Cisco has taken a major step toward standardizing the evaluation of agentic artificial intelligence in cybersecurity by open-sourcing its internally developed Foundry Security Specification. The move, announced on May 13, 2026, places the specification on GitHub under the open-source community, allowing customers and industry participants to contribute to and adopt a common framework for assessing and governing AI agents used in security operations.
The Foundry Security Spec is designed to integrate with GitHub's spec-kit, a set of development workflows that can be applied across different AI agents. Anthony Grieco, senior vice president and chief security officer at Cisco, explained that the goal is to help the industry create a unified approach to evaluating AI agents. "I've said this for many years: Cybersecurity is a team sport," Grieco noted in a prerecorded video. "We've all got to come together and work together for a better collective defense. This is one really demonstrable way where we're trying to raise the bar for everybody and share our knowledge, through this. And so giving folks access to this felt really important."
The specification addresses a critical pain point for security teams: while frontier large language models can identify vulnerabilities at machine speed, most organizations lack a robust process to verify those findings. Omar Santos, a distinguished engineer at Cisco focusing on AI security, highlighted this in a blog post. "Every security team with access to a frontier LLM has tried the same thing at least once: toss a report at the model and ask it to 'find the bugs.' The result is usually a wall of unbounded, unverifiable output that mixes sharp insights with hallucinated findings, with no way to know what was missed or when you're actually done," Santos wrote. He contrasted that chaos with the Foundry approach: "A full agentic system like Foundry Security Spec is the antidote to that chaos: it wraps the model in orchestration, roles, and guardrails so that detection, validation, and coverage are designed up front instead of improvised in a chat window. The difference is stark—one is an interesting demo; the other is a security evaluation system you can defend in front of your CISO and your auditors."
The Foundry Security Spec is model agnostic, meaning it can work with any frontier LLM, including Anthropic's Mythos and OpenAI's GPT-5.5-Cyber. According to Santos, the spec turns a frontier LLM from a mere demo into a security evaluation system that produces a bounded, prioritized, and verifiable set of findings. It provides a clear "done" signal based on an operator-defined coverage floor and an economic yield threshold. It also ensures an auditable provenance chain from detection through triage, validation, and publication. Safety guardrails are built in at the substrate level, assuming the model will eventually try to do the wrong thing.
The specification is published as two main artifacts and a set of supporting documents. The first artifact, known as the "spec," defines eight core agent roles: orchestrator, indexer, cartographer, detector, triager, validator, publisher, and auditor. Additionally, there are five extension roles. The spec includes the finding lifecycle, the coordination substrate, and roughly 130 functional requirements, each with an inline rationale explaining its purpose. The second artifact, the "constitution," comprises 11 firmly defined principles, each encoding a real production failure that Cisco shipped, diagnosed, and fixed. Grieco emphasized that this constitution ensures the framework learns from real-world security incidents.
A common question is whether the spec will become obsolete as LLMs evolve. Santos addressed this directly: "The answer is it was designed not to be. Foundry Security Spec is built on functional requirements and roles, not specific model parameters. Whether you are using today's frontier models or the more complex reasoning agents of tomorrow, the need for an orchestrator, a detector, and a validator will remain constant. The spec is designed to be the stable harness that keeps your security evaluation consistent, regardless of the 'engine' under the hood."
The Foundry specification complements another Cisco-contributed open-source project, CodeGuard. Project CodeGuard is a security framework that builds secure-by-default rules into AI coding workflows. It offers a community-driven ruleset, translators for popular AI coding agents, and validators to help teams enforce security automatically. CodeGuard integrates seamlessly across the entire AI coding lifecycle: before code generation, during code generation, and after code generation. Santos noted that during the planning phase, rules can steer models toward secure patterns. During code generation, rules can help AI agents prevent security issues. And after code generation, agents like Cursor, GitHub Copilot, Codex, Windsurf, and Claude Code can use the rules for code review.
The open-sourcing of Foundry Security Spec represents a significant shift in how the cybersecurity industry approaches AI agent governance. Traditionally, security teams have relied on ad hoc methods—tossing reports at models and hoping for the best. But as AI agents become more autonomous and pervasive, the need for a standardized evaluation framework grows. Cisco's move is reminiscent of earlier industry efforts to standardize vulnerability disclosure and incident response, such as the OWASP Top 10 or the CVSS scoring system. By contributing to GitHub's spec-kit, Cisco is embedding its framework into a broader ecosystem of development workflows, potentially accelerating adoption.
Grieco noted that users do not have to wait for access to frontier models like Mythos or GPT-5.5-Cyber to benefit from Foundry. The protective software infrastructure, or harness, is model agnostic and can be used with any agentic system. This flexibility is crucial as the AI landscape evolves rapidly, with new models emerging frequently. Cisco's commitment to open source also signals a belief that collective defense is stronger than proprietary solutions. By sharing the specification, Cisco invites contributions from security researchers, developers, and enterprises worldwide, fostering a community-driven approach to AI security evaluation.
From a technical perspective, the Foundry spec's 130 functional requirements are categorized into core functions such as detection, validation, and coordination. The coordination substrate ensures that different agents—whether indexers, detectors, or validators—work together in a consistent manner. The finding lifecycle defines how a potential vulnerability moves from initial detection through triage, validation, and ultimately to publication or remediation. This structured approach reduces the noise and false positives that plague many AI-driven security tools.
The constitution's 11 principles are particularly noteworthy. They encode real-world failures, meaning each principle is not a theoretical abstraction but a lesson learned from actual production incidents. For example, one principle might address the handling of ambiguous findings or the need for human oversight in critical decisions. By grounding the constitution in practical experience, Cisco ensures that the framework remains relevant and actionable.
Industry observers see this move as a competitive differentiator for Cisco in the AI security market. As enterprises increasingly adopt agentic AI for tasks ranging from code generation to threat hunting, the ability to evaluate and trust those agents becomes paramount. Cisco's Foundry spec provides a transparent, community-vetted methodology that can instil confidence in AI-driven security operations. It also aligns with broader regulatory trends, as governments and industry bodies begin to call for explainable and auditable AI systems.
In summary, Cisco's open-sourcing of the Foundry Security Spec marks a milestone in the journey toward standardized AI agent governance in cybersecurity. By offering a model-agnostic, role-based, and constitution-anchored framework, Cisco is helping the industry move from chaotic experimentation to disciplined evaluation. The spec's integration with GitHub's spec-kit and its partnership with Project CodeGuard further underscore Cisco's commitment to building a secure, open ecosystem. As AI continues to reshape the security landscape, frameworks like Foundry will be essential for ensuring that innovation does not come at the cost of safety.
Source: Network World News