@blamejs/exceptd-skills 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (136) hide show
  1. package/AGENTS.md +232 -0
  2. package/ARCHITECTURE.md +267 -0
  3. package/CHANGELOG.md +616 -0
  4. package/CONTEXT.md +203 -0
  5. package/LICENSE +200 -0
  6. package/NOTICE +82 -0
  7. package/README.md +307 -0
  8. package/SECURITY.md +73 -0
  9. package/agents/README.md +81 -0
  10. package/agents/report-generator.md +156 -0
  11. package/agents/skill-updater.md +102 -0
  12. package/agents/source-validator.md +119 -0
  13. package/agents/threat-researcher.md +149 -0
  14. package/bin/exceptd.js +183 -0
  15. package/data/_indexes/_meta.json +88 -0
  16. package/data/_indexes/activity-feed.json +362 -0
  17. package/data/_indexes/catalog-summaries.json +229 -0
  18. package/data/_indexes/chains.json +7135 -0
  19. package/data/_indexes/currency.json +359 -0
  20. package/data/_indexes/did-ladders.json +451 -0
  21. package/data/_indexes/frequency.json +2072 -0
  22. package/data/_indexes/handoff-dag.json +476 -0
  23. package/data/_indexes/jurisdiction-clocks.json +967 -0
  24. package/data/_indexes/jurisdiction-map.json +536 -0
  25. package/data/_indexes/recipes.json +319 -0
  26. package/data/_indexes/section-offsets.json +3656 -0
  27. package/data/_indexes/stale-content.json +14 -0
  28. package/data/_indexes/summary-cards.json +1736 -0
  29. package/data/_indexes/theater-fingerprints.json +381 -0
  30. package/data/_indexes/token-budget.json +2137 -0
  31. package/data/_indexes/trigger-table.json +1374 -0
  32. package/data/_indexes/xref.json +818 -0
  33. package/data/atlas-ttps.json +282 -0
  34. package/data/cve-catalog.json +496 -0
  35. package/data/cwe-catalog.json +1017 -0
  36. package/data/d3fend-catalog.json +738 -0
  37. package/data/dlp-controls.json +1039 -0
  38. package/data/exploit-availability.json +67 -0
  39. package/data/framework-control-gaps.json +1255 -0
  40. package/data/global-frameworks.json +2913 -0
  41. package/data/rfc-references.json +324 -0
  42. package/data/zeroday-lessons.json +377 -0
  43. package/keys/public.pem +3 -0
  44. package/lib/framework-gap.js +328 -0
  45. package/lib/job-queue.js +195 -0
  46. package/lib/lint-skills.js +536 -0
  47. package/lib/prefetch.js +372 -0
  48. package/lib/refresh-external.js +713 -0
  49. package/lib/schemas/cve-catalog.schema.json +151 -0
  50. package/lib/schemas/manifest.schema.json +106 -0
  51. package/lib/schemas/skill-frontmatter.schema.json +113 -0
  52. package/lib/scoring.js +149 -0
  53. package/lib/sign.js +197 -0
  54. package/lib/ttp-mapper.js +80 -0
  55. package/lib/validate-catalog-meta.js +198 -0
  56. package/lib/validate-cve-catalog.js +213 -0
  57. package/lib/validate-indexes.js +83 -0
  58. package/lib/validate-package.js +162 -0
  59. package/lib/validate-vendor.js +85 -0
  60. package/lib/verify.js +216 -0
  61. package/lib/worker-pool.js +84 -0
  62. package/manifest-snapshot.json +1833 -0
  63. package/manifest.json +2108 -0
  64. package/orchestrator/README.md +124 -0
  65. package/orchestrator/dispatcher.js +140 -0
  66. package/orchestrator/event-bus.js +146 -0
  67. package/orchestrator/index.js +874 -0
  68. package/orchestrator/pipeline.js +201 -0
  69. package/orchestrator/scanner.js +327 -0
  70. package/orchestrator/scheduler.js +137 -0
  71. package/package.json +113 -0
  72. package/sbom.cdx.json +158 -0
  73. package/scripts/audit-cross-skill.js +261 -0
  74. package/scripts/audit-perf.js +160 -0
  75. package/scripts/bootstrap.js +205 -0
  76. package/scripts/build-indexes.js +721 -0
  77. package/scripts/builders/activity-feed.js +79 -0
  78. package/scripts/builders/catalog-summaries.js +67 -0
  79. package/scripts/builders/currency.js +109 -0
  80. package/scripts/builders/cwe-chains.js +105 -0
  81. package/scripts/builders/did-ladders.js +149 -0
  82. package/scripts/builders/frequency.js +89 -0
  83. package/scripts/builders/jurisdiction-clocks.js +126 -0
  84. package/scripts/builders/recipes.js +159 -0
  85. package/scripts/builders/section-offsets.js +162 -0
  86. package/scripts/builders/stale-content.js +171 -0
  87. package/scripts/builders/summary-cards.js +166 -0
  88. package/scripts/builders/theater-fingerprints.js +198 -0
  89. package/scripts/builders/token-budget.js +96 -0
  90. package/scripts/check-manifest-snapshot.js +217 -0
  91. package/scripts/predeploy.js +267 -0
  92. package/scripts/refresh-manifest-snapshot.js +57 -0
  93. package/scripts/refresh-sbom.js +222 -0
  94. package/skills/age-gates-child-safety/skill.md +456 -0
  95. package/skills/ai-attack-surface/skill.md +282 -0
  96. package/skills/ai-c2-detection/skill.md +440 -0
  97. package/skills/ai-risk-management/skill.md +311 -0
  98. package/skills/api-security/skill.md +287 -0
  99. package/skills/attack-surface-pentest/skill.md +381 -0
  100. package/skills/cloud-security/skill.md +384 -0
  101. package/skills/compliance-theater/skill.md +365 -0
  102. package/skills/container-runtime-security/skill.md +379 -0
  103. package/skills/coordinated-vuln-disclosure/skill.md +473 -0
  104. package/skills/defensive-countermeasure-mapping/skill.md +300 -0
  105. package/skills/dlp-gap-analysis/skill.md +337 -0
  106. package/skills/email-security-anti-phishing/skill.md +206 -0
  107. package/skills/exploit-scoring/skill.md +331 -0
  108. package/skills/framework-gap-analysis/skill.md +374 -0
  109. package/skills/fuzz-testing-strategy/skill.md +313 -0
  110. package/skills/global-grc/skill.md +564 -0
  111. package/skills/identity-assurance/skill.md +272 -0
  112. package/skills/incident-response-playbook/skill.md +546 -0
  113. package/skills/kernel-lpe-triage/skill.md +303 -0
  114. package/skills/mcp-agent-trust/skill.md +326 -0
  115. package/skills/mlops-security/skill.md +325 -0
  116. package/skills/ot-ics-security/skill.md +340 -0
  117. package/skills/policy-exception-gen/skill.md +437 -0
  118. package/skills/pqc-first/skill.md +546 -0
  119. package/skills/rag-pipeline-security/skill.md +294 -0
  120. package/skills/researcher/skill.md +310 -0
  121. package/skills/sector-energy/skill.md +409 -0
  122. package/skills/sector-federal-government/skill.md +302 -0
  123. package/skills/sector-financial/skill.md +398 -0
  124. package/skills/sector-healthcare/skill.md +373 -0
  125. package/skills/security-maturity-tiers/skill.md +464 -0
  126. package/skills/skill-update-loop/skill.md +463 -0
  127. package/skills/supply-chain-integrity/skill.md +318 -0
  128. package/skills/threat-model-currency/skill.md +404 -0
  129. package/skills/threat-modeling-methodology/skill.md +312 -0
  130. package/skills/webapp-security/skill.md +281 -0
  131. package/skills/zeroday-gap-learn/skill.md +350 -0
  132. package/vendor/blamejs/LICENSE +201 -0
  133. package/vendor/blamejs/README.md +54 -0
  134. package/vendor/blamejs/_PROVENANCE.json +54 -0
  135. package/vendor/blamejs/retry.js +335 -0
  136. package/vendor/blamejs/worker-pool.js +418 -0
package/manifest-snapshot.json ADDED
@@ -0,0 +1,1833 @@
1
+ {
2
+ "_comment": "Auto-generated by scripts/refresh-manifest-snapshot.js — do not hand-edit. Public skill surface used by check-manifest-snapshot.js to detect breaking removals.",
3
+ "_generated_at": "2026-05-11T23:30:00.566Z",
4
+ "atlas_version": "5.1.0",
5
+ "skill_count": 38,
6
+ "skills": [
7
+ {
8
+ "name": "age-gates-child-safety",
9
+ "version": "1.0.0",
10
+ "triggers": [
11
+ "age assurance",
12
+ "age gate",
13
+ "age gates",
14
+ "age verification",
15
+ "california aadc",
16
+ "child online safety",
17
+ "child safety",
18
+ "children's code",
19
+ "children's online safety",
20
+ "cipa",
21
+ "coppa",
22
+ "csam",
23
+ "dsa article 28",
24
+ "esafety",
25
+ "gdpr article 8",
26
+ "kosa",
27
+ "ofcom",
28
+ "parental consent",
29
+ "uk online safety act"
30
+ ],
31
+ "data_deps": [
32
+ "atlas-ttps.json",
33
+ "cve-catalog.json",
34
+ "cwe-catalog.json",
35
+ "d3fend-catalog.json",
36
+ "dlp-controls.json",
37
+ "framework-control-gaps.json",
38
+ "global-frameworks.json"
39
+ ],
40
+ "atlas_refs": [],
41
+ "attack_refs": [
42
+ "T1078",
43
+ "T1567"
44
+ ],
45
+ "framework_gaps": [
46
+ "ISO-27001-2022-A.8.30",
47
+ "NIST-800-53-AC-2",
48
+ "SOC2-CC6-logical-access"
49
+ ],
50
+ "rfc_refs": [],
51
+ "cwe_refs": [
52
+ "CWE-200",
53
+ "CWE-287",
54
+ "CWE-862"
55
+ ],
56
+ "d3fend_refs": [],
57
+ "dlp_refs": []
58
+ },
59
+ {
60
+ "name": "ai-attack-surface",
61
+ "version": "1.0.0",
62
+ "triggers": [
63
+ "ai attack surface",
64
+ "ai red team",
65
+ "ai security assessment",
66
+ "ai threat model",
67
+ "llm security",
68
+ "model security",
69
+ "prompt injection",
70
+ "promptflux",
71
+ "promptsteal"
72
+ ],
73
+ "data_deps": [
74
+ "atlas-ttps.json",
75
+ "cve-catalog.json",
76
+ "framework-control-gaps.json"
77
+ ],
78
+ "atlas_refs": [
79
+ "AML.T0016",
80
+ "AML.T0017",
81
+ "AML.T0018",
82
+ "AML.T0020",
83
+ "AML.T0043",
84
+ "AML.T0051",
85
+ "AML.T0054",
86
+ "AML.T0096"
87
+ ],
88
+ "attack_refs": [
89
+ "T1059",
90
+ "T1190",
91
+ "T1566"
92
+ ],
93
+ "framework_gaps": [
94
+ "ALL-AI-PIPELINE-INTEGRITY",
95
+ "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
96
+ "ISO-27001-2022-A.8.28",
97
+ "ISO-IEC-23894-2023-clause-7",
98
+ "NIST-800-53-AC-2",
99
+ "NIST-800-53-SI-3",
100
+ "OWASP-LLM-Top-10-2025-LLM01",
101
+ "OWASP-LLM-Top-10-2025-LLM02",
102
+ "SOC2-CC6-logical-access"
103
+ ],
104
+ "rfc_refs": [],
105
+ "cwe_refs": [
106
+ "CWE-1039",
107
+ "CWE-1426",
108
+ "CWE-94"
109
+ ],
110
+ "d3fend_refs": [
111
+ "D3-IOPR",
112
+ "D3-NTA"
113
+ ],
114
+ "dlp_refs": []
115
+ },
116
+ {
117
+ "name": "ai-c2-detection",
118
+ "version": "1.0.0",
119
+ "triggers": [
120
+ "ai api abuse",
121
+ "ai c2",
122
+ "ai command and control",
123
+ "aml.t0096",
124
+ "covert channel ai",
125
+ "llm c2",
126
+ "promptflux",
127
+ "promptsteal",
128
+ "sesameop"
129
+ ],
130
+ "data_deps": [
131
+ "atlas-ttps.json",
132
+ "cve-catalog.json",
133
+ "framework-control-gaps.json"
134
+ ],
135
+ "atlas_refs": [
136
+ "AML.T0017",
137
+ "AML.T0096"
138
+ ],
139
+ "attack_refs": [
140
+ "T1071",
141
+ "T1102",
142
+ "T1568"
143
+ ],
144
+ "framework_gaps": [
145
+ "ISO-27001-2022-A.8.16",
146
+ "NIST-800-53-SC-7",
147
+ "NIST-800-53-SI-3",
148
+ "SOC2-CC7-anomaly-detection"
149
+ ],
150
+ "rfc_refs": [
151
+ "RFC-8446",
152
+ "RFC-9000",
153
+ "RFC-9114",
154
+ "RFC-9180",
155
+ "RFC-9421",
156
+ "RFC-9458"
157
+ ],
158
+ "cwe_refs": [],
159
+ "d3fend_refs": [
160
+ "D3-CA",
161
+ "D3-CSPP",
162
+ "D3-DA",
163
+ "D3-IOPR",
164
+ "D3-NI",
165
+ "D3-NTA",
166
+ "D3-NTPM"
167
+ ],
168
+ "dlp_refs": []
169
+ },
170
+ {
171
+ "name": "ai-risk-management",
172
+ "version": "1.0.0",
173
+ "triggers": [
174
+ "ai governance",
175
+ "ai impact assessment",
176
+ "ai incident response",
177
+ "ai management system",
178
+ "ai red team program",
179
+ "ai risk management",
180
+ "ai vendor risk",
181
+ "aia",
182
+ "dpia ai",
183
+ "eu ai act high-risk",
184
+ "iso 23894",
185
+ "iso 42001",
186
+ "nist ai rmf"
187
+ ],
188
+ "data_deps": [
189
+ "atlas-ttps.json",
190
+ "cwe-catalog.json",
191
+ "d3fend-catalog.json",
192
+ "framework-control-gaps.json",
193
+ "global-frameworks.json",
194
+ "zeroday-lessons.json"
195
+ ],
196
+ "atlas_refs": [
197
+ "AML.T0017",
198
+ "AML.T0051",
199
+ "AML.T0096"
200
+ ],
201
+ "attack_refs": [],
202
+ "framework_gaps": [
203
+ "ISO-IEC-23894-2023-clause-7",
204
+ "ISO-IEC-42001-2023-clause-6.1.2",
205
+ "NIST-AI-RMF-MEASURE-2.5",
206
+ "OWASP-LLM-Top-10-2025-LLM01"
207
+ ],
208
+ "rfc_refs": [],
209
+ "cwe_refs": [
210
+ "CWE-1039",
211
+ "CWE-1426"
212
+ ],
213
+ "d3fend_refs": [],
214
+ "dlp_refs": []
215
+ },
216
+ {
217
+ "name": "api-security",
218
+ "version": "1.0.0",
219
+ "triggers": [
220
+ "ai api security",
221
+ "api gateway",
222
+ "api security",
223
+ "bfla",
224
+ "bola",
225
+ "graphql security",
226
+ "grpc security",
227
+ "mass assignment",
228
+ "mcp transport",
229
+ "openapi security",
230
+ "owasp api top 10",
231
+ "rate limiting",
232
+ "rest security",
233
+ "websocket security"
234
+ ],
235
+ "data_deps": [
236
+ "atlas-ttps.json",
237
+ "cve-catalog.json",
238
+ "cwe-catalog.json",
239
+ "d3fend-catalog.json",
240
+ "framework-control-gaps.json",
241
+ "rfc-references.json"
242
+ ],
243
+ "atlas_refs": [
244
+ "AML.T0017",
245
+ "AML.T0096"
246
+ ],
247
+ "attack_refs": [
248
+ "T1078",
249
+ "T1190",
250
+ "T1567"
251
+ ],
252
+ "framework_gaps": [
253
+ "ISO-27001-2022-A.8.28",
254
+ "NIST-800-218-SSDF",
255
+ "NIST-800-53-AC-2",
256
+ "OWASP-ASVS-v5.0-V14"
257
+ ],
258
+ "rfc_refs": [
259
+ "RFC-6749",
260
+ "RFC-7519",
261
+ "RFC-8446",
262
+ "RFC-8725",
263
+ "RFC-9114",
264
+ "RFC-9421",
265
+ "RFC-9700"
266
+ ],
267
+ "cwe_refs": [
268
+ "CWE-1188",
269
+ "CWE-200",
270
+ "CWE-22",
271
+ "CWE-287",
272
+ "CWE-352",
273
+ "CWE-77",
274
+ "CWE-862",
275
+ "CWE-863",
276
+ "CWE-918"
277
+ ],
278
+ "d3fend_refs": [],
279
+ "dlp_refs": []
280
+ },
281
+ {
282
+ "name": "attack-surface-pentest",
283
+ "version": "1.0.0",
284
+ "triggers": [
285
+ "adversary emulation",
286
+ "asm",
287
+ "asset inventory",
288
+ "attack surface",
289
+ "external footprint",
290
+ "pen test",
291
+ "penetration testing",
292
+ "red team",
293
+ "threat-led testing",
294
+ "tiber-eu",
295
+ "tlpt"
296
+ ],
297
+ "data_deps": [
298
+ "atlas-ttps.json",
299
+ "cve-catalog.json",
300
+ "cwe-catalog.json",
301
+ "d3fend-catalog.json",
302
+ "framework-control-gaps.json"
303
+ ],
304
+ "atlas_refs": [
305
+ "AML.T0010",
306
+ "AML.T0043",
307
+ "AML.T0051"
308
+ ],
309
+ "attack_refs": [
310
+ "T1059",
311
+ "T1078",
312
+ "T1133",
313
+ "T1190"
314
+ ],
315
+ "framework_gaps": [
316
+ "NIS2-Art21-patch-management",
317
+ "NIST-800-115",
318
+ "OWASP-Pen-Testing-Guide-v5",
319
+ "PTES-Pre-engagement"
320
+ ],
321
+ "rfc_refs": [],
322
+ "cwe_refs": [
323
+ "CWE-1395",
324
+ "CWE-22",
325
+ "CWE-269",
326
+ "CWE-352",
327
+ "CWE-434",
328
+ "CWE-732",
329
+ "CWE-78",
330
+ "CWE-787",
331
+ "CWE-79",
332
+ "CWE-89",
333
+ "CWE-918"
334
+ ],
335
+ "d3fend_refs": [
336
+ "D3-CSPP",
337
+ "D3-EAL",
338
+ "D3-NTA"
339
+ ],
340
+ "dlp_refs": []
341
+ },
342
+ {
343
+ "name": "cloud-security",
344
+ "version": "1.0.0",
345
+ "triggers": [
346
+ "aws security",
347
+ "azure security",
348
+ "cloud iam",
349
+ "cloud runtime",
350
+ "cloud security",
351
+ "cnapp",
352
+ "csa ccm",
353
+ "cspm",
354
+ "cwpp",
355
+ "falco",
356
+ "gcp security",
357
+ "irsa",
358
+ "multi cloud",
359
+ "shared responsibility",
360
+ "workload identity"
361
+ ],
362
+ "data_deps": [
363
+ "atlas-ttps.json",
364
+ "cve-catalog.json",
365
+ "cwe-catalog.json",
366
+ "d3fend-catalog.json",
367
+ "framework-control-gaps.json",
368
+ "rfc-references.json"
369
+ ],
370
+ "atlas_refs": [
371
+ "AML.T0010",
372
+ "AML.T0017"
373
+ ],
374
+ "attack_refs": [
375
+ "T1078",
376
+ "T1190",
377
+ "T1530",
378
+ "T1552"
379
+ ],
380
+ "framework_gaps": [
381
+ "FedRAMP-Rev5-Moderate",
382
+ "ISO-27001-2022-A.8.30",
383
+ "NIST-800-53-CM-7",
384
+ "SOC2-CC9-vendor-management"
385
+ ],
386
+ "rfc_refs": [
387
+ "RFC-7519",
388
+ "RFC-8446",
389
+ "RFC-8725",
390
+ "RFC-9180"
391
+ ],
392
+ "cwe_refs": [
393
+ "CWE-1188",
394
+ "CWE-200",
395
+ "CWE-287",
396
+ "CWE-732",
397
+ "CWE-798",
398
+ "CWE-862"
399
+ ],
400
+ "d3fend_refs": [],
401
+ "dlp_refs": []
402
+ },
403
+ {
404
+ "name": "compliance-theater",
405
+ "version": "1.0.0",
406
+ "triggers": [
407
+ "audit but exposed",
408
+ "audit theater",
409
+ "checkbox security",
410
+ "compliance gap",
411
+ "compliance theater",
412
+ "compliant but vulnerable",
413
+ "paper compliance"
414
+ ],
415
+ "data_deps": [
416
+ "cve-catalog.json",
417
+ "exploit-availability.json",
418
+ "framework-control-gaps.json"
419
+ ],
420
+ "atlas_refs": [],
421
+ "attack_refs": [],
422
+ "framework_gaps": [
423
+ "ALL-AI-PIPELINE-INTEGRITY",
424
+ "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
425
+ "CMMC-2.0-Level-2",
426
+ "FedRAMP-Rev5-Moderate"
427
+ ],
428
+ "rfc_refs": [],
429
+ "cwe_refs": [],
430
+ "d3fend_refs": [],
431
+ "dlp_refs": []
432
+ },
433
+ {
434
+ "name": "container-runtime-security",
435
+ "version": "1.0.0",
436
+ "triggers": [
437
+ "admission controller",
438
+ "cilium",
439
+ "cis kubernetes",
440
+ "container security",
441
+ "falco",
442
+ "gatekeeper",
443
+ "k8s security",
444
+ "kserve",
445
+ "kubernetes security",
446
+ "kyverno",
447
+ "networkpolicy",
448
+ "nsa hardening",
449
+ "opa",
450
+ "pod security standards",
451
+ "sigstore policy",
452
+ "tetragon",
453
+ "vllm"
454
+ ],
455
+ "data_deps": [
456
+ "atlas-ttps.json",
457
+ "cve-catalog.json",
458
+ "cwe-catalog.json",
459
+ "d3fend-catalog.json",
460
+ "framework-control-gaps.json",
461
+ "rfc-references.json"
462
+ ],
463
+ "atlas_refs": [
464
+ "AML.T0010"
465
+ ],
466
+ "attack_refs": [
467
+ "T1068",
468
+ "T1190",
469
+ "T1610",
470
+ "T1611"
471
+ ],
472
+ "framework_gaps": [
473
+ "ISO-27001-2022-A.8.28",
474
+ "NIST-800-53-CM-7",
475
+ "SLSA-v1.0-Build-L3"
476
+ ],
477
+ "rfc_refs": [
478
+ "RFC-8032",
479
+ "RFC-8446"
480
+ ],
481
+ "cwe_refs": [
482
+ "CWE-1188",
483
+ "CWE-1395",
484
+ "CWE-269",
485
+ "CWE-732",
486
+ "CWE-787"
487
+ ],
488
+ "d3fend_refs": [],
489
+ "dlp_refs": []
490
+ },
491
+ {
492
+ "name": "coordinated-vuln-disclosure",
493
+ "version": "1.0.0",
494
+ "triggers": [
495
+ "90-day disclosure",
496
+ "bug bounty",
497
+ "coordinated vulnerability disclosure",
498
+ "csaf",
499
+ "cvd",
500
+ "iso 29147",
501
+ "iso 30111",
502
+ "project zero",
503
+ "responsible disclosure",
504
+ "security.txt",
505
+ "vdp",
506
+ "vulnerability disclosure program"
507
+ ],
508
+ "data_deps": [
509
+ "atlas-ttps.json",
510
+ "cve-catalog.json",
511
+ "cwe-catalog.json",
512
+ "d3fend-catalog.json",
513
+ "framework-control-gaps.json",
514
+ "rfc-references.json",
515
+ "zeroday-lessons.json"
516
+ ],
517
+ "atlas_refs": [],
518
+ "attack_refs": [],
519
+ "framework_gaps": [
520
+ "ISO-27001-2022-A.8.8",
521
+ "NIST-800-218-SSDF",
522
+ "SOC2-CC9-vendor-management"
523
+ ],
524
+ "rfc_refs": [],
525
+ "cwe_refs": [
526
+ "CWE-1357"
527
+ ],
528
+ "d3fend_refs": [],
529
+ "dlp_refs": []
530
+ },
531
+ {
532
+ "name": "defensive-countermeasure-mapping",
533
+ "version": "1.0.0",
534
+ "triggers": [
535
+ "blue team",
536
+ "blue team map",
537
+ "control mapping",
538
+ "countermeasure",
539
+ "d3fend",
540
+ "defense in depth",
541
+ "defensive coverage",
542
+ "defensive mapping",
543
+ "least privilege",
544
+ "mitigation",
545
+ "zero trust"
546
+ ],
547
+ "data_deps": [
548
+ "atlas-ttps.json",
549
+ "cve-catalog.json",
550
+ "cwe-catalog.json",
551
+ "d3fend-catalog.json",
552
+ "dlp-controls.json",
553
+ "framework-control-gaps.json"
554
+ ],
555
+ "atlas_refs": [],
556
+ "attack_refs": [],
557
+ "framework_gaps": [],
558
+ "rfc_refs": [],
559
+ "cwe_refs": [],
560
+ "d3fend_refs": [
561
+ "D3-ASLR",
562
+ "D3-CA",
563
+ "D3-CBAN",
564
+ "D3-CSPP",
565
+ "D3-DA",
566
+ "D3-EAL",
567
+ "D3-EHB",
568
+ "D3-FAPA",
569
+ "D3-FE",
570
+ "D3-IOPR",
571
+ "D3-MENCR",
572
+ "D3-MFA",
573
+ "D3-NI",
574
+ "D3-NTA",
575
+ "D3-NTPM",
576
+ "D3-PA",
577
+ "D3-PHRA",
578
+ "D3-PSEP",
579
+ "D3-RPA",
580
+ "D3-SCP"
581
+ ],
582
+ "dlp_refs": []
583
+ },
584
+ {
585
+ "name": "dlp-gap-analysis",
586
+ "version": "1.0.0",
587
+ "triggers": [
588
+ "clipboard ai paste",
589
+ "copilot data leak",
590
+ "data classification",
591
+ "data exfiltration",
592
+ "data leak",
593
+ "data loss prevention",
594
+ "dlp",
595
+ "egress",
596
+ "embedding store exfil",
597
+ "exfiltration",
598
+ "llm dlp",
599
+ "mcp tool arg dlp",
600
+ "prompt dlp",
601
+ "rag exfil"
602
+ ],
603
+ "data_deps": [
604
+ "atlas-ttps.json",
605
+ "cve-catalog.json",
606
+ "cwe-catalog.json",
607
+ "d3fend-catalog.json",
608
+ "dlp-controls.json",
609
+ "framework-control-gaps.json",
610
+ "global-frameworks.json"
611
+ ],
612
+ "atlas_refs": [
613
+ "AML.T0017",
614
+ "AML.T0051",
615
+ "AML.T0096"
616
+ ],
617
+ "attack_refs": [
618
+ "T1041",
619
+ "T1213",
620
+ "T1530",
621
+ "T1567"
622
+ ],
623
+ "framework_gaps": [
624
+ "HIPAA-Security-Rule-164.312(a)(1)",
625
+ "ISO-27001-2022-A.8.16",
626
+ "ISO-IEC-42001-2023-clause-6.1.2",
627
+ "NIST-800-53-SC-28",
628
+ "NIST-800-53-SC-7",
629
+ "SOC2-CC7-anomaly-detection"
630
+ ],
631
+ "rfc_refs": [
632
+ "RFC-8446",
633
+ "RFC-9458"
634
+ ],
635
+ "cwe_refs": [
636
+ "CWE-1426",
637
+ "CWE-200"
638
+ ],
639
+ "d3fend_refs": [
640
+ "D3-CSPP",
641
+ "D3-EAL",
642
+ "D3-IOPR",
643
+ "D3-NTA",
644
+ "D3-NTPM"
645
+ ],
646
+ "dlp_refs": []
647
+ },
648
+ {
649
+ "name": "email-security-anti-phishing",
650
+ "version": "1.0.0",
651
+ "triggers": [
652
+ "ai phishing",
653
+ "anti-phishing",
654
+ "arc",
655
+ "bec",
656
+ "bimi",
657
+ "business email compromise",
658
+ "deepfake phishing",
659
+ "dkim",
660
+ "dmarc",
661
+ "email security",
662
+ "mta-sts",
663
+ "phishing",
664
+ "secure email gateway",
665
+ "spear phishing",
666
+ "spf",
667
+ "tlsrpt",
668
+ "vishing"
669
+ ],
670
+ "data_deps": [
671
+ "atlas-ttps.json",
672
+ "cve-catalog.json",
673
+ "cwe-catalog.json",
674
+ "d3fend-catalog.json",
675
+ "dlp-controls.json",
676
+ "framework-control-gaps.json",
677
+ "rfc-references.json"
678
+ ],
679
+ "atlas_refs": [],
680
+ "attack_refs": [
681
+ "T1078",
682
+ "T1566",
683
+ "T1566.001",
684
+ "T1566.002",
685
+ "T1566.003"
686
+ ],
687
+ "framework_gaps": [
688
+ "ISO-27001-2022-A.8.16",
689
+ "NIST-800-53-SI-3",
690
+ "SOC2-CC7-anomaly-detection"
691
+ ],
692
+ "rfc_refs": [],
693
+ "cwe_refs": [],
694
+ "d3fend_refs": [],
695
+ "dlp_refs": []
696
+ },
697
+ {
698
+ "name": "exploit-scoring",
699
+ "version": "1.0.0",
700
+ "triggers": [
701
+ "beyond cvss",
702
+ "cve priority",
703
+ "exploit scoring",
704
+ "how bad is this cve",
705
+ "patch priority",
706
+ "prioritize cve",
707
+ "real world priority",
708
+ "rwep"
709
+ ],
710
+ "data_deps": [
711
+ "cve-catalog.json",
712
+ "exploit-availability.json"
713
+ ],
714
+ "atlas_refs": [],
715
+ "attack_refs": [],
716
+ "framework_gaps": [
717
+ "CIS-Controls-v8-Control7",
718
+ "CWE-Top-25-2024-meta"
719
+ ],
720
+ "rfc_refs": [],
721
+ "cwe_refs": [],
722
+ "d3fend_refs": [],
723
+ "dlp_refs": []
724
+ },
725
+ {
726
+ "name": "framework-gap-analysis",
727
+ "version": "1.0.0",
728
+ "triggers": [
729
+ "compliance gap",
730
+ "control gap",
731
+ "framework gap",
732
+ "iso 27001 gap",
733
+ "nis2 gap",
734
+ "nist gap",
735
+ "pci gap",
736
+ "soc 2 gap",
737
+ "why doesn't this control cover"
738
+ ],
739
+ "data_deps": [
740
+ "atlas-ttps.json",
741
+ "cve-catalog.json",
742
+ "framework-control-gaps.json",
743
+ "global-frameworks.json"
744
+ ],
745
+ "atlas_refs": [],
746
+ "attack_refs": [],
747
+ "framework_gaps": [],
748
+ "rfc_refs": [],
749
+ "cwe_refs": [],
750
+ "d3fend_refs": [],
751
+ "dlp_refs": []
752
+ },
753
+ {
754
+ "name": "fuzz-testing-strategy",
755
+ "version": "1.0.0",
756
+ "triggers": [
757
+ "afl",
758
+ "ai-assisted fuzz",
759
+ "api fuzz",
760
+ "continuous fuzz",
761
+ "coverage-guided fuzz",
762
+ "fuzz testing",
763
+ "fuzzing",
764
+ "libfuzzer",
765
+ "oss-fuzz",
766
+ "prompt fuzz",
767
+ "syzkaller"
768
+ ],
769
+ "data_deps": [
770
+ "atlas-ttps.json",
771
+ "cve-catalog.json",
772
+ "cwe-catalog.json",
773
+ "d3fend-catalog.json",
774
+ "framework-control-gaps.json"
775
+ ],
776
+ "atlas_refs": [
777
+ "AML.T0043"
778
+ ],
779
+ "attack_refs": [
780
+ "T1190"
781
+ ],
782
+ "framework_gaps": [
783
+ "NIST-800-115",
784
+ "NIST-800-218-SSDF",
785
+ "OWASP-ASVS-v5.0-V14"
786
+ ],
787
+ "rfc_refs": [],
788
+ "cwe_refs": [
789
+ "CWE-125",
790
+ "CWE-20",
791
+ "CWE-362",
792
+ "CWE-416",
793
+ "CWE-78",
794
+ "CWE-787"
795
+ ],
796
+ "d3fend_refs": [
797
+ "D3-EAL",
798
+ "D3-IOPR",
799
+ "D3-PSEP"
800
+ ],
801
+ "dlp_refs": []
802
+ },
803
+ {
804
+ "name": "global-grc",
805
+ "version": "1.0.0",
806
+ "triggers": [
807
+ "apra cps 234",
808
+ "cert-in",
809
+ "cyber resilience act",
810
+ "dora compliance",
811
+ "essential 8",
812
+ "eu ai act",
813
+ "gdpr security",
814
+ "global compliance",
815
+ "global grc",
816
+ "international compliance",
817
+ "mas trm",
818
+ "multi-jurisdiction",
819
+ "nis2"
820
+ ],
821
+ "data_deps": [
822
+ "atlas-ttps.json",
823
+ "framework-control-gaps.json",
824
+ "global-frameworks.json"
825
+ ],
826
+ "atlas_refs": [],
827
+ "attack_refs": [],
828
+ "framework_gaps": [],
829
+ "rfc_refs": [],
830
+ "cwe_refs": [],
831
+ "d3fend_refs": [],
832
+ "dlp_refs": []
833
+ },
834
+ {
835
+ "name": "identity-assurance",
836
+ "version": "1.0.0",
837
+ "triggers": [
838
+ "aal",
839
+ "agent identity",
840
+ "fal",
841
+ "federation",
842
+ "fido2",
843
+ "ial",
844
+ "identity assurance",
845
+ "nist 800-63",
846
+ "oidc",
847
+ "passkey",
848
+ "phishing-resistant",
849
+ "saml",
850
+ "scim",
851
+ "service account",
852
+ "webauthn",
853
+ "workload identity"
854
+ ],
855
+ "data_deps": [
856
+ "atlas-ttps.json",
857
+ "cve-catalog.json",
858
+ "cwe-catalog.json",
859
+ "d3fend-catalog.json",
860
+ "framework-control-gaps.json",
861
+ "rfc-references.json"
862
+ ],
863
+ "atlas_refs": [
864
+ "AML.T0051"
865
+ ],
866
+ "attack_refs": [
867
+ "T1078",
868
+ "T1110",
869
+ "T1556"
870
+ ],
871
+ "framework_gaps": [
872
+ "ISO-27001-2022-A.8.30",
873
+ "NIST-800-53-AC-2",
874
+ "NIST-800-63B-rev4",
875
+ "PSD2-RTS-SCA",
876
+ "SOC2-CC6-logical-access"
877
+ ],
878
+ "rfc_refs": [
879
+ "RFC-6749",
880
+ "RFC-7519",
881
+ "RFC-8032",
882
+ "RFC-8725",
883
+ "RFC-9700"
884
+ ],
885
+ "cwe_refs": [
886
+ "CWE-269",
887
+ "CWE-287",
888
+ "CWE-306",
889
+ "CWE-732",
890
+ "CWE-798",
891
+ "CWE-862",
892
+ "CWE-863"
893
+ ],
894
+ "d3fend_refs": [],
895
+ "dlp_refs": []
896
+ },
897
+ {
898
+ "name": "incident-response-playbook",
899
+ "version": "1.0.0",
900
+ "triggers": [
901
+ "ai incident",
902
+ "blue team",
903
+ "breach notification",
904
+ "csirt",
905
+ "incident handler",
906
+ "incident response",
907
+ "ir playbook",
908
+ "iso 27035",
909
+ "model exfiltration incident",
910
+ "nist 800-61",
911
+ "picerl",
912
+ "prompt injection incident",
913
+ "soc playbook"
914
+ ],
915
+ "data_deps": [
916
+ "atlas-ttps.json",
917
+ "cve-catalog.json",
918
+ "cwe-catalog.json",
919
+ "d3fend-catalog.json",
920
+ "framework-control-gaps.json",
921
+ "global-frameworks.json",
922
+ "zeroday-lessons.json"
923
+ ],
924
+ "atlas_refs": [
925
+ "AML.T0017",
926
+ "AML.T0051",
927
+ "AML.T0096"
928
+ ],
929
+ "attack_refs": [
930
+ "T1041",
931
+ "T1078",
932
+ "T1486",
933
+ "T1567"
934
+ ],
935
+ "framework_gaps": [
936
+ "ISO-27001-2022-A.8.16",
937
+ "NIST-800-53-AC-2",
938
+ "SOC2-CC7-anomaly-detection"
939
+ ],
940
+ "rfc_refs": [],
941
+ "cwe_refs": [],
942
+ "d3fend_refs": [],
943
+ "dlp_refs": []
944
+ },
945
+ {
946
+ "name": "kernel-lpe-triage",
947
+ "version": "1.0.0",
948
+ "triggers": [
949
+ "copy fail",
950
+ "cve-2026-31431",
951
+ "cve-2026-43284",
952
+ "dirty frag",
953
+ "kernel lpe",
954
+ "kernel patch",
955
+ "linux root",
956
+ "live kernel patch",
957
+ "privilege escalation"
958
+ ],
959
+ "data_deps": [
960
+ "cve-catalog.json",
961
+ "exploit-availability.json"
962
+ ],
963
+ "atlas_refs": [],
964
+ "attack_refs": [
965
+ "T1068",
966
+ "T1548.001"
967
+ ],
968
+ "framework_gaps": [
969
+ "CIS-Controls-v8-Control7",
970
+ "ISO-27001-2022-A.8.8",
971
+ "NIS2-Art21-patch-management",
972
+ "NIST-800-53-SC-8",
973
+ "NIST-800-53-SI-2",
974
+ "PCI-DSS-4.0-6.3.3"
975
+ ],
976
+ "rfc_refs": [
977
+ "RFC-4301",
978
+ "RFC-4303",
979
+ "RFC-7296"
980
+ ],
981
+ "cwe_refs": [
982
+ "CWE-125",
983
+ "CWE-362",
984
+ "CWE-416",
985
+ "CWE-672",
986
+ "CWE-787"
987
+ ],
988
+ "d3fend_refs": [
989
+ "D3-ASLR",
990
+ "D3-EAL",
991
+ "D3-PHRA",
992
+ "D3-PSEP"
993
+ ],
994
+ "dlp_refs": []
995
+ },
996
+ {
997
+ "name": "mcp-agent-trust",
998
+ "version": "1.0.0",
999
+ "triggers": [
1000
+ "agent trust",
1001
+ "ai agent security",
1002
+ "claude code security",
1003
+ "cursor security",
1004
+ "cve-2026-30615",
1005
+ "mcp rce",
1006
+ "mcp security",
1007
+ "model context protocol",
1008
+ "tool trust",
1009
+ "windsurf security"
1010
+ ],
1011
+ "data_deps": [
1012
+ "atlas-ttps.json",
1013
+ "cve-catalog.json",
1014
+ "framework-control-gaps.json"
1015
+ ],
1016
+ "atlas_refs": [
1017
+ "AML.T0010",
1018
+ "AML.T0016",
1019
+ "AML.T0096"
1020
+ ],
1021
+ "attack_refs": [
1022
+ "T1059",
1023
+ "T1190",
1024
+ "T1195.001"
1025
+ ],
1026
+ "framework_gaps": [
1027
+ "ALL-MCP-TOOL-TRUST",
1028
+ "ISO-27001-2022-A.8.30",
1029
+ "NIST-800-53-CM-7",
1030
+ "NIST-800-53-SA-12",
1031
+ "OWASP-LLM-Top-10-2025-LLM06",
1032
+ "SOC2-CC9-vendor-management",
1033
+ "SWIFT-CSCF-v2026-1.1"
1034
+ ],
1035
+ "rfc_refs": [
1036
+ "RFC-6749",
1037
+ "RFC-7519",
1038
+ "RFC-8446",
1039
+ "RFC-8725",
1040
+ "RFC-9114",
1041
+ "RFC-9421",
1042
+ "RFC-9700"
1043
+ ],
1044
+ "cwe_refs": [
1045
+ "CWE-22",
1046
+ "CWE-345",
1047
+ "CWE-352",
1048
+ "CWE-434",
1049
+ "CWE-494",
1050
+ "CWE-77",
1051
+ "CWE-918",
1052
+ "CWE-94"
1053
+ ],
1054
+ "d3fend_refs": [
1055
+ "D3-CBAN",
1056
+ "D3-CSPP",
1057
+ "D3-EAL",
1058
+ "D3-EHB",
1059
+ "D3-MFA"
1060
+ ],
1061
+ "dlp_refs": []
1062
+ },
1063
+ {
1064
+ "name": "mlops-security",
1065
+ "version": "1.0.0",
1066
+ "triggers": [
1067
+ "azure ml",
1068
+ "data card",
1069
+ "drift detection",
1070
+ "feature store",
1071
+ "hugging face",
1072
+ "kubeflow",
1073
+ "ml pipeline security",
1074
+ "mlflow",
1075
+ "mlops security",
1076
+ "model card",
1077
+ "model monitoring",
1078
+ "model registry security",
1079
+ "model signing",
1080
+ "sagemaker",
1081
+ "training data integrity",
1082
+ "vertex ai"
1083
+ ],
1084
+ "data_deps": [
1085
+ "atlas-ttps.json",
1086
+ "cve-catalog.json",
1087
+ "cwe-catalog.json",
1088
+ "d3fend-catalog.json",
1089
+ "framework-control-gaps.json",
1090
+ "rfc-references.json"
1091
+ ],
1092
+ "atlas_refs": [
1093
+ "AML.T0010",
1094
+ "AML.T0017",
1095
+ "AML.T0018",
1096
+ "AML.T0020",
1097
+ "AML.T0043"
1098
+ ],
1099
+ "attack_refs": [
1100
+ "T1195.001",
1101
+ "T1565"
1102
+ ],
1103
+ "framework_gaps": [
1104
+ "ISO-IEC-42001-2023-clause-6.1.2",
1105
+ "NIST-800-218-SSDF",
1106
+ "NIST-AI-RMF-MEASURE-2.5",
1107
+ "OWASP-LLM-Top-10-2025-LLM08",
1108
+ "SLSA-v1.0-Build-L3"
1109
+ ],
1110
+ "rfc_refs": [
1111
+ "RFC-8032"
1112
+ ],
1113
+ "cwe_refs": [
1114
+ "CWE-1357",
1115
+ "CWE-1395",
1116
+ "CWE-1426",
1117
+ "CWE-502"
1118
+ ],
1119
+ "d3fend_refs": [],
1120
+ "dlp_refs": []
1121
+ },
1122
+ {
1123
+ "name": "ot-ics-security",
1124
+ "version": "1.0.0",
1125
+ "triggers": [
1126
+ "air gap",
1127
+ "hmi security",
1128
+ "ics security",
1129
+ "iec 62443",
1130
+ "industrial control",
1131
+ "it ot convergence",
1132
+ "level 0",
1133
+ "level 1",
1134
+ "nerc cip",
1135
+ "nist 800-82",
1136
+ "operational technology",
1137
+ "ot security",
1138
+ "plc security",
1139
+ "purdue",
1140
+ "scada"
1141
+ ],
1142
+ "data_deps": [
1143
+ "atlas-ttps.json",
1144
+ "cve-catalog.json",
1145
+ "cwe-catalog.json",
1146
+ "d3fend-catalog.json",
1147
+ "framework-control-gaps.json"
1148
+ ],
1149
+ "atlas_refs": [
1150
+ "AML.T0010"
1151
+ ],
1152
+ "attack_refs": [
1153
+ "T0855",
1154
+ "T0883",
1155
+ "T1068",
1156
+ "T1190"
1157
+ ],
1158
+ "framework_gaps": [
1159
+ "IEC-62443-3-3",
1160
+ "NERC-CIP-007-6-R4",
1161
+ "NIS2-Art21-patch-management",
1162
+ "NIST-800-82r3"
1163
+ ],
1164
+ "rfc_refs": [],
1165
+ "cwe_refs": [
1166
+ "CWE-1037",
1167
+ "CWE-287",
1168
+ "CWE-306",
1169
+ "CWE-798"
1170
+ ],
1171
+ "d3fend_refs": [],
1172
+ "dlp_refs": []
1173
+ },
1174
+ {
1175
+ "name": "policy-exception-gen",
1176
+ "version": "1.0.0",
1177
+ "triggers": [
1178
+ "ai pipeline exception",
1179
+ "compensating control",
1180
+ "control exception",
1181
+ "ephemeral exception",
1182
+ "exception request",
1183
+ "policy exception",
1184
+ "serverless exception",
1185
+ "zero trust exception"
1186
+ ],
1187
+ "data_deps": [
1188
+ "framework-control-gaps.json",
1189
+ "global-frameworks.json"
1190
+ ],
1191
+ "atlas_refs": [],
1192
+ "attack_refs": [],
1193
+ "framework_gaps": [],
1194
+ "rfc_refs": [],
1195
+ "cwe_refs": [
1196
+ "CWE-1188"
1197
+ ],
1198
+ "d3fend_refs": [],
1199
+ "dlp_refs": []
1200
+ },
1201
+ {
1202
+ "name": "pqc-first",
1203
+ "version": "1.0.0",
1204
+ "triggers": [
1205
+ "crypto migration",
1206
+ "fips 203",
1207
+ "fips 204",
1208
+ "fips 205",
1209
+ "harvest now decrypt later",
1210
+ "ml-dsa",
1211
+ "ml-kem",
1212
+ "openssl pqc",
1213
+ "post-quantum",
1214
+ "pqc",
1215
+ "quantum cryptography",
1216
+ "quantum migration",
1217
+ "quantum safe",
1218
+ "slh-dsa"
1219
+ ],
1220
+ "data_deps": [
1221
+ "cve-catalog.json",
1222
+ "framework-control-gaps.json"
1223
+ ],
1224
+ "atlas_refs": [],
1225
+ "attack_refs": [],
1226
+ "framework_gaps": [
1227
+ "NIST-800-53-SC-28",
1228
+ "NIST-800-53-SC-8"
1229
+ ],
1230
+ "rfc_refs": [
1231
+ "DRAFT-IETF-TLS-ECDHE-MLKEM",
1232
+ "DRAFT-IETF-TLS-HYBRID-DESIGN",
1233
+ "RFC-8032",
1234
+ "RFC-8446",
1235
+ "RFC-9106",
1236
+ "RFC-9180",
1237
+ "RFC-9420",
1238
+ "RFC-9794"
1239
+ ],
1240
+ "cwe_refs": [
1241
+ "CWE-327"
1242
+ ],
1243
+ "d3fend_refs": [
1244
+ "D3-FE",
1245
+ "D3-MENCR"
1246
+ ],
1247
+ "dlp_refs": []
1248
+ },
1249
+ {
1250
+ "name": "rag-pipeline-security",
1251
+ "version": "1.0.0",
1252
+ "triggers": [
1253
+ "embedding attack",
1254
+ "knowledge base security",
1255
+ "rag security",
1256
+ "rag threat model",
1257
+ "retrieval security",
1258
+ "vector poisoning",
1259
+ "vector store security"
1260
+ ],
1261
+ "data_deps": [
1262
+ "atlas-ttps.json",
1263
+ "framework-control-gaps.json"
1264
+ ],
1265
+ "atlas_refs": [
1266
+ "AML.T0020",
1267
+ "AML.T0043",
1268
+ "AML.T0051",
1269
+ "AML.T0054"
1270
+ ],
1271
+ "attack_refs": [
1272
+ "T1565"
1273
+ ],
1274
+ "framework_gaps": [
1275
+ "ISO-27001-2022-A.8.28",
1276
+ "NIST-800-53-SI-12",
1277
+ "NIST-AI-RMF-MEASURE-2.5",
1278
+ "OWASP-LLM-Top-10-2025-LLM08"
1279
+ ],
1280
+ "rfc_refs": [],
1281
+ "cwe_refs": [
1282
+ "CWE-1395",
1283
+ "CWE-1426"
1284
+ ],
1285
+ "d3fend_refs": [
1286
+ "D3-CSPP",
1287
+ "D3-IOPR",
1288
+ "D3-NTA"
1289
+ ],
1290
+ "dlp_refs": []
1291
+ },
1292
+ {
1293
+ "name": "researcher",
1294
+ "version": "1.0.0",
1295
+ "triggers": [
1296
+ "exceptd research",
1297
+ "new advisory",
1298
+ "new exploit",
1299
+ "new threat",
1300
+ "research this cve",
1301
+ "threat intel triage",
1302
+ "triage threat",
1303
+ "what should I do about",
1304
+ "where do I start",
1305
+ "which skill should I use"
1306
+ ],
1307
+ "data_deps": [
1308
+ "atlas-ttps.json",
1309
+ "cve-catalog.json",
1310
+ "exploit-availability.json",
1311
+ "framework-control-gaps.json",
1312
+ "global-frameworks.json",
1313
+ "zeroday-lessons.json"
1314
+ ],
1315
+ "atlas_refs": [],
1316
+ "attack_refs": [],
1317
+ "framework_gaps": [],
1318
+ "rfc_refs": [],
1319
+ "cwe_refs": [],
1320
+ "d3fend_refs": [],
1321
+ "dlp_refs": []
1322
+ },
1323
+ {
1324
+ "name": "sector-energy",
1325
+ "version": "1.0.0",
1326
+ "triggers": [
1327
+ "aescsf",
1328
+ "awwa cyber",
1329
+ "der security",
1330
+ "electric grid security",
1331
+ "energy security",
1332
+ "grid resilience",
1333
+ "inverter security",
1334
+ "nccs-g",
1335
+ "nerc cip",
1336
+ "oil gas cyber",
1337
+ "pipeline cyber",
1338
+ "renewable cyber",
1339
+ "smart meter security",
1340
+ "tsa sd-2021",
1341
+ "water utility cyber"
1342
+ ],
1343
+ "data_deps": [
1344
+ "atlas-ttps.json",
1345
+ "cve-catalog.json",
1346
+ "cwe-catalog.json",
1347
+ "d3fend-catalog.json",
1348
+ "framework-control-gaps.json",
1349
+ "global-frameworks.json"
1350
+ ],
1351
+ "atlas_refs": [],
1352
+ "attack_refs": [
1353
+ "T0855",
1354
+ "T0883",
1355
+ "T1078",
1356
+ "T1190"
1357
+ ],
1358
+ "framework_gaps": [
1359
+ "IEC-62443-3-3",
1360
+ "NERC-CIP-007-6-R4",
1361
+ "NIS2-Art21-patch-management",
1362
+ "NIST-800-82r3"
1363
+ ],
1364
+ "rfc_refs": [],
1365
+ "cwe_refs": [
1366
+ "CWE-1037",
1367
+ "CWE-287",
1368
+ "CWE-306",
1369
+ "CWE-798"
1370
+ ],
1371
+ "d3fend_refs": [],
1372
+ "dlp_refs": []
1373
+ },
1374
+ {
1375
+ "name": "sector-federal-government",
1376
+ "version": "1.0.0",
1377
+ "triggers": [
1378
+ "cisa bod",
1379
+ "cisa ed",
1380
+ "cmmc",
1381
+ "cui",
1382
+ "eo 14028",
1383
+ "federal cyber",
1384
+ "federal zero trust",
1385
+ "fedramp",
1386
+ "fisma",
1387
+ "government cybersecurity",
1388
+ "jab authorization",
1389
+ "m-22-09",
1390
+ "nist 800-171",
1391
+ "nist 800-172",
1392
+ "omb m-24-04",
1393
+ "stateramp"
1394
+ ],
1395
+ "data_deps": [
1396
+ "atlas-ttps.json",
1397
+ "cve-catalog.json",
1398
+ "cwe-catalog.json",
1399
+ "d3fend-catalog.json",
1400
+ "framework-control-gaps.json",
1401
+ "global-frameworks.json"
1402
+ ],
1403
+ "atlas_refs": [],
1404
+ "attack_refs": [
1405
+ "T1190",
1406
+ "T1195.001",
1407
+ "T1554"
1408
+ ],
1409
+ "framework_gaps": [
1410
+ "CMMC-2.0-Level-2",
1411
+ "FedRAMP-Rev5-Moderate",
1412
+ "NIST-800-218-SSDF",
1413
+ "SLSA-v1.0-Build-L3"
1414
+ ],
1415
+ "rfc_refs": [
1416
+ "RFC-8032",
1417
+ "RFC-8446"
1418
+ ],
1419
+ "cwe_refs": [
1420
+ "CWE-1357",
1421
+ "CWE-1395",
1422
+ "CWE-829"
1423
+ ],
1424
+ "d3fend_refs": [],
1425
+ "dlp_refs": []
1426
+ },
1427
+ {
1428
+ "name": "sector-financial",
1429
+ "version": "1.0.0",
1430
+ "triggers": [
1431
+ "23 nycrr 500",
1432
+ "apra cps 234",
1433
+ "banking security",
1434
+ "cbest",
1435
+ "dora",
1436
+ "ffiec",
1437
+ "financial security",
1438
+ "icast",
1439
+ "mas trm",
1440
+ "nydfs",
1441
+ "psd2",
1442
+ "psd3",
1443
+ "sca",
1444
+ "strong customer authentication",
1445
+ "swift cscf",
1446
+ "tiber-eu",
1447
+ "tlpt"
1448
+ ],
1449
+ "data_deps": [
1450
+ "atlas-ttps.json",
1451
+ "cve-catalog.json",
1452
+ "cwe-catalog.json",
1453
+ "d3fend-catalog.json",
1454
+ "dlp-controls.json",
1455
+ "framework-control-gaps.json",
1456
+ "global-frameworks.json"
1457
+ ],
1458
+ "atlas_refs": [
1459
+ "AML.T0017",
1460
+ "AML.T0096"
1461
+ ],
1462
+ "attack_refs": [
1463
+ "T1078",
1464
+ "T1190",
1465
+ "T1486",
1466
+ "T1567"
1467
+ ],
1468
+ "framework_gaps": [
1469
+ "NIST-800-53-AC-2",
1470
+ "PSD2-RTS-SCA",
1471
+ "SOC2-CC6-logical-access",
1472
+ "SWIFT-CSCF-v2026-1.1"
1473
+ ],
1474
+ "rfc_refs": [
1475
+ "RFC-7519",
1476
+ "RFC-8446",
1477
+ "RFC-8725",
1478
+ "RFC-9421"
1479
+ ],
1480
+ "cwe_refs": [
1481
+ "CWE-287",
1482
+ "CWE-352",
1483
+ "CWE-798",
1484
+ "CWE-862",
1485
+ "CWE-863"
1486
+ ],
1487
+ "d3fend_refs": [],
1488
+ "dlp_refs": []
1489
+ },
1490
+ {
1491
+ "name": "sector-healthcare",
1492
+ "version": "1.0.0",
1493
+ "triggers": [
1494
+ "ai diagnostic",
1495
+ "clinical decision support",
1496
+ "eu mdr",
1497
+ "fda cyber",
1498
+ "fhir",
1499
+ "healthcare security",
1500
+ "hipaa",
1501
+ "hitrust",
1502
+ "hl7",
1503
+ "medical device security",
1504
+ "patient data",
1505
+ "phi",
1506
+ "protected health information",
1507
+ "samd"
1508
+ ],
1509
+ "data_deps": [
1510
+ "atlas-ttps.json",
1511
+ "cve-catalog.json",
1512
+ "cwe-catalog.json",
1513
+ "d3fend-catalog.json",
1514
+ "dlp-controls.json",
1515
+ "framework-control-gaps.json",
1516
+ "global-frameworks.json"
1517
+ ],
1518
+ "atlas_refs": [
1519
+ "AML.T0017",
1520
+ "AML.T0051"
1521
+ ],
1522
+ "attack_refs": [
1523
+ "T1078",
1524
+ "T1530",
1525
+ "T1567"
1526
+ ],
1527
+ "framework_gaps": [
1528
+ "HIPAA-Security-Rule-164.312(a)(1)",
1529
+ "HITRUST-CSF-v11.4-09.l",
1530
+ "ISO-27001-2022-A.8.30",
1531
+ "NIST-800-53-AC-2"
1532
+ ],
1533
+ "rfc_refs": [
1534
+ "RFC-7519",
1535
+ "RFC-9421"
1536
+ ],
1537
+ "cwe_refs": [
1538
+ "CWE-1426",
1539
+ "CWE-200",
1540
+ "CWE-287",
1541
+ "CWE-862"
1542
+ ],
1543
+ "d3fend_refs": [],
1544
+ "dlp_refs": []
1545
+ },
1546
+ {
1547
+ "name": "security-maturity-tiers",
1548
+ "version": "1.0.0",
1549
+ "triggers": [
1550
+ "defense in depth",
1551
+ "how do we get from here to there",
1552
+ "implementation roadmap",
1553
+ "minimum viable security",
1554
+ "mvp security",
1555
+ "security best practices",
1556
+ "security maturity",
1557
+ "security roadmap",
1558
+ "security tiers",
1559
+ "what should we do first",
1560
+ "what's practical",
1561
+ "where to start"
1562
+ ],
1563
+ "data_deps": [
1564
+ "cve-catalog.json",
1565
+ "framework-control-gaps.json",
1566
+ "global-frameworks.json"
1567
+ ],
1568
+ "atlas_refs": [],
1569
+ "attack_refs": [],
1570
+ "framework_gaps": [],
1571
+ "rfc_refs": [],
1572
+ "cwe_refs": [
1573
+ "CWE-1188"
1574
+ ],
1575
+ "d3fend_refs": [],
1576
+ "dlp_refs": []
1577
+ },
1578
+ {
1579
+ "name": "skill-update-loop",
1580
+ "version": "1.0.0",
1581
+ "triggers": [
1582
+ "are skills current",
1583
+ "atlas update",
1584
+ "check skill currency",
1585
+ "forward watch",
1586
+ "framework update",
1587
+ "new cve update",
1588
+ "skill maintenance",
1589
+ "skill review",
1590
+ "update skills",
1591
+ "update threat intel"
1592
+ ],
1593
+ "data_deps": [
1594
+ "atlas-ttps.json",
1595
+ "cve-catalog.json",
1596
+ "exploit-availability.json",
1597
+ "framework-control-gaps.json",
1598
+ "global-frameworks.json",
1599
+ "zeroday-lessons.json"
1600
+ ],
1601
+ "atlas_refs": [],
1602
+ "attack_refs": [],
1603
+ "framework_gaps": [],
1604
+ "rfc_refs": [],
1605
+ "cwe_refs": [],
1606
+ "d3fend_refs": [],
1607
+ "dlp_refs": []
1608
+ },
1609
+ {
1610
+ "name": "supply-chain-integrity",
1611
+ "version": "1.0.0",
1612
+ "triggers": [
1613
+ "ai bom",
1614
+ "aibom",
1615
+ "cosign",
1616
+ "csaf",
1617
+ "cyclonedx",
1618
+ "in-toto",
1619
+ "model provenance",
1620
+ "sbom",
1621
+ "sigstore",
1622
+ "slsa",
1623
+ "software composition",
1624
+ "spdx",
1625
+ "supply chain",
1626
+ "vex"
1627
+ ],
1628
+ "data_deps": [
1629
+ "atlas-ttps.json",
1630
+ "cve-catalog.json",
1631
+ "cwe-catalog.json",
1632
+ "d3fend-catalog.json",
1633
+ "framework-control-gaps.json",
1634
+ "rfc-references.json"
1635
+ ],
1636
+ "atlas_refs": [
1637
+ "AML.T0010",
1638
+ "AML.T0018"
1639
+ ],
1640
+ "attack_refs": [
1641
+ "T1195.001",
1642
+ "T1195.002",
1643
+ "T1554"
1644
+ ],
1645
+ "framework_gaps": [
1646
+ "CMMC-2.0-Level-2",
1647
+ "CycloneDX-v1.6-SBOM",
1648
+ "FedRAMP-Rev5-Moderate",
1649
+ "HITRUST-CSF-v11.4-09.l",
1650
+ "NIST-800-218-SSDF",
1651
+ "NIST-800-53-SA-12",
1652
+ "SLSA-v1.0-Build-L3",
1653
+ "SPDX-v3.0-SBOM",
1654
+ "SWIFT-CSCF-v2026-1.1",
1655
+ "VEX-CSAF-v2.1"
1656
+ ],
1657
+ "rfc_refs": [
1658
+ "RFC-8032"
1659
+ ],
1660
+ "cwe_refs": [
1661
+ "CWE-1357",
1662
+ "CWE-1395",
1663
+ "CWE-494",
1664
+ "CWE-502",
1665
+ "CWE-829"
1666
+ ],
1667
+ "d3fend_refs": [
1668
+ "D3-CBAN",
1669
+ "D3-EAL",
1670
+ "D3-EHB"
1671
+ ],
1672
+ "dlp_refs": []
1673
+ },
1674
+ {
1675
+ "name": "threat-model-currency",
1676
+ "version": "1.0.0",
1677
+ "triggers": [
1678
+ "is our threat model current",
1679
+ "threat intelligence gap",
1680
+ "threat model currency",
1681
+ "threat model gap",
1682
+ "threat model review",
1683
+ "update threat model"
1684
+ ],
1685
+ "data_deps": [
1686
+ "atlas-ttps.json",
1687
+ "cve-catalog.json",
1688
+ "framework-control-gaps.json"
1689
+ ],
1690
+ "atlas_refs": [],
1691
+ "attack_refs": [],
1692
+ "framework_gaps": [],
1693
+ "rfc_refs": [],
1694
+ "cwe_refs": [],
1695
+ "d3fend_refs": [],
1696
+ "dlp_refs": []
1697
+ },
1698
+ {
1699
+ "name": "threat-modeling-methodology",
1700
+ "version": "1.0.0",
1701
+ "triggers": [
1702
+ "attack tree",
1703
+ "data flow diagram",
1704
+ "dfd",
1705
+ "diamond model",
1706
+ "kill chain",
1707
+ "linddun",
1708
+ "pasta",
1709
+ "stride",
1710
+ "threat model",
1711
+ "threat modeling",
1712
+ "threat modeling methodology",
1713
+ "trust boundary",
1714
+ "unified kill chain"
1715
+ ],
1716
+ "data_deps": [
1717
+ "atlas-ttps.json",
1718
+ "cve-catalog.json",
1719
+ "cwe-catalog.json",
1720
+ "d3fend-catalog.json",
1721
+ "framework-control-gaps.json"
1722
+ ],
1723
+ "atlas_refs": [],
1724
+ "attack_refs": [],
1725
+ "framework_gaps": [
1726
+ "ISO-27001-2022-A.8.28",
1727
+ "ISO-IEC-23894-2023-clause-7",
1728
+ "ISO-IEC-42001-2023-clause-6.1.2",
1729
+ "NIST-800-218-SSDF"
1730
+ ],
1731
+ "rfc_refs": [],
1732
+ "cwe_refs": [],
1733
+ "d3fend_refs": [],
1734
+ "dlp_refs": []
1735
+ },
1736
+ {
1737
+ "name": "webapp-security",
1738
+ "version": "1.0.0",
1739
+ "triggers": [
1740
+ "ai generated code",
1741
+ "broken access control",
1742
+ "command injection",
1743
+ "csrf",
1744
+ "file upload",
1745
+ "owasp asvs",
1746
+ "owasp top 10",
1747
+ "path traversal",
1748
+ "sql injection",
1749
+ "sqli",
1750
+ "ssrf",
1751
+ "unsafe deserialization",
1752
+ "web application security",
1753
+ "webapp security",
1754
+ "xss"
1755
+ ],
1756
+ "data_deps": [
1757
+ "atlas-ttps.json",
1758
+ "cve-catalog.json",
1759
+ "cwe-catalog.json",
1760
+ "d3fend-catalog.json",
1761
+ "framework-control-gaps.json",
1762
+ "rfc-references.json"
1763
+ ],
1764
+ "atlas_refs": [
1765
+ "AML.T0051"
1766
+ ],
1767
+ "attack_refs": [
1768
+ "T1059",
1769
+ "T1190",
1770
+ "T1505"
1771
+ ],
1772
+ "framework_gaps": [
1773
+ "ISO-27001-2022-A.8.28",
1774
+ "NIST-800-218-SSDF",
1775
+ "OWASP-ASVS-v5.0-V14",
1776
+ "OWASP-LLM-Top-10-2025-LLM01"
1777
+ ],
1778
+ "rfc_refs": [
1779
+ "RFC-7519",
1780
+ "RFC-8446",
1781
+ "RFC-8725",
1782
+ "RFC-9114"
1783
+ ],
1784
+ "cwe_refs": [
1785
+ "CWE-1188",
1786
+ "CWE-200",
1787
+ "CWE-22",
1788
+ "CWE-269",
1789
+ "CWE-287",
1790
+ "CWE-352",
1791
+ "CWE-434",
1792
+ "CWE-502",
1793
+ "CWE-732",
1794
+ "CWE-77",
1795
+ "CWE-78",
1796
+ "CWE-79",
1797
+ "CWE-862",
1798
+ "CWE-863",
1799
+ "CWE-89",
1800
+ "CWE-918",
1801
+ "CWE-94"
1802
+ ],
1803
+ "d3fend_refs": [],
1804
+ "dlp_refs": []
1805
+ },
1806
+ {
1807
+ "name": "zeroday-gap-learn",
1808
+ "version": "1.0.0",
1809
+ "triggers": [
1810
+ "0day learning",
1811
+ "exploit to control gap",
1812
+ "learn from exploit",
1813
+ "what control gap enabled this",
1814
+ "what should have caught this",
1815
+ "zero day lesson",
1816
+ "zeroday gap"
1817
+ ],
1818
+ "data_deps": [
1819
+ "atlas-ttps.json",
1820
+ "cve-catalog.json",
1821
+ "framework-control-gaps.json",
1822
+ "zeroday-lessons.json"
1823
+ ],
1824
+ "atlas_refs": [],
1825
+ "attack_refs": [],
1826
+ "framework_gaps": [],
1827
+ "rfc_refs": [],
1828
+ "cwe_refs": [],
1829
+ "d3fend_refs": [],
1830
+ "dlp_refs": []
1831
+ }
1832
+ ]
1833
+ }