Framework Strengthens Secure-by-Default Practices in AI Coding Workflows
OASIS Open, the global open source and standards consortium, announced that Cisco has donated Project CodeGuard, an AI model-agnostic security coding agent skills framework and ruleset, to the Coalition for Secure AI (CoSAI), an OASIS Open Project. The framework embeds security best practices directly into AI-assisted software development, helping to prevent vulnerabilities introduced by AI coding agents and generating more secure code automatically.
Addressing AI Coding Security Risks
As AI coding agents rapidly transform software engineering, the speed and efficiency they provide can inadvertently introduce security risks, including skipped input validation, hardcoded secrets, weak cryptography, unsafe functions, and missing authentication or authorization checks.
Project CodeGuard addresses these challenges across the full development lifecycle: guiding design before code is written, preventing vulnerabilities during code generation, and supporting AI-assisted code review afterward.
Also Read: AiThority Interview with Zohaib Ahmed, co-founder and CEO at Resemble AI
“Project CodeGuard represents Cisco’s commitment to advancing security at the scale and speed of AI,” said Anthony Grieco, Chief Security & Trust Officer, Cisco. “While this is a major step forward, we are just getting started. By contributing this framework to CoSAI’s open ecosystem, together, we are building security into AI coding from the start. Making these practices freely available will elevate security across the industry and protect the software that powers our collective world.”
For more details on the donation and technical capabilities, read more in the blog post, Cisco’s Donation of Project CodeGuard to CoSAI: A New Chapter in Securing AI-Generated Code.
“Project CodeGuard exemplifies CoSAI’s vision of bringing together industry expertise to solve real-world AI security challenges,” said David LaBianca, CoSAI Co-Chair, Google. “This framework empowers developers with the tools they need to create secure code. Through our open collaboration model, we’ll work with the community to expand these capabilities and drive adoption across the industry, advancing our shared mission of making AI systems more secure and trustworthy.”
Comprehensive Security Coverage
Project CodeGuard provides multi-layered security coverage across several domains: cryptography, input validation, authentication, authorization, access control, supply chain security, cloud and platform security, and data protection. This approach ensures that security considerations are woven throughout the development process.
The framework integrates seamlessly with AI assistants including Cursor, GitHub Copilot, Windsurf, Claude Code, and others, using a unified markdown format that translates easily to integrated development environment (IDE)-specific formats.
Development Through Special Interest Group
The ongoing development and extension of Project CodeGuard will be conducted through a dedicated Special Interest Group (SIG) within CoSAI’s AI Security Risk Governance Workstream. The collaborative structure will enable technical contributors, researchers, and organizations to work together on expanding the framework’s capabilities and driving its adoption across the AI development community.
Also Read: The Death of the Questionnaire: Automating RFP Responses with GenAI
[To share your insights with us, please write to psen@itechseries.com]
Comments are closed.