What we'll cover

1. The library — what it is, why it exists
2. MITRE ATT&CK — the offensive lens
3. NIST CSF 2.0 — the lifecycle lens
4. ATLAS, D3FEND, AI RMF — the AI & defense lenses
5. Cross-mapping — one skill, five frameworks
6. Walk a real skill, then build your own

Ten modules. We'll close with a capstone.

Why this course exists

Generic L-L-Ms can write code. They cannot run an investigation.

• A senior analyst doesn't ask "what tool?" — they ask "when, why, what next?"
• That decision-making lives in playbooks, not in models
• The library encodes those playbooks for agents to use

Module 1 — what is the library?

An open-source library of cybersecurity skills, designed for A-I agents, mapped to five industry frameworks.

• 754 production-grade skills, Apache-2.0
• 26 security domains — cloud, threat hunting, forensics, more
• Repo: mukul975/Anthropic-Cybersecurity-Skills

The counts that matter

Progressive disclosure. Up to 5 frameworks per skill. Scan all 754 in one pass.

The agentskills.io standard

• Open standard for portable agent skills
• YAML frontmatter for sub-second discovery
• Markdown body for step-by-step execution
• Reference files for deep technical context
• Works zero-config on 26+ A-I platforms

agentskills dot io defines the shape. The library follows it.

Install in one command

# recommended
npx skills add mukul975/Anthropic-Cybersecurity-Skills

# fallback — clone it
git clone https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
cd Anthropic-Cybersecurity-Skills

Works on Claude Code, Copilot, Cursor, Gemini CLI, Cline, MCP agents.

Module 2 — MITRE ATT&CK

A globally-accessible knowledge base of cyber adversary behavior.

• The "how" of real-world attacks
• 14 tactics (the why) → techniques (the how) → sub-techniques
• The most-mapped framework in the library

The 14 Enterprise tactics

v19 (April 2026) splits Defense Evasion into Stealth + Impair Defenses.

Library coverage of ATT&CK

• 291 unique techniques across all 14 tactics
• Defense Evasion deepest (48), Persistence next (36)
• Impact thinnest (6) — outcome-focused, fewer skills
• Top technique: T1059.001 PowerShell — 26 skills
• Ships an ATT&CK Navigator layer file with v1.0.0

Module 3 — NIST CSF 2.0

Where in our cybersecurity program does this skill apply?

• Six core functions, lifecycle-shaped
• 22 categories · 106 subcategories
• Published February 2024 — added Govern; expanded beyond critical infra

The 6 core functions

Recover is shallowest at ~29. Protect + Detect run deepest.

How CSF shows up in a skill

name: acquiring-disk-image-with-dd-and-dcfldd
domain: cybersecurity
subdomain: digital-forensics
nist_csf:
  - RS.AN-01   # Incident Analysis
  - RS.AN-03
  - DE.AE-02   # Adverse Event Analysis
  - RS.MA-01   # Incident Management

Frontmatter declares which CSF subcategories a skill supports.

Module 4 — MITRE ATLAS

ATT&CK, but for A-I and machine learning systems.

• Adversarial tactics specific to M-L pipelines, models, agents
• 16 tactics · 84 techniques (v5.4)
• Recent additions cover agentic A-I — context poisoning, tool abuse, MCP compromise

Honest source-coverage note

Key ATLAS techniques in the library

• AML.T0051 — L-L-M Prompt Injection (Execution)
• AML.T0054 — L-L-M Jailbreak (Privilege Escalation)
• AML.T0070 — RAG Poisoning (Persistence)
• AML.T0080 — A-I Agent Context Poisoning (Persistence)
• AML.T0010 — A-I Supply Chain Compromise (Initial Access)

Frontmatter field: atlas_techniques

Module 5 — MITRE D3FEND

Defensive countermeasures — the inverse of ATT&CK.

• NSA-funded knowledge graph of defenses
• 267 defensive techniques, 7 tactical categories
• Bidirectional mapping to ATT&CK techniques

Honest source-coverage note

Defends-against in practice

name: analyzing-threat-actor-ttps-with-mitre-attack
d3fend_techniques:
  - Executable Denylisting
  - Execution Isolation
  - File Metadata Consistency Validation
  - Content Format Conversion
  - File Content Analysis

Friendly names here. Other skills use D3- IDs. Both are accepted.

Module 6 — NIST AI RMF

Govern. Map. Measure. Manage.

• Four core functions for trustworthy A-I development
• 72 subcategories total · 12 GenAI risk categories (AI 600-1, July 2024)
• Colorado A-I Act gives legal safe harbor for compliance — Feb 2026

Honest source-coverage note

Why governance lives next to security

• Cyber risk and A-I risk overlap — prompt injection is both
• Boards and regulators want one framework story, not five
• A-I R-M-F gives the governance language; ATT&CK + ATLAS give the threat language
• Skills tagged with both let one document satisfy both audits

Module 7 — cross-mapping

One skill. Five frameworks. Five compliance checkboxes from one playbook.

• The library's signature value proposition
• Encoded directly in skill frontmatter
• Coverage tracks relevance, not a scoreboard

The canonical example

analyzing-network-traffic-of-malware

Reality — most skills aren't 5-of-5

Coverage tracks relevance. Disk imaging doesn't need ATLAS.

Module 8 — walk a real skill

acquiring-disk-image-with-dd-and-dcfldd

• Domain: digital-forensics
• Author: mahipal · Apache-2.0 · v1.0
• The unglamorous skill that any I-R team needs first

The frontmatter

name: acquiring-disk-image-with-dd-and-dcfldd
description: Forensically sound bit-for-bit images
domain: cybersecurity
subdomain: digital-forensics
version: "1.0"
author: mahipal
license: Apache-2.0
tags: [forensics, disk-imaging, dd, dcfldd, hash-verification]
nist_csf: [RS.AN-01, RS.AN-03, DE.AE-02, RS.MA-01]

When to use it

• You need a forensic copy of a suspect drive
• I-R is preserving volatile evidence
• Legal proceedings require verified bit-for-bit
• Before any destructive analysis
• Imaging physical drives, U-S-B, memory cards

Trigger conditions, written for the agent to match against the prompt.

The workflow — six steps

# 1. Identify the source
lsblk; fdisk -l /dev/sdb
# 2. Write-protect
blockdev --setro /dev/sdb
# 3. Document source
hdparm -I /dev/sdb; smartctl -a /dev/sdb
# 4. Acquire with hash
dcfldd if=/dev/sdb hash=sha256 of=case.dd
# 5. Verify
sha256sum case.dd
# 6. Package case folder

Module 9 — build your own skill

A skill is a folder. Predictable shape. You can ship one in an afternoon.

• One SKILL.md with frontmatter + body
• Optional references/, scripts/, assets/
• Body sections: When to Use · Prerequisites · Workflow · Verification

On-disk structure

my-skill/
├── SKILL.md              ← required
├── references/
│   ├── standards.md      ← optional, deep context
│   └── workflows.md
├── scripts/
│   └── process.py        ← optional helpers
└── assets/
    └── template.md       ← optional outputs

Author checklist

1. Pick a real workflow you've actually done
2. Write 5 trigger conditions for "When to Use"
3. Map to ≥1 framework — start with NIST CSF
4. Workflow as commands, not prose
5. Verification step the agent can run
6. Submit P-R — review usually within 48 hours

Module 10 — capstone

Ship one custom security skill mapped to all 5 frameworks.

• Pick something you'd actually use at work
• The cross-mapping is what separates a skill from a script
• Two to three sessions of focused work

5 deliverables

1. SKILL.md with full frontmatter + body
2. At least one reference file in references/
3. Optional script in scripts/ if it earns its keep
4. All 5 framework fields populated where relevant
5. Test prompt — show your agent loading + running it

Pacing

12–14 sessions · ~12–18 learner-hours total.

Ship checklist

• Frontmatter validates against the standard
• Workflow runs end to end on a clean machine
• Verification step actually verifies something
• Framework mappings each cite a justification
• Tested with at least one A-I agent

What's next

• Wiki — 15 pages, ground truth for every claim
• Course — full self-paced version with labs
• Library — clone it, browse it, contribute
• Frameworks — read the originals, not just our summaries
• Build something — that's where it sticks