The Anthropic Cybersecurity Skills repository is an open-source library containing 817 structured cybersecurity skills designed specifically for AI agents. The project maps these skills across six major security frameworks: MITRE ATT&CK v19.1, NIST CSF 2.0, MITRE ATLAS, MITRE D3FEND, NIST AI RMF, and the MITRE Fight Fraud Framework (F3). This unified cross-framework coverage is unique among open-source skills libraries, allowing each skill to satisfy multiple compliance and security standards simultaneously. The repository follows the agentskills.io open standard and is compatible with over 26 AI platforms including Claude Code, GitHub Copilot, Cursor, Gemini CLI, and numerous others.
The skills span 29 distinct security domains and are organized to provide AI agents with the structured decision-making workflows that senior security analysts follow. Rather than offering generic scripts or wordlists, the repository encodes real practitioner knowledge through YAML frontmatter for rapid discovery and structured Markdown for step-by-step execution. Each skill includes reference files for deeper technical context, enabling agents to understand when to use each technique, what prerequisites to check, how to execute procedures, and how to verify results. The project explicitly addresses the cybersecurity workforce gap, which reached 4.8 million unfilled roles globally in 2024, by augmenting AI agents with domain expertise that transforms them from generic language models into capable security analysts.
The MITRE ATT&CK mapping is comprehensive, with all 754 skills validated against ATT&CK v19.1 using the official mitreattack-python library. The skills cover all 15 Enterprise tactics plus ICS and Mobile techniques where relevant, spanning 286 distinct techniques. The repository reflects ATT&CK v19.1's restructured Defense Evasion tactic, now split into Stealth and Defense Impairment categories. The MITRE Fight Fraud Framework integration is particularly recent, with F3 v1.1 released on April 9, 2026, adding fraud-specific tactics including Positioning and Monetization that extend beyond ATT&CK's initial compromise focus. The repository includes 94 fraud-relevant skills mapped to F3, with all 123 F3 v1.1 technique IDs verified against the upstream STIX bundle.
According to GitGenius tracking data, the repository has demonstrated steady growth, with stargazers increasing from 24,368 to 24,375 since July 4, 2026. The primary maintainer mukul975 has logged 58 tracked events, with additional contributors optimization2026 and Systech2021-1952 showing 4 and 3 events respectively. The most active issue labels are good first issue with 11 occurrences, followed by enhancement and help wanted with 8 each. The median issue and pull request response latency is 0.0 hours with a mean of 103.4 hours across 30 tracked items, indicating responsive community engagement. The repository is written in Python and licensed under Apache 2.0, with overlapping contributors linking it to related projects including openclaw, composiohq/awesome-claude-skills, and anthropics/claude-code.
The project includes explicit security guidance emphasizing authorized and lawful use only. The library encompasses offensive and dual-use techniques such as red-team command and control, phishing simulation, and exploitation tools, which are intended exclusively for authorized penetration testing, security research, defense, and education. Users are required to obtain explicit written permission before testing against systems they do not own and must comply with all applicable laws and rules of engagement. The repository maintains a SECURITY.md file and CODE_OF_CONDUCT.md to establish responsible use expectations. Additionally, the creator is conducting the Global Agentic AI Readiness Survey (GARS-2026), an academic study measuring how prepared security professionals and enterprises are for agentic AI workflows, with survey responses offering early access to casky.ai.