Cisco is open-sourcing the Foundry Security Spec, a model-agnostic and stack-agnostic blueprint for building agentic security evaluation systems. It addresses the problem of frontier LLMs producing hallucinated, unverifiable security findings by wrapping models in orchestration, defined roles, and guardrails. The spec defines eight core agent roles (Orchestrator, Indexer, Cartographer, Detector, Triager, Validator, Coverage-Guide, Reporter), eleven inviolable principles derived from real production failures, and ~130 functional requirements. It integrates with GitHub's spec-kit and pairs with Project CodeGuard (donated to the Coalition for Secure AI) to create a self-improving detection-to-prevention flywheel. The spec is intentionally a blueprint rather than turnkey code, designed to remain relevant as LLMs evolve since it is built on functional requirements and roles rather than specific model parameters.
Table of contents
An Open Specification for Agentic Security EvaluationThe Problem Foundry SolvesHow Defenders Can Use Foundry Security Spec to Test Their SoftwareA great starting pointWhy a specification and not the source?A genuine contribution to the communitySort: