Cisco´s new Foundation AI group has introduced a specialized large language model (LLM) for cybersecurity, open-sourced to include public access to its weights. The initiative is led by Yaron Singer, a former Harvard computer science professor and CEO of Robust Intelligence, which Cisco acquired in 2024. Singer, now Cisco´s vice president of Artificial Intelligence and security, assembled a team of engineers from Meta and Google to develop this LLM, training it on Meta´s Llama 3 and focusing exclusively on cybersecurity data.
The model, publicly released with open weights, is designed to address the unique challenges of cybersecurity data, which often lacks natural language structure and rapidly evolves with emerging threats and vulnerabilities. The Foundation AI group distilled open source data from 200 billion tokens down to a 5-billion-token dataset specifically relevant for cybersecurity. The resulting model is compact, capable of running on a single Nvidia A100 GPU for on-premises use—a notable cost and efficiency advantage for organizations. Cisco plans to integrate this LLM into its extended detection and response (XDR) product lineup, which now includes Artificial Intelligence-powered agents for attack verification and forensics, as well as visualization tools.
Industry analysts note the model´s potential for further customization using retrieval-augmented generation, making it attractive for organizations seeking tailored security tools without incurring prohibitive costs from larger vendors. However, some experts warn of challenges facing agentic Artificial Intelligence for security operations centers (SOCs), including scalability, compute costs, and alert processing rates. While the LLM could speed up SOC alert triage compared to human analysts, current estimates show that even with improved speeds, scalability and energy consumption remain concerns. There is also the inherent risk of open source models being used by adversaries to identify vulnerabilities, although proponents argue that similar tools are already in use by security practitioners within enterprises.
The emergence and release of domain-specific LLMs like Cisco´s marks a trend toward greater specialization as the initial wave of foundational Artificial Intelligence models reaches maturity. As more organizations experiment with open, fine-tunable security models in operational environments, the field is likely to see continued innovation and possibly increased mergers or acquisitions as their practical value is proven.
