Cisco Releases Open-Source Security LLM for SOCs

Cisco's Foundation AI team released and open-sourced the 8-billion-parameter Llama-3.1-FoundationAI-SecurityLLM-1.1-8B-Instruct (Foundation-sec-8b-instruct), trained on an offline cybersecurity dataset and demonstrated at Black Hat Europe NOC/SOC in London. Integrated into Cisco XDR via workflows and playbooks, the model summarizes alerts, maps MITRE ATT&CK TTPs, traces attack paths, and drafts incident reports to accelerate SOC triage and investigations.
Key Points
- 1Introduces an 8B-parameter open-source security LLM, Foundation-sec-8b-instruct, trained on offline cybersecurity data
- 2Enables automated alert summarization, MITRE ATT&CK mapping, attack-path tracing to speed triage
- 3Integrates into Cisco XDR workflows and playbooks, producing actionable reports and investigation recommendations
Scoring Rationale
High practical impact and official release, limited by being a vendor-specific model focused on SOC workflows.
Sources
Public references used for this report.
Practice with real Logistics & Shipping data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Logistics & Shipping problems

