“I’ve said this for many years: Cybersecurity is a team sport,” Grieco said in a prerecorded video about the news. “We’ve all got to come together and work together for a better collective defense. This is one really demonstrable way where we’re trying to raise the bar for everybody and share our knowledge, through this. And so giving folks access to this felt really important.”
While frontier models identify vulnerabilities at machine-speed, most security teams haven’t built a great process or have enough manpower to verify findings, and that’s where Foundry comes in, Grieco said.
“Every security team with access to a frontier LLM has tried the same thing at least once: toss a report at the model and ask it to ‘find the bugs.’ The result is usually a wall of unbounded, unverifiable output that mixes sharp insights with hallucinated findings, with no way to know what was missed or when you’re actually done,” wrote Omar Santos, a distinguished engineer at Cisco focusing on AI security, cybersecurity research, incident response, and vulnerability disclosure, in a blog post about Foundry.
“A full agentic system like Foundry Security Spec is the antidote to that chaos: it wraps the model in orchestration, roles, and guardrails so that detection, validation, and coverage are designed up front instead of improvised in a chat window. The difference is stark—one is an interesting demo; the other is a security evaluation system you can defend in front of your CISO and your auditors,” Santos wrote.
