Join our daily and weekly newsletters to obtain the latest updates and exclusive content on the coverage of the industry leader. Get more information
With cyber attacks that accelerate at the speed of the machine, large open source language models (LLMS) have quickly become the infrastructure that allows new companies and global cyber security leaders to develop and deploy adaptive defenses agastas agastas respond.
The initial advantages of Freeurce LLMS of faster marketing time, greater adaptability and a lower cost have created a scalable and safe base to deliver infrastructure. At the RSAC 2025 Conference last week, Cisco, Meta and Project Discovery announced new LLM of open source and an innovation of the community -driven attack surface that together define the future of the open source in cyber security.
One of the key conclusions of this year’s RSAC is the change in open source LLMs to extend and strengthen the scale infrastructure.
Open source AI is in the hive of delivering what many cyber security leaders have asked for years, which is the capacity of many cyber security providers to join forces against increasingly complex threats. The vision of being collaborators in the creation of a LLM and unified open source infrastructure is a closer step, given the ads in RSAC.
The Cisco Product Director, Jeetu Patel, emphasized his opening: “The true enemy is not our competitor. It is actually the adversary. And we want to make sure we can provide all kinds of tools and have the band of the Ecosystem together so.” Act. “
Patel explained the urgency of assuming such a complex challenge, saying: “AI is fundamentally changing everything, and cybersecurity is in the heart of everything. We are no longer dealing with threats on human scale; these attacks are occurring in Machechn.”
Cisco’s Foundation-Sec-8b LLM defines a new era of open source.
The newly established Cisco AI group originates in the recent acquisition of the company’s robust intelligence. Foundation Ais Focus is to offer the specific domain -domain infrastructure adapted explicitly to cyber security applications, which are among the most challenges to solve. Built in architecture calls the goal 3.1, this large -language model of 8 billion parameters is not an AI of modified general purphose. It was a specific construction, meticulously trained in a specific cyber security data set internally by Cisco Foundation AI.
“By its nature, the problems in this letter are some of the most difficult of the AI today. For technology to be accessible, we decided that most of the work we do in the shoulder of Foundation.
With the AI of the open source anchor foundation, Cisco has designed an efficient architectural approach for cyber security suppliers that generally compete with each other, selling comparable solutions, to become collaborators in the creation of more unified defenses.
Singer writes: “Whether you are embeding it in existing tools or building completely new workflows, Foundation SEC-8B adapts to the unique needs of your organization.” The publication of the Cisco blog that announces the model recommends that security equipment apply the SEC-8B Foundation throughout the safety life cycle. The potential use of Cisco recommends for the model that includes the acceleration of SOC, the defense of proactive threats, the engineering qualification, the code reviews assisted by AI, the validation of the configuration and the personalized integration.
The weights and tokenizer of Foundation-SEC-8Bs have been open source under the permissive license Apache 2.0 in the hugged face, which allows customization and implementation of business level without suppliers blocking, maintaining compliance and privacy controls. Cisco’s blog also points out that he plans to organize the training pipe, further fossing innovation by the community.
Cyber Security is in the DNA of the LLM
Cisco chose to create a specific cyber security model optimized for the needs of SOC, DEVSECOPS and large -scale security equipment. The modernization of an existing generic AI model led them to their goal, so the Foundation’s AI team designed their training using a specific cyber security data set on a large, expansive and well -cured cyber security.
By adopting a more accuracy focus to build the model, the Foundation’s AI team could ensure that the model deeply comprises the cyber threats of the real world, vulnerabilities and defensive strategies.
The key training data sets included the following:
- Vulnerability databases: Including detailed CVE (common vulnerabilities and exhibitions) and CWE (enumerations of common weakness) to identify known threats and weaknesses.
- Threat behavior maps: Structured from security frames proven such as Miter Att & CK, providing context on methodologies and behavior of attackers.
- Threat Intelligence Reports: Integral knowledge derived from global cybersecurity events and emerging threats.
- Red team play books: Tactical plans that describe adverse techniques in the real world and penetration strategies.
- Real world incident summaries: Documented analysis of cyber security violations, incidents and their mitigation routes.
- Compliance and safety guidelines: Established the best practices of the main standards agencies, including the frameworks of the National Institute of Standards and Technology (NIST) and the safe coding principles of the Open Worldwide Application Safety Project (OWASP).
This personalized training regime positions Foundation-SEC-8b only to excel in complex cybersecurity tasks, significantly improved precision offer, a deeper contextual understanding and alternative response to faster threats.
Benchmarking Foundation-SEC-8b LLM
The technical reference points of Cisco Show Foundation SEC-8B offer a cybersecurity yield comparable to larger significant models:
| Benchmark | SEC-8B Foundation | Call-3.1-8b | Call-3.1-70b |
| CTI-MCQA | 67.39 | 64.14 | 68.23 |
| CTI-RCM | 75.26 | 66.43 | 72.66 |
When designing that the base model is specific to cyber security, Cisco is allowing SOCs to obtain greater efficiency with the analysis of advanced threats without having to pay high infrastructure costs to obtain it.
The broader strategic vision of Cisco, detailed in its blog, Foundation AI: robust intelligence for cyber security, addresses the common challenges of the integration of AI, including the alignment of limited domain of general use models, insufficient data sets and inherited difficulties. Foundation-SEC-8b is specifically designed to navigate the thesis barriers, which are executed efficiently in a minimal hardware configuration, which generally require only one or two NVIDIA A100 GPU.
Meta also stressed its open source strategy in RSAC 2025, expanding its AI defenders suite to strengthen safety in the generative infrastructure of AI. Its open source tool kit now includes a Guard 4 flame, a multimodal classifier that detects policy and images policy violations, improving compliance monitoring within AI’s workflows.
Llamafirewall is also introduced, an open source security framework that integrates modular capabilities that includes Promptguard 2, which is used to detect rapid injections and Jailbreak attempts. They are also launched as part of flamewall, the alignment verifications of agents that monitor and protect the decision -making processes of the AI agent together with Codeshield, which is designed to inspect the code generated to identify and mitigate vulnerabilities are launched.
Meta also improved the Practical Guard 2, which offers two open source variants that further strengthen the future of open source -based infrastructure. They include an 86 m high -precision parameter model and an alternative parameters of 22 m thinner of lower latency optimized for minimum use of resources.
In addition, Meta launched the Cybersec Eval 4 suite of the open source benchmarking suite, which developed in association with Crowdstrike. It has Cybersoc EV EV, the effectiveness of AI compared to realistic scenarios of the Security Operations Center (SOC) and Autathchbench, which is used to evaluate the autonomous capabilities evaluated to identify and fix software vulnerabilities.
Meta also launched the flame defenders program, which provides early access to Open-AI-based security tools, including confidential document classifiers and audio threat detection. Private processing is a privacy AI on the device that was tested within WhatsApp.
In RSAC 2025, Project Discovery won the “most innovative startup” prize in the innovation sandbox, highlighting its commitment to open source cyber security. Its flagship tool, Nuclei, is a customizable open source vulnerability scanner driven by a global community that quickly identifies vulnerabilities in API, websites, cloud environments and networks.
The extensive template library based on YAML of Nuclei includes more than 11,000 detection patterns, 3000 directly linked to specific CVE, allowing the identification of real -time threats. Andy Cao, Coo in Project Discovery, emphasized the strategic importance of the open source, stating: “Winning the twentieth annual Sandbox of RSAC innovation demonstrates that open source models can succeed in cybersecurity. It reflects the power of our security driven by the community.” “
The success of Projectsdossvery is aligned with the Gartner 2024 Bombo cycle for open source software, which positions the tools of AI and open source cybersecurity in the “Innovation trigger” phase. Gartner recommends that organizations establish the offices of open source programs (OSPO), adopt frames of the Software Materials (SBOM) and guarantee regulatory practices of effective governance.
Processable ideas for security leaders
Cisco’s Foundation-SEC-8B, Meta’s expanded ai Defenders Suite and Projectscoveries Nuclei showed that cyber security innovation thrives more when the opening, collaboration and specialized limits of the company of domains experts. These companies and others as they are preparing the scenario so that any cyber security provider is an active collaborator in the creation of cyber security defenses that provide greater efficacy to lower costs.
As Patel emphasized the duration of his key note, “these are not fantasies. These are examples of real life that will be delivered because we have now spoken security models that will be affordable for all. The best security is good TTTTT-Razones.”
