Lifecycle Prompt Builder

The System Instructions page gives you role and sector slices. The AI security lifecycle page maps six stages to the tool and data file that carry each accountability answer. This builder stitches the two together. Pick a persona, an industry vertical, a lifecycle stage, and an operating model. It returns one prompt that names the single accountable party, resolves any "shared" default to one owner, cites the canonical IDs, and points your agent at the exact data file and on-site tool for that stage.

Choose four inputs

Accountable layer
Single accountable party
Shared resolution

Recipe matrix: stage to tool and data file

Each lifecycle stage maps to one on-site tool and one data file. This table is the core of the builder and works with JavaScript disabled. The generated prompt above adds the persona, vertical, operating model, and the single resolved accountable party.

Lifecycle stage On-site tool Data file Accountability answer it carries
01 Threat modeling and risk analysis reference Layer Accountability Matrix /data/threats.json Which layers are yours to model, and the persona who owns each identified risk.
02 Adversarial testing and red teaming reference Red Team Scoping Tool /data/threats.json Which layers are testable, which need provider authorization, and who owns each finding before testing starts.
03 Secure development and AI supply chain reference Vendor Risk Assessment /data/vendor-risk.json Which persona produces each attestation at a supply-chain handoff, and which persona verifies it.
04 Control implementation and benchmarking reference Controls Assessment (AICM) Vertical control schema (per industry) The accountable persona for each control under your deployment model.
05 Vulnerability management and finding remediation reference Incident Response Playbooks /data/finding-routing.json Whose queue a scored finding goes in, and who signs residual acceptance if it will not be fixed.
06 Detection, monitoring, and incident response reference Incident Response Playbooks /data/finding-routing.json Who leads when a boundary fails, what to demand from the other side, and which evidence obligations survive the incident.

Personas, layers, operating models, and the resolved owners come from /data/personas.json, /data/layers.json, /data/matrix.json, and the authoritative resolver /data/finding-routing.json. Canonical IDs are in /ids.json.

The builder applies the CoSAI AI Shared Responsibility Framework rule of exactly one accountable party per activity. Where a layer's operating-model default is "shared" or "model evaluation," the resolver names the single lead and records the counterparty obligation, because shared is not a valid final answer. The generated prompt is a grounding artifact, not legal advice, and does not by itself transfer liability. Verify named owners against your contracts and internal delegations of authority.

← Back to System Instructions