18 Cybersecurity Prompts to Save Your Municipality
Generative AI can help you tackle everyday security tasks faster, from writing policies and building detection rules to analyzing incidents and planning red team exercises. Use these prompts with ChatGPT, Claude, Gemini, and Grok as starting templates for your specific needs.
Ground Rules for AI-Powered Security
Protect Sensitive Data
Never share confidential information, credentials, or proprietary data with AI tools. Keep your organization's secrets secure.
Follow Policies
Always adhere to your organization's AI usage policies and guidelines. Compliance matters.
Validate Output
Review and test all AI-generated content before implementation. Human oversight is essential.
Policy and Cybersecurity Awareness
These prompts help you create engaging security policies, training materials, and awareness content that resonates with your team.
Tabletop Exercise
Generate a tabletop incident response scenario that involves my team including support desk, system administrators, developers, and network engineers. Integrate elements from our tech stack including [list].
Phishing Newsletter
Develop a newsletter article explaining trends in phishing attacks to give employees clues on what to watch for. Remind people to report phishing emails to incidents@[domain.tld]. Keep the newsletter light and fun, appropriate for a non-technical audience. Limit to 300 words.
Email Policy
Develop a policy about acceptable use of employee email. Emphasize the need for business email to be used for business applications only. Use formal language appropriate for a company policy. Integrate recommendations from NIST SP 800-45v2 and compliance requirements for [industry]. What questions do you have for me?
Cyber Defence Prompts
Transform your defensive security operations with AI-powered analysis, detection engineering, and security architecture guidance.
Incident Timeline
You are an incident responder. Create a timeline from these logs showing: initial access, lateral movement, privilege escalation, and exfiltration. Note gaps. Make the output a table.
Detection Rules
You are a detection engineer. Based on these IOCs: [list], generate Sigma rules to detect this activity.
Security Architecture
You are a security architect. Compare our controls: [list] against MITRE ATT&CK and NIST CSF. Identify gaps, prioritize by risk, recommend cost-effective improvements.
Security Training
You are a security trainer. Create 5000-word training guide on [threat] for [audience]. Include real examples, red flags, response procedures, and reporting. Make it engaging and exciting.
Vulnerability Assessment
You are a vulnerability specialist. Prioritize these vulnerabilities for remediation: [CVEs]. Consider exploitability, asset criticality, exposure, exploits, controls, impact.
Forensics and Incident Response
Accelerate your investigation workflow with AI-assisted log analysis, timeline reconstruction, and artifact examination.
Log Analysis
You are an incident response analyst. Review these log entries and create a timeline of attacker activity. Identify key events, gaps in visibility, and suggest additional data sources to investigate.
Challenge Assumptions
You are an expert analyst known for skeptical analysis. I believe [finding] is a security incident. Challenge my assumptions. Provide alternative explanations that are NOT malicious. Suggest validation steps to confirm or disprove the incident.
Baseline Configuration
Write a PowerShell script that baselines Windows host configuration to multiple files for later comparison using Compare-Object to detect changes indicative of attacker activity.
Indicator Enrichment
Enrich these indicators [IP addresses/domains/file hashes] with threat intelligence context, known campaigns or threat actors, first/last seen dates, associated malware families, and recommended detection/blocking strategies.
Disk Artifact Review
Review these disk artifacts [$MFT/USN journal/browser history/prefetch files]. Reconstruct the user activity timeline, deleted file recovery opportunities, evidence of anti-forensic tools, and file staging/collection activities.
Offensive Operations
Enhance your red team and penetration testing capabilities with AI-powered reconnaissance, exploit development, and attack simulation.
Password Analysis
Analyze these user passwords from breach data (attached). Identify patterns that may reveal future password selection practices.
Exploit Development
This link is a commit to a popular open-source project with a recent security fix. Develop a PoC after analyzing the patch details.
Phishing Campaign
You are a red team operator. Design a phishing campaign for [industry] targeting [role]. Include: pretext, delivery, payload, metrics, and psychological techniques.
Active Directory Attack Paths
You are an AD security specialist. Map attack paths from [starting point] to Domain Admin. Include: Kerberoasting, AS-REP roasting, GPO abuse, certificate services manipulation, and privilege delegation issues.
Certificate and Service Discovery
Use sslmate-mcp and nmap-mcp to identify and scan the 10 most recent certificates issued to [domain]. Identify any services that accept username and password authentication. Generate a report identifying each host, the listening services, and whether the service accepts remote authentication.
Start Securing with AI Today
These 18 prompts are your starting point for leveraging generative AI in cybersecurity operations. Customize them for your specific environment, always validate the output, and never share sensitive data with AI tools.
18
Ready-to-Use Prompts
Covering defense, forensics, and offensive operations
4
AI Platforms
Compatible with ChatGPT, Claude, Gemini, and Grok
100%
Validation Required
Always review AI output before implementation
By Joshua Wright, SANS Faculty Fellow — Remember to follow your organization's AI policies and protect sensitive information at all times.