mukul975/Anthropic-Cybersecurity-Skills

📖 README 摘要

#  Anthropic Cybersecurity Skills

### The largest open-source cybersecurity skills library for AI agents

[](https://mahipal.engineer/survey?utm_source=github_badge&utm_medium=readme&utm_campaign=gars2026)
[](LICENSE)
[](#whats-inside--29-security-domains)
[](#six-frameworks-one-skill-library)
[](https://ctid.mitre.org/fraud/)
[](#whats-inside--29-security-domains)
[](#compatible-platforms)
[](https://github.com/mukul975/Anthropic-Cybersecurity-Skills/stargazers)
[](https://github.com/mukul975/Anthropic-Cybersecurity-Skills/network/members)
[](https://github.com/mukul975/Anthropic-Cybersecurity-Skills/commits/main)
[](https://agentskills.io)
[](CONTRIBUTING.md)
[](https://casky.ai/?utm_source=github&utm_medium=readme&utm_campaign=cohort_launch#waitlist)
[](https://github.com/NousResearch/hermes-agent)

**817 production-grade cybersecurity skills · 29 security domains · 6 framework mappings · 26+ AI platforms**

Get Started · What's Inside · Frameworks · Platforms · Contributing

 

---

> ⚠️ **Community Project** — This is an independent, community-created project. Not affiliated with Anthropic PBC. 

## Give any AI agent the security skills of a senior analyst

A junior analyst knows which Volatility3 plugin to run on a suspicious memory dump, which Sigma rules catch Kerberoasting, and how to scope a cloud breach across three providers. **Your AI agent doesn't — unless you give it these skills.**

This repo contains **817 structured cybersecurity skills** spanning **29 security domains**, each following the agentskills.io open standard.  Every skill is mapped to **six industry frameworks** — MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, MITRE D3FEND, NIST AI RMF, and the MITRE Fight Fraud Framework (F3) — making this the only open-source skills library with unified cross-framework coverage.  Clone it, point your agent at it, and your next security investigation gets expert-level guidance in seconds.

## Six frameworks, one skill library

No other open-source skills library maps every skill to all of these frameworks.  One skill, six compliance checkboxes. 

| Framework | Version | Scope in this repo | What it maps |
|---|---|---|---|
| MITRE ATT&CK | v19.1 | 15 tactics · 286 techniques | Adversary behaviors and TTPs |
| NIST CSF 2.0 | 2.0 | 6 functions · 22 categories | Organizational security posture |
| MITRE ATLAS | v5.4 | 16 tactics · 84 techniques | AI/ML adversarial threats |
| MITRE D3FEND | v1.3 | 7 categories · 267 techniques | Defensive countermeasures |
| NIST AI RMF | 1.0 | 4 functions · 72 subcategories | AI risk management |
| MITRE F3 (Fight Fraud Framework) | v1.1 (2026-04-09) | 8 tactics · 123 techniques · 94 fraud-relevant skills | Cyber-enabled financial fraud TTPs |

**Example — a single skill maps across all six:**

| Skill | ATT&CK | NIST CSF | ATLAS | D3FEND | AI RMF | F3 |
|---|---|---|---|---|---|---|
| `analyzing-network-traffic-of-malware` | T1071 | DE.CM | AML.T0047 | D3-NTA | MEASURE-2.6 | — |
| `detecting-business-email-compromise` | T1566 | DE.AE | — | — | — | F1005.006 · monetization |

### 🆕 MITRE Fight Fraud Framework (F3) — 94 fraud-relevant skills

[](https://ctid.mitre.org/fraud/)

The **MITRE Fight Fraud Framework (F3)** was released **April 9, 2026** by MITRE's Center for Threat-Informed Defense (CTID), co-developed with JPMorganChase, Citigroup, Lloyds Banking Group, Standard Chartered, CrowdStrike, Verizon Business, FS-ISAC, and others. It is an ATT&CK-compatible TTP catalog for **cyber-enabled financial fraud** — filling the gap ATT&CK leaves after initial compromise.

F3 v1.1 adds **two fraud-specific tactics** that ATT&CK does not enumerate:
- **Positioning** (`FA0001`) — actions taken after access to collect/manipulate data and prepare the fraud (synthetic-identity seeding, account warming, beneficiary setup, SIM-swap pre-positioning, banking-session hijack).
- **Monetization** (`FA0002`) — converting stolen assets into usable funds (money-mule layering, APP fraud, crypto off-ramping, card cash-out, refund/chargeback abuse).

Fraud-specific techniques use `F1XXX` IDs (e.g. `F1005.003` Add Beneficiary, `F1025.003` Wire Transfer, `F1007` Adversary-in-the-Browser); reused ATT&CK techniques keep their `T1XXX` IDs. Mappings live in each skill's `mitre_f3:` frontmatter block — all 123 F3 v1.1 technique IDs were verified against the upstream STIX bundle. See `docs/mitre-f3-mapping.md` for the schema.

### MITRE ATT&CK v19.1 — 754/754 skills mapped

Every skill carries a `mitre_attack` frontmatter list validated against **MITRE ATT&CK v19.1** (the latest release) using the official `mitreattack-python` library — 286 distinct techniques across all 15 Enterprise tactics, plus ICS and Mobile techniques where relevant. Zero revoked or deprecated IDs. v19.1's restructured Defense Evasion (now split into **Stealth** and **Defense Impairment**) is reflected below.

| Tactic | ID | Skills |
|--------|----|--------|
| Reconnaissance | TA0043 | 103 |
| Resource Development | TA0042 | 22 |
| Initial Access | TA0001 | 467 |
| Execution | TA0002 | 350 |
| Persistence | TA0003 | 444 |
| Privilege Escalation | TA0004 | 464 |
| Stealth | TA0005 | 442 |
| Defense Impairment | TA0112 | 92 |
| Credential Access | TA0006 | 202 |
| Discovery | TA0007 | 237 |
| Lateral Movement | TA0008 | 68 |
| Collection | TA0009 | 172 |
| Command and Control | TA0011 | 123 |
| Exfiltration | TA0010 | 82 |
| Impact | TA0040 | 50 |

## Quick start

# Option 1: npx (recommended)
npx skills add mukul975/Anthropic-Cybersecurity-Skills

# Option 2: Git clone
git clone https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
cd Anthropic-Cybersecurity-Skills

Works immediately with Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor, Gemini CLI, and any agentskills.io-compatible platform. 

## 🌍 GARS-2026 — Global Agentic AI Readiness Survey

I'm running a global academic study measuring how ready security professionals,
developers, and enterprise teams actually are for agentic AI — MCP s