Cisco open-sources its Project CodeGuard framework. The framework helps development teams enforce security rules in AI coding workflows, both before, during, and after code generation.
Project CodeGuard is a security framework that integrates rules into AI coding processes. Cisco developed it internally to mitigate risks such as hardcoded secrets, weak input validation, and the use of outdated cryptography. AI coding agents accelerate software development but often generate code with vulnerabilities. According to Cisco, an open, unified approach is needed to improve security without slowing down developers.
AI Framework
The framework consists of three main components: a collection of security rules, scripts that translate these rules into instructions for popular AI coding agents, and validation tools. These rules are based on common guidelines such as OWASP and CWE. They can be applied at any stage of the development process: during the planning phase, when generating code, and during the review afterwards.
Rules as a Security Layer
An example is a rule for input validation. It can guide AI agents to safer coding patterns, warn against unsafe input processing, and check whether the final code contains correct validation. Another rule prevents the use of hardcoded secrets and ensures correct application of secret management.
read also
What happens when an AI model has no security?
According to Cisco, the rules should be seen as an additional security layer, not as a replacement for existing best practices such as peer reviews. The rules do not guarantee secure output but help AI agents make safer choices by default.
Open source
The first release (v1.0.0) of Project CodeGuard includes basic rules, translation scripts for GitHub Copilot and Windsurf, among others, and documentation. Cisco wants to expand rule coverage to more programming languages and AI platforms in the future. In addition, there will be features such as intelligent rule suggestions based on project context.
read also
Writing or Checking Code? “Remain an Expert in What You Ask AI to Do”
Cisco invites the development community to contribute via GitHub. Developers can propose new rules, integrate tools, or provide feedback.