inwo inwo.
← all posts

Anthropic Cybersecurity Skills: A Structured Security Playbook for AI Agents

June 18, 2026 · Shingo Nakamura · AI

A capable AI agent can write code and search the web, but it usually doesn’t know which Volatility3 plugin to run on a suspicious memory dump, which Sigma rules catch Kerberoasting, or how to scope a cloud breach across three providers. A junior security analyst learns those playbooks on the job; a generic large language model has to guess. Anthropic Cybersecurity Skills, an independent community project by @mukul975, tries to close that gap by handing an agent the structured workflows a senior analyst would follow.

It’s an Apache-2.0 library of 754 cybersecurity skills across 26 security domains, each written to the agentskills.io open standard and mapped to five industry frameworks. You point your agent at the folder and, when you ask it to investigate something, it loads the relevant playbook and works through a vetted procedure instead of improvising. The framing throughout is defensive: threat hunting, digital forensics, incident response, detection engineering, and the blue-team side of red-team techniques.

One thing to get out of the way first, because the name invites it: this is not an Anthropic product. The README states plainly that it is “an independent, community-created project” and “Not affiliated with Anthropic PBC.” This post is a high-level, defensive read of what the collection covers and where it’s useful — it does not reproduce any offensive tooling, payloads, or step-by-step attack instructions, and you shouldn’t need them to understand the project.

What it is

Anthropic Cybersecurity Skills is a knowledge base of practitioner workflows packaged as agent-readable skills. Each skill is a small directory built around a SKILL.md file — YAML frontmatter for fast discovery, then a Markdown body that walks an agent through when to use the skill, what it needs, the steps to run, and how to verify the result. The author describes it as an “AI-native knowledge base,” not a collection of scripts or checklists; the value is in the encoded decision-making, not in any single command.

The library is organised into 26 domains — among them cloud security, threat hunting, threat intelligence, digital forensics, security operations, incident response, malware analysis, container and OT/ICS security, and compliance. Every skill carries mappings to MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS (the AI/ML adversarial-threat matrix), MITRE D3FEND (defensive countermeasures), and the NIST AI Risk Management Framework. The README claims it is the only open-source skills library with unified coverage across all five.

Why it matters

The case for it rests on a real, citable problem the project leads with:

  • The skills gap is structural, not just numeric. ISC2’s 2024 workforce study put the global cybersecurity gap at roughly 4.8 million unfilled roles (cited in the README). AI agents can absorb some of that load, but only if they have practitioner playbooks to follow rather than generic instructions.
  • It encodes judgment, not just commands. Existing security repos tend to give you wordlists or tool snippets. The harder thing to capture — when to use a technique, what to check first, how to confirm you got the right answer — is exactly what these skills try to write down.
  • Framework mapping turns work into evidence. Because each skill is tagged to ATT&CK, NIST CSF, ATLAS, D3FEND and AI RMF, the findings an agent produces drop straight into the language auditors and compliance teams already use.
  • It runs where you already work. The agentskills.io standard means the same library loads into Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI and a long list of other agents without per-tool reformatting.

How it works

Every skill lives in its own directory with a predictable shape: a SKILL.md definition, a references/ folder for framework mappings and deep procedure notes, optional scripts/ for helper code, and assets/ for report templates and checklists. The frontmatter is keyword-rich on purpose so an agent can find the right skill by matching tags, description and domain.

The mechanism that makes a 754-skill library usable inside a context window is progressive disclosure. The README reports that scanning a skill’s frontmatter costs only about 30 tokens, while fully loading a skill’s workflow costs roughly 500–2,000 tokens. So an agent can sweep the whole catalogue cheaply, shortlist the few skills that match the task, and load only those in full.

How an agent loads a cybersecurity skill on demand An analyst prompt arrives; the agent scans 754 skill frontmatters at about 30 tokens each, shortlists the matching skills, loads the top few in full at 500 to 2000 tokens, runs the workflow step by step, then verifies findings and maps them to frameworks like MITRE ATT and CK. Analyst prompt e.g. triage a dump Scan frontmatter 754 skills · ~30 tok each Shortlist + load top matches · 500–2k tok Run workflow vetted steps Verify + map confirm · tag to ATT&CK progressive disclosure keeps the whole catalogue searchable inside one context window
The on-demand loading path: cheap frontmatter scan over all 754 skills, full load of only the matches, then a structured run-and-verify loop that ends in framework-tagged findings.

The structured body is what keeps the agent on rails. The README documents a consistent set of sections — When to Use (trigger conditions), Prerequisites (tools and access), Workflow (the step-by-step procedure with decision points), and Verification (how to confirm success). That last section matters most for defensive work: it’s the difference between an agent that claims it found credential theft and one that confirms indicators of compromise and maps them to a specific ATT&CK technique.

Getting started

The project recommends a one-line install via the skills CLI, or a plain Git clone if you’d rather inspect the files first. Introduce it to your agent and it picks the library up automatically.

# Option 1: the skills CLI (recommended)
npx skills add mukul975/Anthropic-Cybersecurity-Skills

# Option 2: clone and point your agent at the folder
git clone https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git

The README states it works “immediately with Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor, Gemini CLI, and any agentskills.io-compatible platform.” Because the format is the shared standard rather than a vendor lock-in, the same checkout loads across that whole list with no per-tool configuration.

In practice

The cleanest way to see the intent is the worked example from the README, which is squarely a defensive incident-response scenario. An analyst asks the agent to examine a memory dump for signs of credential theft. The agent scans the catalogue, shortlists the relevant forensics and detection skills, loads a small number in full — memory forensics with Volatility3, hunting for credential dumping, and analysing Windows event logs for credential access — then runs each workflow, correlates the evidence, and validates its findings against the verification steps before mapping the result to ATT&CK’s credential-access technique.

That shape generalises to a lot of blue-team and learning work:

  • DFIR triage. Memory and disk forensics, timeline reconstruction, and log analysis to scope an incident and produce an evidence-backed account rather than a hunch.
  • Threat hunting. Hypothesis-driven hunts and behavioural analytics — for example, looking for living-off-the-land activity — with the agent suggesting which data to pull and how to confirm a lead.
  • Detection engineering and SOC work. SIEM correlation, alert triage, and turning a known adversary behaviour into a detection, with the framework mapping giving you coverage you can point at.
  • Cloud and container defence. Hardening checks and configuration review across AWS, Azure and GCP, plus Kubernetes RBAC and image scanning.
  • Learning the craft. For someone studying for the blue team, each skill reads as a documented procedure with a stated rationale and a verification step — a structured way to see how a senior analyst reasons.

The collection also includes domains framed around offensive techniques — red teaming and penetration testing among them. In keeping with a defensive read, the useful framing for those is detection and resilience: understanding an adversary’s playbook so you can hunt for it, validate your own controls in authorised engagements, and harden against it. Anything in that territory is for environments you own or are explicitly authorised to test, and this post deliberately keeps to that high level rather than reproducing any technique detail.

How it compares

The honest comparison is against the things people reach for today when they want an agent to do security work.

ApproachWhat you getWhere it falls short
Generic agent, no skillsFlexible, writes code, searches the webGuesses at tool commands; skips verification steps
Wordlist / payload / exploit reposRaw material for a specific techniqueNo decision workflow, no “when” or “how to verify”; not framework-mapped
Hand-written CLAUDE.md or promptsYour own conventions, tuned to youYou build and maintain every playbook yourself
This library754 vetted, framework-mapped workflows, one installCommunity-maintained accuracy; breadth varies by domain

The project’s own positioning is that other security repos hand you ingredients — wordlists, payloads, exploit code — while this one encodes the analyst’s decision-making layer on top, mapped to compliance frameworks. That’s a fair distinction, and it’s the main reason to prefer a structured skills library over a pile of scripts when the consumer is an agent rather than a human.

Performance

There are no published benchmarks here, and I won’t invent any. The library does not ship accuracy numbers or independent evaluations, so treat the gains qualitatively.

What the design plausibly improves is consistency and completeness. An agent without these skills tends to improvise tool invocations and skip the unglamorous steps — checking prerequisites, confirming an indicator, verifying a result. The skills replace that improvisation with a fixed procedure that ends in a verification section, which is exactly where ad-hoc agent work usually goes wrong. The token economics are the other concrete win: progressive disclosure (about 30 tokens to scan a skill, 500–2,000 to load one) is what makes a 754-skill catalogue searchable in a single pass without exhausting the context window. Both of these are mechanism-level arguments, not measured outcomes — useful to reason about, not a leaderboard.

Tradeoffs

The honest cons matter more than usual for a project in this space.

  • The dual-use caveat is the big one. Security knowledge is inherently dual-use, and the catalogue includes red-team and penetration-testing material. The responsibility sits with the operator: these workflows belong in authorised, owned environments, used to defend and to test with permission — never against systems you don’t own. The collection’s value is real precisely because the knowledge is real, which is the same reason it demands care.
  • Accuracy is community-maintained. This is an independent project, not a vendor-validated product. The README says PRs are reviewed for technical accuracy within 48 hours, but you are ultimately trusting community review. An AI agent following an out-of-date or subtly wrong procedure can be confidently incorrect, so a human in the loop on consequential actions is non-negotiable.
  • The name is misleading. “Anthropic Cybersecurity Skills” reads like an official Anthropic product; it isn’t. The README is explicit about that, but the branding will cause confusion, and it’s worth being clear-eyed about.
  • Breadth is uneven. Some domains are deep (cloud security, threat hunting); others are thin — the README itself flags Deception Technology and Compliance & Governance as needing the most contribution. Don’t assume uniform depth across all 26 domains.
  • External validation is light. Beyond the author’s own site and a couple of cited blog and social posts, independent coverage is mostly automated aggregator and directory listings rather than substantive third-party review. Judge it on the files, not on its listing count.

Takeaway

Anthropic Cybersecurity Skills is a serious attempt to give an AI agent the one thing a generic model lacks: the structured, verifiable playbooks a security practitioner carries in their head, written down and mapped to the frameworks the industry already speaks. Reach for it when you want an agent to do defensive work — DFIR, threat hunting, detection engineering, cloud hardening — with consistency and an audit trail, or when you’re learning the craft and want documented procedures to study. Be deliberate about the dual-use material, keep a human in the loop on anything consequential, remember it’s a community project rather than an Anthropic one, and verify before you trust. Within those bounds, it turns “my agent can search the web” into “my agent follows the same checklist a senior analyst would” — and that’s a meaningful upgrade.

cybersecurity skills claude defensive-security mitre-attack agents