26 prompts
Register a cloud exposure risk
“Register a risk: our S3 buckets may be publicly accessible, exposing customer data. Likelihood 4, impact 5.”
Result: Creates a high-severity risk (score 20/25) in your register
Third-party vendor risk
“Add a risk for our payment processor having inadequate security controls. We process 50k transactions/month.”
Result: Creates a vendor risk with appropriate category and scoring
Authentication gap risk
“Register a risk that we don't enforce MFA for admin accounts, leaving us vulnerable to credential theft.”
Result: Creates an access control risk with mitigation suggestions
List top risks
“What are our top 5 highest-scoring risks right now?”
Result: Summarizes your current risk register ranked by severity
Mark a risk as accepted
“Update our logging gaps risk to status 'accepted' — leadership has reviewed and accepted this risk.”
Result: Updates risk status and records the acceptance decision
SOC 2 readiness check
“What's our current SOC 2 Type II readiness? Which criteria are incomplete?”
Result: Shows completion % per Trust Services Criteria with gaps
ISO 27001 gap analysis
“Run a gap analysis for ISO 27001:2022 and tell me which Annex A controls we're missing.”
Result: Lists unmet ISO 27001 controls with priority recommendations
NIST CSF posture
“Show me our NIST CSF posture across all five functions: Identify, Protect, Detect, Respond, Recover.”
Result: Scorecard breakdown by NIST CSF function
Mark a requirement as complete
“Mark SOC 2 CC6.1 (Logical Access Controls) as complete — we just finished implementing MFA.”
Result: Updates the requirement status and timestamps completion
Add a compliance framework
“Add HIPAA to our compliance program — we're starting to serve healthcare customers.”
Result: Creates the HIPAA framework with all requirements in your register
Add a data encryption control
“Create a preventive control for encrypting data at rest using AES-256 across all our databases.”
Result: Creates a control record with effectiveness tracking
Quarterly access review control
“Add a detective control for quarterly user access reviews — all admin accounts reviewed every 90 days.”
Result: Creates an access review control with review cadence
Find relevant controls
“What controls do we have that address encryption and key management?”
Result: Lists matching controls with effectiveness ratings
Link a control to a risk
“Link our MFA enforcement control to the credential theft risk to show it reduces residual risk.”
Result: Creates the risk-control mapping and recalculates residual score
Incident response control
“Create a corrective control for our incident response procedure — P1 incidents resolved within 4 hours.”
Result: Creates an incident response control with SLA parameters
Log a penetration test
“Record evidence that we completed our annual penetration test in January 2025 with no critical findings.”
Result: Creates an evidence record with test metadata
Security training completion
“Add evidence that 100% of employees completed security awareness training this quarter.”
Result: Creates training completion evidence linked to relevant controls
List expiring evidence
“Which evidence records are expiring in the next 60 days and need to be renewed?”
Result: Shows evidence items approaching expiry with renewal actions
Business continuity test
“Create evidence for our business continuity plan test — we ran a tabletop exercise on March 15th.”
Result: Creates BCP test evidence with test date and findings
Import GitHub security alerts
“Import open Dependabot alerts from GitHub and create risks for any critical or high severity ones.”
Result: Creates risks from open GitHub security alerts automatically
Create a Jira ticket for a risk
“Create a Jira ticket for our unpatched servers risk so the DevOps team can track remediation.”
Result: Creates a linked Jira issue with risk details pre-filled
Send a risk alert to Slack
“Send a Slack notification to #security-team about our new critical risk that needs immediate attention.”
Result: Posts a formatted risk alert to your configured Slack channel
Connect GitHub
“Connect our GitHub organization using a personal access token with security_events scope.”
Result: Saves GitHub credentials and verifies the connection
Executive risk summary
“Generate an executive summary of our security posture — risk trends, compliance status, and top priorities.”
Result: Creates a board-ready summary of your security program
Audit preparation checklist
“We have a SOC 2 audit in 30 days. What do we still need to complete and what evidence is missing?”
Result: Prioritized checklist of items needed before audit
Risk reduction trend
“How has our overall risk score changed over the past 3 months? Are we improving?”
Result: Shows risk score trend with before/after control implementation