# CyberPrompt Library

> A free library of 104 expert-crafted cybersecurity prompts for AI assistants.
> No login required. 17 security domains. 2026 calibrated. Free forever.

## What This Tool Does

Provides copy-ready prompt templates that security professionals paste into AI
assistants (Claude, ChatGPT, Gemini, Copilot, etc.) to generate high-quality
security deliverables — calibrated to 2026 standards, frameworks, and tools.

Every prompt includes:
- Structured sections with numbered steps
- Specific tool and framework references (no generic advice)
- Bracketed placeholders [LIKE THIS] for easy customization
- Output format guidance so the AI knows exactly what to produce

## Prompt Categories & Examples

### Vulnerability Assessment
- CVSS v4.0 scoring with EPSS exploit probability and CISA KEV status check
- Vulnerability assessment report (NIST CSF 2.0, CIS Controls v8.1 aligned)
- Vulnerability scanning program design with exploit-driven prioritization
- Post-quantum cryptography readiness assessment (NIST FIPS 203/204/205)
- Attack surface management program design

### Penetration Testing
- Web application pentest (OWASP WSTG v4.2, OWASP Top 10:2021)
- Network & Active Directory pentest (BloodHound CE, Kerberoasting, Entra ID)
- AI-enhanced social engineering assessment (deepfake vishing, quishing)
- Cloud infrastructure pentest (AWS/Azure/GCP IAM, SSRF, privilege escalation)
- Kubernetes & container penetration test
- AI/ML system red team (MITRE ATLAS framework)

### Threat Intelligence
- Threat actor profile (MITRE ATT&CK v15, STIX 2.1, Diamond Model)
- IOC analysis with YARA/Sigma rule drafting and SIEM hunt queries
- Structured CTI report template with TLP classification
- Dark web intelligence collection program
- Geopolitical cyber risk assessment

### Malware Analysis
- Malware analysis report (ANY.RUN, Ghidra, MITRE ATT&CK mapping)
- Reverse engineering guide (Ghidra + AI decompilation, modern obfuscation)
- Ransomware analysis (triple extortion, RaaS, EDR evasion, 2026 families)
- Fileless & living-off-the-land malware analysis
- AI-generated malware detection methodology

### Network Security
- Network security architecture (NIST CSF 2.0, SASE, ZTNA)
- Network security policy (NIS2, DORA, NIST CSF 2.0 Govern)
- Network threat hunting (Splunk SPL, Elastic EQL, Sentinel KQL)
- Zero trust network assessment (CISA ZT Maturity Model v2)
- SD-WAN & SASE security assessment

### Application Security
- Secure coding guidelines (OWASP Top 10:2021, NIST SSDF, OWASP ASVS v4)
- SAST/DAST/IAST implementation (Semgrep, Snyk, CodeQL, Burp Enterprise)
- API security assessment (OWASP API Top 10:2023, GraphQL, OAuth 2.1)
- AI/ML application security review (OWASP LLM Top 10:2025)
- Software composition analysis program (SCA, SBOM, license compliance)

### Cloud Security
- Cloud security architecture (AWS Well-Architected, Azure Benchmark v3, GCP)
- Cloud security assessment (Wiz, Prisma Cloud, Defender for Cloud, CNAPP)
- Cloud security monitoring (CNAPP, eBPF/Falco, unified SIEM)
- Kubernetes security assessment (CIS Benchmark, NSA/CISA hardening guide)
- Multi-cloud security governance

### Incident Response
- Incident response plan (NIST SP 800-61r3, CISA IR guidance)
- Ransomware response playbook (triple extortion, negotiation, OFAC check)
- Digital forensic investigation methodology
- AI breach tabletop exercise (facilitator script with inject sequence)
- Supply chain incident response
- Cloud-native incident response

### Digital Forensics
- Memory forensics (Volatility 3, cloud instance memory, eBPF)
- Email forensics (Microsoft 365 Purview, Google Workspace Vault)
- Mobile device forensics (iOS 18, Android 15, Cellebrite, cloud backups)
- Cloud forensics investigation (CloudTrail, Activity Log, identity forensics)
- Container & Kubernetes forensics

### Security Awareness
- Phishing awareness program (AI-generated phishing, quishing, deepfake)
- Security champions program (AI tool security responsibilities)
- Executive cybersecurity training (SEC disclosure rules, deepfake briefing)
- AI & deepfake threat awareness training
- Generative AI safe use program

### Security Policy & Compliance
- Security policy framework (NIST CSF 2.0, ISO 27001:2022)
- Data protection policy (GDPR, CCPA/CPRA, DPDPA, LGPD)
- Third-party security policy (DORA, NIS2, EU AI Act supply chain)
- AI governance & acceptable use policy (EU AI Act, NIST AI RMF)
- Software supply chain security policy (EO 14028, NIST SSDF, SLSA)

### Security Architecture
- Zero trust architecture (CISA ZT Maturity Model v2, NIST SP 800-207A)
- IoT security architecture (ETSI EN 303 645, NIST SP 800-213)
- Secure SDLC architecture (NIST SSDF SP 800-218, EO 14028, SLSA)
- Post-quantum cryptography migration architecture (NIST FIPS 203/204/205)
- Cloud-native security architecture (SPIFFE/SPIRE, service mesh, eBPF)

### DevSecOps
- DevSecOps implementation roadmap (DORA metrics, OpenSSF Scorecard, SLSA)
- Secure CI/CD pipeline design (SLSA Level 3, Sigstore, SBOM generation)
- Security as code (OPA Gatekeeper, Kyverno, Falco, Checkov)
- SBOM implementation & lifecycle management (CycloneDX, SPDX)
- AI-assisted secure code review program
- Container security pipeline (Trivy, Cosign, binary authorization)

### Risk Assessment
- Enterprise security risk assessment (NIST CSF 2.0, FAIR, ISO 27005:2022)
- Quantitative risk analysis (OpenFAIR, Monte Carlo, board reporting)
- Third-party risk assessment (DORA, NIS2, EU AI Act, TPRM platforms)
- AI/ML system risk assessment (NIST AI RMF, EU AI Act classification)
- Vendor security scorecard (100-point structured scoring rubric)
- Post-quantum migration risk assessment

### AI & LLM Security (New in 2026)
- LLM prompt injection assessment (OWASP LLM01, direct + indirect injection)
- AI red team & adversarial ML testing (MITRE ATLAS framework)
- Agentic AI security architecture (least privilege, human-in-the-loop)
- AI model supply chain risk assessment
- AI governance framework (NIST AI RMF, EU AI Act, ISO/IEC 42001)

### OT / ICS Security (New in 2026)
- ICS/SCADA vulnerability assessment (passive methodology, IEC 62443)
- OT security architecture (Purdue Model, IEC 62443, zone/conduit design)
- Industrial cyber incident response playbook

### Supply Chain Security (New in 2026)
- Software supply chain risk assessment (SLSA, NIST SP 800-161r1)
- SBOM security analysis (CycloneDX, SPDX, VEX, license risk)
- Open source risk management program

## How to Use This Tool

1. Open https://prompts.cyberagent.exchange/
2. Select a security domain from the left sidebar
3. Use audience (Analyst / Practitioner / Leadership) and type filters
   (Assessment / Playbook / Architecture / Policy / Training / Template)
4. Click "View Prompt" to preview the full template
5. Click "Copy" to copy to clipboard
6. Paste into your AI assistant and fill in [BRACKETED PLACEHOLDERS]

## Technical Details

- Built with React 18, TypeScript, Vite, Tailwind CSS
- Deployed on Cloudflare Pages
- No backend, no data collection, no authentication, no cookies
- All content rendered client-side

## Links

- Homepage: https://prompts.cyberagent.exchange/
- Alternate: https://prompts.cybersecuritygpt.store/
- PDF Resource: https://prompts.cyberagent.exchange/Files/Google_Prompt_Engineering_v7.pdf
- Sitemap: https://prompts.cyberagent.exchange/sitemap.xml
- AI permissions: https://prompts.cyberagent.exchange/ai.txt

## Organization

Quantum Security AI — info@quantumsecurity.ai