At Cisco Live EMEA in Amsterdam, we deployed an innovative and fully integrated security architecture, combining multiple technologies and products to deliver comprehensive protection for such a large-scale event.
As part of this innovation, we introduced the newly released Cisco Security Foundation AI Reasoning model, integrated into the security ecosystem through Cisco XDR. This large language model (LLM) augments human expertise with structured, multi-step reasoning—summarizing incidents in clear language, assisting investigations, and guiding remediation actions.
At the core of this capability is Foundation-sec-8B-Reasoning, an 8-billion-parameter model purpose-built for cybersecurity use cases. Building on previous releases, it adds advanced reasoning capabilities to analyze complex security scenarios before delivering answers. Like its predecessors, the model is openly available for the community to run securely on local, on-premises, or private cloud environments.
Today’s Security Operations Centers (SOCs) are overwhelmed by high alert volumes, requiring manual triage and time-consuming investigations. This limits the time available for deeper analysis and proactive threat hunting. In the SOCs at Cisco Live and Black Hat, we integrated Foundation via a workflow and playbook within Cisco XDR.
When the playbook is executed, the model is provided with contextual incident data and produces a structured analytical summary. Analysts can further refine the output by submitting targeted follow-up questions tailored to their investigative needs.
The value of this integration was showcased at Cisco Live, where the model was deployed against real-world security incidents.
Cisco Live security analysts saw firsthand how embedding the Foundation AI model into their incident workflows enhanced speed, accuracy, and decision-making across the Security Operations Center.
For additional information, please refer to the following resources:
Check out the other blogs from our SOC team in Amsterdam 2026.
We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.
Cisco Security Social Media
