Overview

Foundation-Sec-1.1-8B-Instruct is an 8-billion parameter instruction-tuned language model from Foundation AI at Cisco, based on the Meta Llama-3.1-8B architecture. It is specifically designed for cybersecurity applications, featuring an extended 64k token context window (up from 4k) to handle extensive security documents, incident reports, and threat intelligence feeds. The model is instruction-tuned and aligned with human preferences, enabling chat-like interactions for security-related tasks.

Key Capabilities

• SOC Acceleration: Automates triage, summarization, case note generation, and evidence collection.
• Proactive Threat Defense: Simulates attacks, prioritizes vulnerabilities, maps TTPs, and models attacker behavior.
• Engineering Enablement: Provides security assistance, validates configurations, assesses compliance evidence, and improves security posture.
• Enhanced Performance: Achieves +3 to +13 point gains over Llama-3.1-8B-Instruct on cybersecurity benchmarks (CTI-MCQA, CTI-RCM, CTI-VSP) and competitive instruction-following capabilities against models like GPT-4o-mini.

Good for

This model is ideal for security practitioners, researchers, and developers building AI-powered security workflows and applications, particularly for local deployment where data security and regulatory compliance are critical. It supports tasks such as summarization of incident reports, classification of threats to MITRE ATT&CK, named entity recognition for compliance, and Q&A for alert triage. It is recommended to use with additional safeguards like LlamaGuard for optimal safety performance.