Cisco Unveils Open Source AI Reasoning Model for Cybersecurity Use Cases
Cisco today at the 2025 RSA Conference revealed it is making available an open-source generative artificial intelligence (AI) reasoning model specifically designed to automate cybersecurity analytics and workflows, along with a set of controls for securing AI artifacts in software supply chains.
At the same time, Cisco is further integrating the Splunk platform for analyzing IT telemetry data that it acquired last year with the Cisco Extended Detection and Response (XDR) platform in a way that applies generative AI to cyberattack forensics. Cisco is also making it simpler to share threat intelligence between the Splunk Enterprise Security (ES) and Cisco Security Orchestration, Automation and Response (SOAR) platforms.
Cisco is also adding additional generative AI tools to investigate issues involving endpoints, a set of visualization tools and integrations between Cisco Cyber Vision offering and the Cisco Industrial Threat Defense platform for internet-of-things (IoT) environments.
Finally, Cisco announced a formal alliance with ServiceNow through which a previously announced Cisco AI Defense platform will be integrated with the security operations (SecOps capabilities that ServiceNow has embedded in its software-as-a-service (SaaS) platform.
The open source reasoning model is based on AI technologies that Cisco gained last year via its acquisition of Robust Intelligence, which now forms the basis of its Foundation AI research and development team.
Yaron Singer, vice president for AI and security for Cisco, said the open-source reasoning model created by that team, which includes the weights used to develop it, is based on the Llama AI model created by Meta. It is designed, however, to be applied to any large language model (LLM) that cybersecurity teams decide to employ, he added.
The overall goal is to bridge the gap that currently exists between what LLMs are capable of and actual cybersecurity use cases, said Singer. Existing closed-source LLMs were not designed with cybersecurity issues in mind, are difficult to customize and expensive to use, noted Singer. More challenging still, much of the telemetry data dynamically collected by cybersecurity platforms is in a format that doesn’t lend itself to natural language queries, he added.
The Cisco approach, in contrast, relies on an AI reasoning model based on eight billion parameters that has been pre-trained using data that has been distilled down to five billion tokens from an original size of 20 billion plus tokens, said Singer.
That model will then provide the foundation for training a series of AI agents that will be developed by Cisco and any other vendor that adopts its open-source AI platform. Cisco claims this is the first AI reasoning model trained specifically for cybersecurity use cases.
It’s not clear how widely cybersecurity vendors might embrace Cisco’s open-source AI model, but the one clear thing is that the cost of applying generative AI to cybersecurity is dropping rapidly. In addition to the cost of the reasoning models dropping nearly to zero, the number of tokens needed is also declining rapidly. Arguably, the only issue to be resolved at this point may be determining precisely to what degree those AI models can be customized to address the unique requirements of specific IT environments.
