Jakarta, INTI - Cisco introduced the Foundry Security Spec, an open source specification for building agentic AI-based security evaluation systems designed to help organizations face cybersecurity challenges in the era of artificial intelligence (AI).
The framework is designed to be model-agnostic and stack-agnostic so that it can be used in various AI models and different infrastructure environments according to the needs of each organization.
Cisco Aims for a More Effective Approach
Cisco Distinguished Engineer in AI Security, Omar Santos, said the company wants to help the cybersecurity community accelerate the threat detection and validation process more effectively through an AI-based approach.
He said that the cybersecurity operational model is now undergoing major changes as AI capabilities enable attackers to find security gaps at machine speed when many organizations still rely on manual processes and old systems.
Foundry Security Spec was developed to support the detection, validation, and security management process in a more structured manner through an agentic AI system equipped with orchestration, role division, and security guardrails.
The framework is designed for use with GitHub Spec-Kit as a specification-based development system compatible with a variety of AI agents.
Cisco explains that Foundry Security Spec consists of two main artifacts, which are "Spec" which contains eight core AI agent roles and around 130 functional requirements, and "Constitution" which contains eleven basic security principles based on real experience in production environments.
Through this approach, organizations are expected to be able to produce security findings that are more verified, prioritized, and auditable compared to conventional AI exploration methods that often produce false positives or inaccurate findings.
Cisco is also integrating Foundry Security Spec with Project CodeGuard, which was previously open-sourced and donated to the Coalition for Secure AI (CoSAI).
The integration enables a continuous learning process between security threat detection and prevention. Each new vulnerability discovered can be converted into new security rules to improve detection capabilities and secure coding in the next cycle.
Foundry Can be Used as a Blueprint
According to Cisco, the Foundry Security Spec is not a ready-to-use automated scanning tool, but rather a blueprint for an AI security evaluation system that organizations can adapt to their individual needs and threat models.
The company emphasized that responsibility for implementation and oversight remains with users, while the publicly disclosed specifications aim to accelerate the collaborative development of AI security systems in the global community. Cisco also opens access to the Foundry Security Spec repository via GitHub to support the development of an open agentic AI-based security ecosystem.
Conclusion
Cisco introduced the Foundry Security Spec, an open source framework based on agentic AI to help organizations build more structured and effective cybersecurity assessment systems. This model-agnostic and stack-agnostic framework is designed to support the detection, validation, and management of security threats through AI agent orchestration, role assignment, and security guardrails. Foundry Security Spec is not a ready-to-use automated scanning tool, but it is expected to help organizations generate more accurate, verifiable, and auditable security findings.
Read more: ChatGPT Officially Reaches 1 Billion Monthly Active Users Worldwide