In just eight weeks, we scanned 1.8 billion lines of code in over 25 coding languages across the breadth of Cisco’s portfolio, a process that would have taken our world-class security research team eight years to complete. We are only getting started.

But speed is only half the story. The real breakthrough is scale, quality, and impact.  

If the average person gained access to a Formula One (F1) car but has only ever ridden a bike, they might be able to make their way along the track, but they are not going to win the race. For decades, cybersecurity has been limited by the pace of manual red teaming and static analysis. A few years ago, efforts like DARPA’s AI Cyber Challenge began paving the road for an autonomous defense, and now the arrival of frontier AI models—like Claude Mythos Preview and GPT 5.5-Cyber—has handed the industry keys to an F1 car. We are inspired by our time in the driver’s seat, and we are eager to share our insights with the goal of helping cyber defenders win. 

The problem we tackled

Quality starts with complete visibility and a signal-to-noise ratio that allows experts to act. 

Historically, security teams were forced to prioritize, choosing which software modules to assess based on risk profiles, knowing full well that bugs in the “unscanned” areas were simply waiting to be found by an adversary. Furthermore, traditional static analysis tools were notorious for noise, often producing a ratio of one useful finding for every 10,000 warnings. This has forced offensive security teams into a cycle of endless triage.  

Our approach

The difference between chaos and clarity is methodology.  

We embedded years of the Cisco Advanced Security Initiatives Group’s domain knowledge—test beds, research notes, and prioritization logic—into a rigorous orchestration harness. The question is no longer whether AI models can find bugs, it’s whether you have the architecture to maximize track time. Our focus has and continues to be on quality and impact over mere quantity and noise. But this velocity isn’t the result of model power alone. It is the result of the Cisco Foundry Security Spec. The model is the accelerant; the harness is the engine. By testing it across six frontier AI models, we ensured that our Foundry Security Spec provides an independent, model-agnostic framework. It is not tied exclusively to one model; it is locked into a consistent methodology. 

What we found: Quality over quantity

We no longer have to pick and choose what to scan. 

A common industry critique is that AI will “drown you in noise.” We found the opposite. By pairing frontier LLMs with our human-guided harness, we achieved a false positive rate of under 3% in over 1.8 billion lines of code. Rather than focusing on a specific scope for a security evaluation, we can assess entire code bases of a product. It’s like switching from a flashlight to a flood light to illuminate a dark room. Because each finding is validated through a hybrid of AI and human expertise, our engineering teams are receiving actionable intelligence rather than a wall of warnings.  

What this means for industry collaboration

Do not mistake volume for value. 

Yes, more vulnerabilities will be discovered as AI adoption grows. If that is the only metric you are counting you may want to ask yourself if you are capturing the real value of this era. True AI-driven security is measured by actionable precision at scale, not by the count of vulnerabilities alone. Our findings are extensive, thanks to both our ability to scale and the accuracy of our analysis. Your team doesn’t have to drown in the noise.  

For enterprise teams looking to deploy frontier LLMs, we suggest three principles: 

1. Use a Proven Harness: Don’t start from scratch. Adopt a framework like the Foundry Security Spec as a battle-tested architecture for your agents. It is built on the community-driven GitHub Spec Kit, so any team can extend and adapt the specification in a trusted and familiar open contribution model.
2. Embed Your Expertise: Apply past vulnerabilities and domain-specific test beds to guide the AI. The model is much more effective if you seed knowledge into the harness. 
3. Test Dynamically: Use AI-driven automation to validate findings in production-like environments to ensure that only verified vulnerabilities are escalated to developers. 

The future: Designing for resilience

We recognize that the transition ahead is complex, and we continue to work to reduce the friction from security operations. We have drastically improved the ability to automate upgrades of our systems through automation and Cisco CX stands ready to help customers assess risk and modernize operational practices.   

Though the pace of innovation is accelerating, our core values remain the foundation of everything we do. Over the last thirty-five years, Cisco has demonstrated that we walk the walk when it comes to the handling and disclosing of vulnerabilities that affect those who use our solutions. We helped create the very standards the industry uses today for vulnerability disclosure and handling. Regardless of how the threat landscape or the market continues to evolve in the AI era, we will adapt, providing the resources and clarity you need to manage risk effectively.  

Cybersecurity is both a team sport and a long-term journey. We are here to tip the scale in favor of all defenders, we are in this together, and we will not stop.  

Join us:   

• Download the Foundry Security Spec and start your own evaluation.

• Read Strengthening the Foundation: A Predictable, Customer focused Response to AI-Accelerated Vulnerability Discovery to learn more about Cisco’s new security release model.

• Tune in to Cisco Live to learn more about building an AI-era cyber defense at scale.