Skip to content

ecuware/AI-Security-Analytics-Prompt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
prompt.md
prompt.md
 
 

Repository files navigation

AI Security Analytics Prompt

A comprehensive prompt template for conducting white-box security assessments and generating production-ready security audit reports.

Overview

This prompt is designed to guide AI systems (like GPT-4, Claude, etc.) in performing thorough security audits of software projects. It transforms generic security scanning into a structured, evidence-based assessment that produces actionable security reports.

What It Does

The prompt instructs an AI to:

  • Perform comprehensive security analysis of codebases, infrastructure, and configurations
  • Identify realistic, exploitable vulnerabilities with clear evidence and code references
  • Generate production-ready security.md reports suitable for engineering teams, security leadership, and compliance officers
  • Map findings to compliance frameworks (SOC 2, ISO 27001, PCI-DSS, GDPR, NIST CSF)
  • Provide actionable remediation guidance with code examples and prioritization

Key Features

  • Zero false positives: Every finding must be verifiable and exploitable
  • Business context: Risks mapped to actual business impact (financial, regulatory, reputation)
  • Evidence-based: All findings include exact file paths, line numbers, and code snippets
  • Compliance-ready: Findings mapped to control frameworks
  • Prioritized: Risks ranked by CVSS 3.1 + business impact

Usage

  1. Provide this prompt to an AI assistant along with your project's source code
  2. The AI will analyze your codebase following the methodology outlined in the prompt
  3. Review the generated security.md report with detailed findings and remediation steps

Target Audiences

The generated reports are designed for:

  • Engineering Teams: Actionable remediation with code examples
  • Security Leadership: Risk prioritization and strategic recommendations
  • Compliance Officers: Control mapping to regulatory frameworks
  • External Auditors: Evidence-based findings with clear traceability
  • Product Management: Security vs. feature trade-offs

Coverage Areas

  • OWASP Top 10 (2021) and API Security Top 10 (2023)
  • Business logic vulnerabilities
  • Authorization boundary violations
  • Architectural weaknesses
  • Supply chain risks
  • Configuration drift
  • Cloud-native security
  • Container security
  • CI/CD pipeline security

Quality Standards

The prompt enforces:

  • Precision over verbosity: Every sentence must add value
  • Contextual relevance: No generic recommendations without evidence
  • Architectural insight: Root cause analysis, not just symptoms
  • Evidence-based findings: Concrete code references required
  • Business context: Technical findings mapped to business impact

License

This prompt is provided as-is for use in security assessments and audit processes.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors