Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
817 structured cybersecurity skills for AI agents · Mapped to 6 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF & M
817 structured cybersecurity skills for AI agents · Mapped to 6 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF & MITRE F3 (Fight Fraud) · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 29 security domains · Apache 2.0
Categories
Tags
Similar tools
ECC
affaan-m/ECC
The agent harness performance optimization system
hermes-agent
NousResearch/hermes-agent
The self-improving AI agent built by Nous Research
AutoGPT
Significant-Gravitas/AutoGPT
AutoGPT: Build, Deploy, and Run AI Agents
ollama
ollama/ollama
Get up and running with Kimi-K2.6, GLM-5.1, MiniMax, DeepSeek, gpt-oss, Qwen, Gemma and other models.
prompts.chat
f/prompts.chat
The world's largest open-source prompt library for AI
transformers
huggingface/transformers
🤗 Transformers: the model-definition framework for state-of-the-art machine learning models
Install
pip install Anthropic-Cybersecurity-SkillsREADME
Anthropic Cybersecurity Skills
The largest open-source cybersecurity skills library for AI agents
817 production-grade cybersecurity skills · 29 security domains · 6 framework mappings · 26+ AI platforms
Get Started · What's Inside · Frameworks · Platforms · Contributing
⚠️ Community Project — This is an independent, community-created project. Not affiliated with Anthropic PBC.
🔐 Authorized & lawful use only. This library includes offensive and dual-use techniques (e.g. red-team C2, phishing simulation, exploitation) intended for authorized penetration testing, security research, defense, and education. Only use them against systems you own or have explicit written permission to test, and comply with all applicable laws and rules of engagement. You are solely responsible for how you use these skills. See SECURITY.md and CODE_OF_CONDUCT.md.
Give any AI agent the security skills of a senior analyst
A junior analyst knows which Volatility3 plugin to run on a suspicious memory dump, which Sigma rules catch Kerberoasting, and how to scope a cloud breach across three providers. Your AI agent doesn't — unless you give it these skills.
This repo contains 817 structured cybersecurity skills spanning 29 security domains, each following the agentskills.io open standard. Every skill is mapped to six industry frameworks — MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, MITRE D3FEND, NIST AI RMF, and the MITRE Fight Fraud Framework (F3) — making this the only open-source skills library with unified cross-framework coverage. Clone it, point your agent at it, and your next security investigation gets expert-level guidance in seconds.
Six frameworks, one skill library
No other open-source skills library maps every skill to all of these frameworks. One skill, six compliance checkboxes.
| Framework | Version | Scope in this repo | What it maps |
|---|---|---|---|
| MITRE ATT&CK | v19.1 | 15 tactics · 286 techniques | Adversary behaviors and TTPs |
| NIST CSF 2.0 | 2.0 | 6 functions · 22 categories | Organizational security posture |
| MITRE ATLAS | v5.4 | 16 tactics · 84 techniques | AI/ML adversarial threats |
| MITRE D3FEND | v1.3 | 7 categories · 267 techniques | Defensive countermeasures |
| NIST AI RMF | 1.0 | 4 functions · 72 subcategories | AI risk management |
| MITRE F3 (Fight Fraud Framework) | v1.1 (2026-04-09) | 8 tactics · 123 techniques · 94 fraud-relevant skills | Cyber-enabled financial fraud TTPs |
Example — a single skill maps across all six:
| Skill | ATT&CK | NIST CSF | ATLAS | D3FEND | AI RMF | F3 |
|---|---|---|---|---|---|---|
analyzing-network-traffic-of-malware | T1071 | DE.CM | AML.T0047 | D3-NTA | MEASURE-2.6 | — |
detecting-business-email-compromise | T1566 | DE.AE | — | — | — | F1005.006 · monetization |
🆕 MITRE Fight Fraud Framework (F3) — 94 fraud-relevant skills
The MITRE Fight Fraud Framework (F3) was released April 9, 2026 by MITRE's Center for Threat-Informed Defense (CTID), co-developed with JPMorganChase, Citigroup, Lloyds Banking Group, Standard Chartered, CrowdStrike, Verizon Business, FS-ISAC, and others. It is an ATT&CK-compatible TTP catalog for cyber-enabled financial fraud — filling the gap ATT&CK leaves after initial compromise.
F3 v1.1 adds two fraud-specific tactics that ATT&CK does not enumerate:
- Positioning (
FA0001) — action