Tue 29th Apr, 2025
Cisco has announced the launch of Foundation AI, an open-source reasoning model designed specifically for IT security applications. This innovative tool is engineered to seamlessly integrate into existing security frameworks, enabling businesses to swiftly and accurately address queries with its robust architecture featuring eight billion parameters.
Developed under the guidance of Cisco’s Chief Product Officer, Jeetu Patel, Foundation AI was trained using a dataset comprising 200 billion tokens based on the Llama 3 framework. The objective behind this development was to create a compact yet powerful model suitable for smaller operational environments, capable of running on Nvidia A100 hardware. However, Cisco has not disclosed a specific release date for this model.
In addition to Foundation AI, Cisco is enhancing its AI Defense monitoring software by incorporating risk management features related to the supply chain of AI applications. This upgrade aims to empower organizations to identify and block malicious AI models before they are deployed. The AI Defense tool will not only detect embedded malware or tampered datasets but will also verify the licensing conditions of language models. This functionality is crucial for preventing the use of models that could pose risks to intellectual property and compliance due to their licensing terms. Furthermore, the software will enable the identification and blocking of models originating from geopolitically sensitive regions.
Cisco’s XDR (Extended Detection and Response) application is also receiving significant enhancements with the introduction of agent-based AI for the detection and response to security threats. This integration is designed to alleviate the workload on security teams, allowing for faster implementation of countermeasures. The feature known as Instant Attack Verification utilizes data from various sources, including the Splunk monitoring platform, endpoints, and network data. This capability enables Cisco XDR to automatically generate forensic plans and analyze incidents. In the event of a confirmed security breach, the tool provides actionable recommendations for security analysts and can autonomously initiate mitigation actions, such as triggering API responses to firewalls to isolate compromised endpoints into a quarantine VLAN.
Furthermore, Cisco XDR will generate a flowchart for each incident, visually representing attacks and facilitating decision-making processes. This visualization includes well-organized graphical data and a timeline of events related to the incident, along with a summary that clarifies the attack and its automatic evaluation. This feature is particularly beneficial in correlating firewall events with endpoint security solutions, with Cisco reporting an 85% success rate in identifying critical incidents.
Starting in June 2025, the upcoming version 8.1 of Splunk Enterprise Security (ES) will feature updates designed to enhance the detection of both known and unknown security vulnerabilities. Additionally, improvements will be made to integrated and automated workflows, assisting analysts in Security Operations Centers (SOCs) with their tasks. Cisco is also expanding its offerings in the realm of Operational Technology (OT) security. The Cyber Vision platform, which monitors OT environments, will receive a vulnerability management system and integration with Splunk Asset and Risk Intelligence, aimed at assessing security risks within OT networks. Furthermore, Cisco Secure Firewalls will introduce automated network segmentation for industrial networks, although the company has yet to provide further details on this initiative.
Moreover, Cisco is broadening its collaboration with ServiceNow in the security domain, with plans to integrate Cisco AI Defense into ServiceNow’s Security Operations. This integration is intended to help clients identify potential vulnerabilities and security incidents within their AI applications, thereby streamlining workflows and automations for SOC teams.
