When we releasedLlama-3.1-FoundationAI-SecurityLLM-base-8B (Foundation-sec-8B)in April, we proved that an eight-billion-parameter model-trained exclusively on security data-can outperform general-purpose LLMs many times its size on cybersecurity benchmarks. Practitioners loved the results, yet they kept asking:

"Can I interact with it like ChatGPT-no extra scaffolding, just prompt and go?"

Now you can.Llama-3.1-FoundationAI-SecurityLLM-instruct-8B (Foundation-sec-8B-Instruct)layers instruction fine-tuning on top of our domain-focused base model, giving you a chat-native copilot that understands security context and follows natural-language directions straight out of the box.

Built for Security, Tuned for Conversation

• Instruction following- Foundation-sec-8B-Instruct obeys everyday prompts for summarization, question-answering, sentiment analysis, and creative text generation without any extra fine-tuning.
• Role awareness- It understands system, user, and assistant roles, enabling multi-turn chats, retrieval-augmented generation, and agent-style applications.
• Compact footprint- A 4K-token context window lets Foundation-sec-8B-Instruct run on a single, high-memory GPU while we push toward much longer windows.
• Open-source and lightweight- Like its sibling, Foundation-sec-8B-Instruct ships as fully open weights under a permissive license-small enough for on-prem, air-gapped, or edge deployments without vendor lock-in.

Performance That Outpaces Larger Models

Foundation-sec-8B-Instruct delivers heavyweight security performance in an eight-billion-parameter form factor. In independent evaluations, it outperforms larger models while remaining small enough to run on a single high-memory GPU.

Just as importantly, Foundation-sec-8B-Instruct maintains strong general-language performance on broad tests such as MMLU. That means it can fluidly explain threat behavior, support long-form investigation narratives, and respond naturally in chat workflows-without compromising its security focus or demanding oversized infrastructure.

Where It Fits Today

Security Operations Centers (SOC)face relentless alert noise, fragmented tooling, and chronic staffing gaps. In pilots across Cisco CSIRT and Cisco XDR, Foundation-sec-8B-Instruct classifies alerts, maps observables to MITRE tactics, reconstructs timelines, and drafts investigation reports-cutting false positives and accelerating triage so analysts can focus on real threats.

Application Security (AppSec)teams juggle code reviews, threat models, and red-team planning with limited expert bandwidth. Early deployments at SBG Product Security, Meraki, and the S&TO Web-Application Security group use Foundation-sec-8B-Instruct to simulate attack paths, generate threat-model diagrams, review code against OWASP guidelines, and craft custom payloads, shifting work from reactive fixes to proactive design.

Because Foundation-sec-8B-Instruct is instruction-tuned, most workflows need only a well-crafted prompt or a simple retrieval template-no additional training loop required.

Looking Ahead

Foundation-sec-8B-Instruct is a milestone, but it is far from the final destination. Our roadmap focuses on unlocking richer context, tighter structure, and broader data modalities, so the model will be able to handle every artifact defenders rely on-without bolting on extra infrastructure. In the near term you can expect:

• Longer context windows- 16K+ tokens for full playbooks, SBOMs, and log bundles
• Structured interaction- Schema-validated JSON, explicit function calling, and even code or binary generation
• Multimodal inputs- Logs, packet captures, screenshots, and other artifacts in a single conversation
• Next-generation models- A reasoning-optimized eight billion-parameter variant and a forthcoming seventy billion-parameter model

Start Building Today

• Grab the weights- DownloadFoundation-sec-8B-Instructon Hugging Face and run it on-prem, in secure cloud enclaves, or in air-gapped labs-no licensing constraints.
• Follow the recipes- The Foundation AI Cookbook offers deployment guides, retrieval templates, and agent examples.
• Join the community- Pilot new workflows, contribute prompts or fine-tunes, and feed your findings back into the open-source ecosystem.

Foundation-sec-8B-Instructis live, open, and ready to defend. Download it, prompt it, and help shape the future of AI-powered cybersecurity.

Contributors:Sajana Weerawardhena, Paul Kassianik, Blaine Nelson, Baturay Saglam, Anu Vellore, Aman Priyanshu, Supriti Vijay, Massimo Aufiero, Fraser Burch, Arthur Goldblatt, Konstantin Goldin, Alie Fordyce, Dhruv Kedia, Zhouran Yang, Ed Li, Jianliang He, Kojin Oshiba, Yaron Singer, Amin Karbasi

We'd love to hear what you think! Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social Media

LinkedIn
Facebook
Instagram
X