PostHole
Compose Login
You are browsing eu.zone1 in read-only mode. Log in to participate.
rss-bridge 2026-02-12T13:00:56+00:00

Accelerate Security Operations with Cisco’s New Security-Tuned Model

Explore a new frontier in LLM quality and speed. Cisco’s Foundation-Sec model delivers high-performance AI summaries for Splunk Security Operations workflows.

February 12, 2026 1 Comment

Security

Accelerate Security Operations with Cisco’s New Security-Tuned Model

3 min read

Aman Priyanshu, Amin Karbasi, Paul Kassianik

Today we are announcing the availability of a new custom-tuned Foundation-Sec-8B-1.1-Instruct model that powers a key integration between Cisco Foundation AI and the Splunk AI Assistant in Security in Splunk Enterprise Security.

The Splunk AI Assistant in Security is available to all Enterprise Security customers on the Splunk-hosted AWS cloud. It supports SOC analysts in their day-to-day work by automating and accelerating common tasks. Among other capabilities, the Splunk AI Assistant can generate investigation reports, write SPL queries, and summarize alerts. In particular, alert summaries help SOC analysts reduce investigation time by providing a concise yet comprehensive view of each alert, including a high-level overview, a summarized alert timeline, MITRE ATT&CK mapping, and recommended next steps. In this release, the Splunk AI Assistant in Security summary skill is powered by a custom-tuned Foundation-Sec-8B-1.1-Instruct model.

This marks a major milestone in our journey towards offering high quality natively embedded AI capabilities in key security operations workflows with significant latency and cost breakthroughs. It is also significant because it is the result of strong collaboration between two key Cisco brands and demonstrates the value of the ever-evolving Cisco portfolio.

Why This Matters

Security analysts need accurate, clear, and fast summaries to move from alert to action. Seconds lost or inaccurate information could mean the difference between a breach and its successful prevention. This new integration allows analysts to hit the ground running on alerts even faster while maintaining a high-quality bar.

How This Works in Splunk Enterprise Security

Splunk Enterprise Security uses skill routing to send requests to the best model for each task. With this GA release:

  • Users can make a single, global choice to use the Splunk‑hosted model or not.
  • If Splunk‑hosted is selected, Summary Skill requests are now routed to a custom-tuned Foundation‑Sec‑8B‑1.1‑Instruct model with the latest release.

What Analysts Will Notice

From a user perspective, the workflow stays the same. The difference is in the quality and speed of the summary:

  • Improved latency and consistency in generated summaries.
  • Clearer incident overviews, MITRE mapping, and recommended next steps.
  • More reliable, repeatable outputs aligned with analyst expectations.

How the Summary Skill Works

When the Splunk‑hosted model is selected, the Splunk AI Assistant in Enterprise Security routes Summary Skill requests to Foundation‑Sec‑8b‑1.1‑Instruct. The model produces a structured summary that includes:

  • A concise overview of the incident
  • A summarized alert timeline
  • MITRE technique mapping
  • Recommended next steps

We evaluate the Summary Skill for accuracy, relevance, clarity, latency, and safety to ensure it meets enterprise security expectations.

Why Foundation‑Sec‑8B‑1.1‑Instruct

Foundation‑Sec‑8B‑1.1‑Instruct is a security‑tuned model built for real security operations use cases. We developed new methods to train models for specific use cases through novel synthetic data generation and curriculum learning, while keeping the implementation details intentionally opaque. The goal is simple: deliver security‑focused reasoning and outputs that align with how analysts work.

For the Summary Skill, we are replacing previous Llama‑3.1‑70B model calls with Foundation‑Sec-8B-1.1-Instruct calls, delivering better latency and more consistent results for this critical workflow.

Looking Ahead

This is the first of many production integrations of Foundation AI across the Cisco portfolio. As we expand to additional skills and workflows, we will keep a relentless focus on quality, reliability, and the realities of analyst work.

“Enterprise Security continues to be the market leading TDIR platform powering the Agentic SOC. Delivering acceleration in key SOC workflows with embedded AI capabilities helps our customers continue to win against attackers operating at AI speed and scale.  Custom fine-tuned LLMs like this one from the Foundation AI team provide a major step forward in our ability deliver these key embedded AI capabilities.”
-Neal Iyer, Director of Product Management, AI for Splunk Security.

“The quality, latency and cost gains from this custom fine-tuned model provide a very solid foundation for us to launch new AI capabilities for the Agentic SOC. We are excited about what this means for our upcoming embedded and agentic AI capabilities.”
– Fred Frey, Director of Engineering, AI for Splunk Security

We would love your feedback as customers begin using the custom-tuned foundation AI model in Splunk Enterprise Security

*Special thanks to Aman Priyanshu, Amin Karbasi, Blaine Nelson, David Bianco, Fred Frey, Harinath Sundararajhan, Karen Kui, Lei Zhao, Min Song, Neal Iyer, Paul Kassianik, Rajesh Subramanian, Rehan Mulla, and Vedant Dharnidharka for their contributions to this project.*

We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social Media

LinkedIn
Facebook
Instagram
X

Authors

Aman Priyanshu

AI Researcher

Foundation AI

Amin Karbasi

Senior Director

Foundation AI

Paul Kassianik

AI Safety and Security Researcher

Security Business Group

Original source

Reply