourcing of Foundry comes amid a surge in AI-related security threats and a growing recognition that AI systems themselves need to be secured. As organizations increasingly deploy autonomous agents for tasks like vulnerability scanning, threat hunting, and incident response, the need for standardized evaluation frameworks becomes critical. Cisco's move positions it as a leader in this space, building on its history of contributing to open-source security tools and standards.
By providing a common specification, Cisco aims to reduce fragmentation in the AI security market and accelerate the development of safer agentic systems. The spec's functional requirements and roles are designed to remain relevant as LLMs evolve, ensuring that the harness stays stable regardless of the underlying model. This forward-looking design is essential in a field where model capabilities are advancing rapidly.
Santos noted that a common question is whether the spec will become obsolete as LLMs evolve. "The answer is it was designed not to be," he wrote. "Foundry Security Spec is built on functional requirements and roles, not specific model parameters. Whether you are using today's frontier models or the more complex reasoning agents of tomorrow, the need for an orchestrator, a detector, and a validator will remain constant."
The release of Foundry is particularly timely given the rise of agentic AI in cybersecurity. According to industry analysts, autonomous security agents can handle repetitive tasks at scale, but their outputs must be trustworthy. The Foundry spec provides a mechanism for building that trust by enforcing a disciplined evaluation process. It also sets a precedent for other vendors to follow, potentially leading to industry-wide standards for AI security evaluation.
Cisco's decision to open-source the spec underlines its commitment to transparency and collective defense. The company has a long history of contributing to open-source projects, from network automation tools to security frameworks. By sharing its internal knowledge, Cisco hopes to accelerate innovation and help security teams worldwide defend against increasingly sophisticated threats.
As the AI landscape continues to evolve, tools like Foundry and CodeGuard will become essential components of any security stack. They represent a shift from ad-hoc AI usage to structured, verifiable systems that can be audited and trusted. For security professionals, the message is clear: the future of cybersecurity lies not just in better models, but in better processes for using them.
Source: Network World News