AI agents are everywhere in 2026. They write code, triage alerts,
analyze logs, scan infrastructure. But ask one to investigate a
suspicious memory dump or hunt for C2 beaconing and it improvises.
No structure. No framework alignment. No verification steps.
That's the gap I've been working on.
What I built
Anthropic Cybersecurity Skills is an open-source library of 754
structured cybersecurity skills for AI agents. Every skill is a
self-contained directory:
skills/performing-memory-forensics-with-volatility3/
├── SKILL.md ← YAML frontmatter + step-by-step workflow
├── references/
│ ├── standards.md ← framework mappings
│ └── workflows.md ← deep technical procedures
├── scripts/
│ └── process.py ← functional helper scripts
└── assets/
└── template.md ← report templates
Each SKILL.md has YAML frontmatter for agent discovery and a
structured Markdown body for execution. The design is built around
progressive disclosure — irrelevant skills cost ~30 tokens to scan,
relevant ones provide complete expert-level guidance.
v1.2.0 — the five-framework release
Today I shipped the update I've been working toward since launch.
754 skills now mapped to 5 industry frameworks simultaneously.
| Framework | Skills mapped | What it covers |
|---|---|---|
| MITRE ATT&CK Enterprise | 754 / 754 | Adversary tactics and techniques |
| NIST CSF 2.0 | 754 / 754 | Cybersecurity risk management |
| MITRE ATLAS v5.5 | 81 | AI/ML adversarial threats |
| MITRE D3FEND v1.3 | 139 | Defensive countermeasures |
| NIST AI RMF 1.0 | 85 | AI risk management |
No other open-source library does this.
Why five frameworks?
Each one serves a different audience and a different question.
ATT&CK answers: what technique is the adversary using?
NIST CSF 2.0 answers: which risk management function does
this skill address? (Identify, Protect, Detect, Respond, Recover,
or the new Govern function)
MITRE ATLAS answers: if the target is an AI or ML system,
which adversarial technique applies? Model poisoning, prompt
injection, supply chain compromise, escape-to-host from an
agentic container — these have no ATT&CK equivalents. ATLAS
v5.5 added agentic AI techniques in the last two releases.
D3FEND answers: what do you actually DO to defend against it?
ATT&CK maps attacks. D3FEND maps the 267 countermeasures that
stop them. A skill like detecting suspicious PowerShell execution
now tells your agent: this counters T1059.001, and here are the
D3FEND defensive techniques (D3-EWF, D3-PSA) that apply.
NIST AI RMF answers: where does this fit in the AI risk
lifecycle? With the EU AI Act's full requirements going live
August 2 and Colorado's AI Act citing NIST AI RMF as legal
safe harbor, this mapping matters right now.
What the frontmatter looks like
name: detecting-prompt-injection-attacks
description: >-
Detect and prevent prompt injection attacks against LLM
applications, AI agents, and chatbot interfaces. Covers
direct injection, indirect injection via retrieved content,
jailbreak detection, and input validation strategies.
domain: cybersecurity
subdomain: ai-security
tags: [prompt-injection, ai-security, llm, T1059.001]
frameworks:
mitre-attack: [T1059.001, T1078]
nist-csf: [DE.CM-01, DE.AE-02]
mitre-atlas: [AML.T0017, AML.T0051]
mitre-d3fend: [D3-IDA, D3-ODA]
nist-ai-rmf: [MEASURE-2.7, GOVERN-6.1]
Five framework fields. One skill. Zero manual mapping required.
What's in the 754 skills
26 security domains. The top ones by skill count:
- Cloud Security (60) — AWS S3 audits, Azure AD review, GCP IAM
- Threat Hunting (55) — C2 beaconing, DNS tunneling, LOTL detection
- Threat Intelligence (50) — APT attribution, campaign analysis, IOC enrichment
- Web App Security (42) — HTTP smuggling, XSS, deserialization
- Network Security (40) — Wireshark analysis, Suricata tuning, VLAN segmentation
- Malware Analysis (39) — Ghidra, YARA, .NET decompilation
- Digital Forensics (37) — Volatility3, disk imaging, browser artifacts
Plus OT/ICS, container security, zero trust, API security,
DevSecOps, mobile, cryptography, red teaming, and more.
How agents actually use this
Your agent scans frontmatters first (~30 tokens each). When a
skill matches the task, it loads the full SKILL.md and references.
Here's what happens when a user says "check this memory dump for
credential theft":
- Agent scans 754 frontmatters → finds 12 relevant skills
- Loads top matches including
performing-memory-forensics-with-volatility3 - Follows the structured Volatility3 workflow
- Maps findings to ATT&CK T1003 (Credential Dumping)
- References D3FEND D3-PSMD for defensive recommendations
- Outputs structured findings with framework references
No improvisation. No hallucinated tool flags. Structured output
with framework alignment baked in.
Install
npx skills add mukul975/Anthropic-Cybersecurity-Skills
Works with Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor,
Gemini CLI, and any MCP-compatible agent.
Contributing
Apache 2.0. PRs reviewed within 48 hours. The easiest first
contribution is adding MITRE ATT&CK technique IDs to the 74
incident-response skills that still need mapping — see Issue #1.
The repo hit 4,100 stars in a few weeks entirely from community
sharing. If this solves a problem you've been working around,
a star helps others find it.
github.com/mukul975/Anthropic-Cybersecurity-Skills
Top comments (1)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.