Where every claim in SecProve
comes from.

NATO-accredited research center on strategic communications, information warfare, and influence operations. Publishes detailed case studies on hybrid-warfare campaigns from a defense perspective.

Top 10 security risks for APIs. Covers broken object-level authorization, authentication failures, excessive data exposure, and more.

International standard for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

Cataloged threat groups with associated TTPs. Good for questions on attribution, TTP overlap, and intelligence-driven detection.

Open-source project for signing, verifying, and protecting software supply chains. Keyless signing for artifacts.

Open-source investigations of disinformation campaigns and information warfare. Methodology-forward — they publish their workflows, not just findings.

AWS best practices for designing and operating secure workloads in the cloud. Covers IAM, detection, infrastructure protection, and incident response.

Conference presentations covering novel attack techniques and defensive research. Essential for cutting-edge offensive/defensive questions. AI Village talks particularly relevant for Pillars B and C.

Open-source digital forensics tools for disk image analysis. Industry standard for incident investigation and evidence collection.

Four vertices: Adversary, Capability, Infrastructure, Victim. Complements the Kill Chain and ATT&CK. Questions on analytical frameworks and when to apply each model.

18 prioritized security controls organized into Implementation Groups (IG1, IG2, IG3). Practical and prescriptive — good for questions about prioritization and which controls matter most for different organization sizes.

Consensus-based security configuration guides for 100+ technologies. The industry standard for hardening systems.

Federal hub for ransomware prevention, mitigation, and recovery guidance. Joint advisories with FBI/MS-ISAC, no-cost CISA services, and the ransomware-specific recovery checklist.

No-cost CISA assessment of operational resilience and cybersecurity practices for critical infrastructure operators. Maps to NIST CSF for gap analysis.

Annual federal campaign with current-year themes, free materials, and partner toolkits. Reflects the public-facing federal stance on awareness messaging.

Federal hub for cybersecurity training resources, career development pathways, and free CISA-developed training programs. Companion to NICE for workforce-readiness questions.

Federal hub for U.S. perspective on foreign influence ops, election integrity, and counter-disinformation guidance. Includes "rumor vs. reality" public briefings.

Authoritative feed of ICS-CERT advisories covering vulnerabilities in PLCs, HMIs, SCADA platforms, and OT vendors. The primary source for tracking active threats to industrial systems.

Federal guidance on protecting GPS/GNSS-dependent infrastructure from spoofing and jamming. Resilient PNT executive order context, sector-specific resilience profiles.

Framework for transitioning to zero trust architecture across five pillars: identity, devices, networks, applications, and data.

Network traffic trends, DDoS statistics, protocol adoption. Useful for questions about scale and real-world network security challenges, not Cisco product-specific.

Open-source network intrusion detection and prevention system. Industry standard for real-time traffic analysis and packet logging.

Cloud-specific control framework with 197 controls across 17 domains. Mapped to NIST 800-53, ISO 27001, PCI DSS, GDPR. The reference for cloud-architecture control questions.

Peer-ranked cloud threats. The shift from infra issues to identity/access/misconfiguration reflects cloud maturity. Good for questions testing threat prioritization understanding.

Set of practical cryptography exercises. Learn by breaking real-world crypto systems — the best way to understand cryptographic vulnerabilities.

Curated newsletter covering detection engineering practices, tools, and techniques. Practical resource for SOC and detection teams.

Mature, widely deployed medium-interaction SSH and Telnet honeypot. Logs attacker commands, captures malware, proxies sessions. The standard reference implementation for SSH-honeypot questions.

Comprehensive CISO leadership reference. Covers building programs, board communication, metrics, and team development.

UK/international pen test certification body. Their guides cover methodology, reporting standards, and ethics. Useful for questions on professional standards in offensive security.

Comprehensive guidance for cloud security best practices. Covers architecture, governance, compliance, and operations.

Annual OT/ICS threat landscape report. Tracks threat groups (Chernovite, Bentonite, etc.) targeting industrial systems. Original research, not marketing.

EU-focused annual threat assessment. Covers ransomware, supply chain, disinformation, state-sponsored threats. Useful counterpoint to US-centric sources.

13 provisions for consumer IoT security. No default passwords, vulnerability disclosure policy, secure update mechanisms. The emerging regulatory baseline for IoT.

EU-operated database of pro-Kremlin disinformation cases and analysis. The reference dataset for pro-Russia narrative tracking, with 17,000+ cataloged cases and weekly trend reports.

EU's annual reports on Foreign Information Manipulation and Interference. Codifies the FIMI taxonomy increasingly used in EU policy discussions.

Data subject rights, lawful bases for processing, DPO requirements, breach notification (72 hours), cross-border transfers. The global privacy benchmark.

Full text of the General Data Protection Regulation. The EU's comprehensive data protection law that applies globally to EU residents' data.

Quantitative risk analysis framework. Provides a model for understanding, analyzing, and quantifying information risk in financial terms.

Specifications for passwordless authentication using public key cryptography. The future of secure authentication.

The push toward passwordless authentication. Questions on how FIDO2/WebAuthn works, passkey lifecycle, and comparison to traditional MFA.

The standardized vulnerability severity scoring system referenced by virtually every vuln management program. v3.1 widely deployed; v4.0 introduces threat and environmental refinements.

Forrester originated the Zero Trust concept (John Kindervag, 2010). Their extended model includes workloads, data, networks, devices, people, visibility/analytics, automation/orchestration.

Originating Gartner article that defined CTEM as a five-stage program: scoping, discovery, prioritization, validation, mobilization. The reference for the CTEM acronym and process model.

The original enterprise ZTA implementation case study. Six published papers covering architecture, migration, and lessons learned. Vendor-specific but pioneered the practical approach to zero trust.

The TLS 1.3 specification. Removes legacy cipher suites, adds 0-RTT, mandates forward secrecy. Required reading for any TLS/PKI question.

Indicator hierarchy from hash values (trivial) to TTPs (tough). Foundational concept for detection engineering and threat intelligence questions.

Investigative journalism on cybercrime, breaches, and network security incidents. Good for real-world scenario questions grounded in actual events.

Multi-part standard covering security levels, zones and conduits, component requirements. International standard for industrial cybersecurity.

Annual workforce gap analysis. The "3.4 million shortfall" and similar stats. Good for questions on workforce development, hiring challenges, and security program building.

Peer-reviewed methodology for performing security tests. Provides a scientific approach to security testing with measurable results.

International standard for business continuity management systems. Defines requirements for establishing, implementing, and maintaining a BCMS. Often paired with ISO 27001 for combined audits.

Seven phases from Reconnaissance to Actions on Objectives. Widely adopted but also widely critiqued (assumes perimeter-centric model). Good for compare/contrast with ATT&CK and Unified Kill Chain.

Detailed campaign analyses with TTPs mapped to ATT&CK. APT1, APT28/29, UNC groups. Primary source for threat-actor-specific IR questions. Not marketing — these are original threat research.

Annual IR data: dwell time trends, initial access vectors, detection sources. Empirical data from thousands of engagements. One of the few sources for real-world detection/response metrics.

Mandiant's FLARE team publishes capa, FLOSS, and other widely-used reversing tools alongside in-depth malware deep-dive blog posts. The reference for vendor-published reversing primitives.

Business strategy perspective on cyber risk. Useful for questions about communicating security value to executives and boards, ROI of security investments.

Open-source threat intelligence platform for sharing, storing, and correlating indicators of compromise and threat data.

Adversary engagement framework. Maps deception and denial operations to ATT&CK adversary behaviors. The defensive complement to ATT&CK for planning deception operations.

Independent evaluations of security products against real-world attack scenarios. Good for questions about detection coverage, visibility gaps, and evaluation methodology.

The two defining supply chain incidents of recent years. CISA's postmortem reports are primary sources for scenario-based questions about detection, response, and prevention.

Expert analysis of how international law applies to cyber operations. Sovereignty, use of force, law of armed conflict in cyberspace. The primary reference for legal/policy questions in cyber warfare.

Foundational capabilities IoT manufacturers should provide: device identification, configuration, data protection, logical access, software update, cybersecurity state awareness. The baseline US regulators cite.

NIST's selected post-quantum cryptographic algorithms: ML-KEM, ML-DSA, and SLH-DSA. The future of cryptography in the quantum era.

Guide for applying the RMF to information systems and organizations. Covers categorization, control selection, implementation, assessment, authorization, and monitoring.

Federal methodology for security assessments: target identification, vulnerability analysis, validation. Underpins both penetration testing and exposure management programs.

Guide to protecting the confidentiality of personally identifiable information. Covers PII identification, impact assessment, and safeguards.

The systems-security-engineering doctrine: lifecycle processes, design principles, and assurance for trustworthy systems. The most rigorous federal reference for security architecture.

Cyber-resiliency engineering framework. Covers deception, diversity, dynamic positioning, and other techniques for systems designed to operate through compromise. The systems-engineering view of active defense.

Practices for identifying, assessing, and mitigating cyber supply chain risks. Covers acquisition, development, and operations.

Cybersecurity Supply Chain Risk Management. Integrates C-SCRM into the RMF. Covers acquisition, supplier assessment, and ongoing monitoring.

Practical guidance on selecting and implementing cryptographic algorithms. Covers symmetric, asymmetric, hashing, and key management.

Standard taxonomy of cybersecurity work roles, tasks, KSAs. Used for role-based training design and human-risk targeting.

Primitives for IoT: sensor, aggregator, communication channel, eUtility, decision trigger. Framework for thinking about IoT security architectures.

The federal recovery playbook. Covers recovery planning, validation of restored services, post-event improvement. Pairs with NIST CSF Recover function.

Definitive guide to zero trust architecture. Defines ZTA concepts, deployment models, and implementation approaches for enterprise environments.

Risk assessment methodology: threat sources, vulnerabilities, likelihood, impact. Complements 800-37. Good for questions comparing quantitative vs. qualitative risk assessment.

Comprehensive contingency planning: BIA, recovery strategies, plan testing, training, and maintenance. The reference for RTO/RPO and recovery tier questions.

The 7-step RMF (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor). Questions should test understanding of step sequencing, roles (AO, ISSO, ISSM), and continuous monitoring vs. point-in-time assessment.

Guidelines on firewalls and firewall policy. Covers types of firewall technologies, deployment architectures, and policy management.

The federal model for awareness program design — needs assessment, scoping, content design, evaluation. The default reference for "what does an awareness program look like."

Four phases: Preparation, Detection & Analysis, Containment/Eradication/Recovery, Post-Incident Activity. The canonical IR reference. Questions should test decision-making within phases, not just naming them.

Comprehensive guidelines for digital identity services. Covers enrollment, authentication, and federation at three assurance levels.

Identity Assurance Levels (IAL), Authenticator Assurance Levels (AAL), and Federation Assurance Levels (FAL). The 2024 revision is significant. Questions on appropriate assurance level selection for different risk scenarios.

Updated terminology from ICS to OT. Covers Purdue Model, network segmentation, patching challenges in OT environments. The primary OT security reference.

Guide to integrating forensic techniques into incident response. Covers data collection, examination, analysis, and reporting.

Guide to computer security log management. Covers log generation, storage, analysis, and the role of logs in incident response.

The standard textbook used in most university and SANS courses. Covers static, dynamic, behavioral analysis with hands-on labs. Cite for any "how do you analyze X" pedagogical question.

Practitioner-oriented cryptography textbook. Covers modern symmetric/asymmetric algorithms, protocols, and implementation pitfalls. Good for applied crypto questions vs. pure theory.

NSA technical guidance on nation-state TTPs, hardening guidance for high-value targets, and joint advisories with CISA/FBI. Useful for advanced cyber-EW and military-adjacent questions.

NSA's open-source software reverse-engineering framework. Disassembler, decompiler, scripting. The free standard for malware analysis training and most public reversing work.

Based on real red/blue team assessments. Includes default configurations, improper privilege separation, lack of network segmentation. Excellent for practical scenario questions.

Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Intelligence Information (TAXII). The standard for sharing cyber threat intelligence.

High-performance network IDS/IPS and security monitoring engine. Supports multi-threading, protocol identification, and file extraction.

Automated security health checks for open source projects. Checks branch protection, dependency pinning, fuzzing, SAST. Good for practical supply chain assessment questions.

Framework of security requirements for designing, developing, and testing secure web applications. Three verification levels.

Practical methodology for identifying and reducing attack surface in applications. Covers entry points, data flows, and trust boundaries. The application-layer complement to network EASM.

OWASP IoT Top 10 (weak passwords, insecure network services, etc.) plus testing guides. The IoT analog to the OWASP Top 10 for web apps.

MASVS (verification standard) and MASTG (testing guide). The primary mobile security testing reference. L1 and L2 verification levels.

Five business functions (Governance, Design, Implementation, Verification, Operations) for measuring and improving AppSec programs. Good for maturity model questions.

The most widely referenced web application security awareness document. Covers injection, broken auth, XSS, and more.

Open-source detection engineering methodology. Goal, categorization, strategy abstract, technical context, blind spots. Well-regarded community resource despite vendor origin.

Web application security testing tool. Industry standard for manual and automated web vulnerability assessment.

The world's most used penetration testing framework. Provides exploit development, payload generation, and post-exploitation capabilities.

Open-source and dark web intelligence trends. Useful for questions about intelligence sources, collection methods, and the intelligence lifecycle.

Curated Linux distribution preloaded with hundreds of reverse-engineering and malware-analysis tools. Maintained by Lenny Zeltser. The default sandbox VM in most malware-analysis training courses.

Business-driven security architecture framework. Six-layer model (contextual → operational) widely used in enterprise security architecture programs. Vendor-neutral; common in EA practice.

Practitioner-oriented IR methodology. Six steps (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned). Compare/contrast with NIST for methodology questions.

Practical, defender-focused control framework: ICS Incident Response, Defensible Architecture, ICS Network Visibility, Secure Remote Access, Risk-Based Vulnerability Management. The de-facto starter list.

Five-stage maturity model (Non-Existent → Compliance → Promoting → Long-Term Sustainment → Metrics) widely used to benchmark awareness programs. Practitioner-tested.

Free and open-source Linux distribution for threat hunting, enterprise security monitoring, and log management.

Fast, open-source static analysis tool for finding bugs and enforcing code standards. Supports 30+ languages with custom rules.

Industry-standard tool for external attack surface discovery. Scans the public internet, exposes service banners, supports queries for specific exposures. The reference for EASM tooling questions.

Generic signature format for SIEM detection rules. Platform-agnostic detection logic. Questions on detection rule writing, tuning, and false positive management.

Annual SOC operations survey: alert volumes, MTTD/MTTR, staffing challenges, tool sprawl. Vendor but based on broad survey data across SOC teams.

Consumer rights (know, delete, opt-out of sale), CPRA additions (correct, limit sensitive data). Compare/contrast with GDPR for jurisdiction-specific questions.

Annual analysis of open source usage and vulnerability data. Key stats on open source in commercial codebases (typically 70-80%+). Grounds supply chain and AppSec questions in real data.

Long-running international research community focused on honeypots and deception research. Source of many open-source honeypot tools (Cowrie, Conpot for ICS).

Quantitative risk analysis framework. Decomposes risk into Loss Event Frequency and Loss Magnitude. Questions on translating risk into business terms and comparing to qualitative methods.

Free, lightweight tripwire tokens (DNS, AWS keys, Word docs, Kubeconfig). Trivial to deploy, high signal — any access is suspicious by definition. The standard reference for canary-style deception.

Authored by Adam Shostack and other practitioners. Defines values, principles, and patterns for effective threat modeling. The reference for "what is good threat modeling."

Defend forward, persistent engagement, building partner capacity. Context for military cyber operations questions.

Joint doctrine for cyberspace operations: offensive/defensive cyberspace operations, DoDIN ops, command relationships. The U.S. military's authoritative cyber doctrine.

Five top-level principles (establish context, make compromise difficult, make disruption difficult, make compromise detection easier, reduce the impact of compromise) with sub-principles. Concise, vendor-neutral, widely cited in architecture practice.

Annual report with empirical data on flaw prevalence by language, fix rates, and security debt. Useful for data-driven AppSec questions. Vendor but based on scan data across thousands of orgs.

Annual analysis of real breach data. The gold standard for empirical questions about attack patterns, threat actor motivations, and time-to-detection. Updated annually.

Rule language for identifying malware families by binary patterns and metadata. Foundational for both detection engineering and malware classification.

Pattern matching tool for malware researchers. Create rules to identify and classify malware based on textual or binary patterns.

Open-source memory forensics framework. Extracts digital artifacts from volatile memory (RAM) dumps.

Annual survey of cyber leaders on resilience, workforce, geopolitics, and emerging tech including AI. Excellent for leadership and strategy questions.

Catalog of security and privacy controls for information systems and organizations. The foundation for federal security compliance.

Official guide to effective prompt engineering with Claude. Covers system prompts, chain-of-thought, few-shot examples, and best practices.

Computer security incident handling guide covering detection, analysis, containment, eradication, and recovery.

Data-driven model for estimating the probability that a vulnerability will be exploited in the wild. Uses ML to prioritize patching.

Knowledge base of adversary tactics and techniques based on real-world observations. The industry standard for threat modeling.

The most comprehensive open-source guide for web application security testing. Covers testing methodology, tools, and techniques.

Generic signature format for SIEM systems. Documentation on writing, testing, and deploying detection rules.

Comprehensive survey of ML applications in cybersecurity. Covers supervised/unsupervised approaches for intrusion detection, malware analysis, phishing detection. Maps ML techniques to security use cases with performance benchmarks.

Open-source testing framework and toolkit for AI governance. Helps organizations validate AI systems against governance principles.

Public database tracking real-world AI incidents and controversies. Invaluable for risk assessment and governance case studies.

Techniques for effective prompting including for safety and security use cases. Covers system prompts, chain-of-thought, and reducing hallucination.

Evaluates model capabilities for autonomous cyber operations at each AI Safety Level (ASL). Defines thresholds where AI capability in offensive security requires additional safeguards. Key reference for responsible AI in offensive security.

Research on using AI for penetration testing automation: reconnaissance, vulnerability discovery, exploit generation. Practitioner perspective on what's practical vs. theoretical.

Authoritative list of vulnerabilities actively exploited in the wild. Used for prioritizing remediation — required for federal agencies.

CISA's decision-tree approach to vulnerability prioritization. Considers exploitation status, automatable exposure, and mission impact.

Open-source platform for managing the end-to-end ML lifecycle. Covers experiment tracking, model registry, and deployment.

Open-source detection rules for Elastic Security. Covers a wide range of attack techniques mapped to MITRE ATT&CK.

Law enforcement perspective on how LLMs enable cybercrime (phishing, malware, social engineering) and how AI assists threat intelligence and investigation.

Open-source platform for managing cyber threat intelligence. Integrates with MITRE ATT&CK and STIX/TAXII.

Common Vulnerability Scoring System version 4.0. The standard method for rating the severity of security vulnerabilities.

Evaluation criteria for AI/ML platforms including security features. Good for questions about what to look for when evaluating AI security tooling.

Market categorization of AI security tools: model monitoring, adversarial robustness, privacy, compliance. Useful for understanding the vendor landscape without favoring specific vendors.

Sec-PaLM and Security AI Workbench for threat intelligence summarization and detection. Shows how LLMs are being applied to SOC workflows — not just pattern matching but contextual threat analysis.

Research on using LLMs for automated triage, alert correlation, and response orchestration. Includes studies on analyst productivity gains and error reduction.

Annual survey data on AI adoption in audit, risk, and compliance functions. Adoption rates, barriers, trust levels. Practitioner perspective on AI-augmented GRC.

LLM-powered security assistant. Technical docs cover prompt engineering for security, incident summarization, KQL generation. Useful for questions about practical LLM integration in SOC, not product features.

MITRE's automated adversary emulation platform. Runs pre-defined or custom attack sequences to test defenses.

Web-based tool for annotating and exploring the ATT&CK matrix. Useful for threat modeling, gap analysis, and red team planning.

Knowledge graph of cybersecurity countermeasures. Maps defensive techniques to the ATT&CK techniques they counter.

Workshop proceedings covering the bidirectional relationship between AI and security. Sections on automation risks (adversarial evasion of AI detectors, automation bias in SOC).

The U.S. government repository of standards-based vulnerability management data. Includes CVE entries, severity scores, and affected product references.

NVIDIA's open-source toolkit for adding programmable guardrails to LLM applications. Supports input/output validation and topic control.

International principles for responsible AI adopted by 46 countries. Covers inclusive growth, transparency, accountability, and security.

Official guidance on prompt construction, system prompts, and safety. The baseline for understanding prompt engineering before adding security-specific techniques.

Comprehensive guide covering AI security threats, privacy risks, and practical controls for AI-powered applications.

Detailed testing techniques for identifying web vulnerabilities. Practical, hands-on approach to security assessment.

SOAR platform with 800+ integrations. The playbook marketplace shows real-world automation patterns: phishing triage, enrichment, containment. Useful for understanding what's actually automatable vs. aspirational.

Practical governance framework providing guidance on deploying AI responsibly. Includes implementation checklists.

Bug bounty platform focused on AI/ML vulnerabilities. Real-world vulnerability data in ML frameworks and models. Good for grounding tool security questions in actual discovered vulnerabilities.

Comprehensive standard for penetration testing methodology. Covers intelligence gathering, threat modeling, vulnerability analysis, exploitation, and reporting.

Analysis of how NLP/LLMs are being used for automated threat intelligence: dark web monitoring, malware family classification, campaign attribution. Practical applications beyond the hype.

Library of tests mapped to the MITRE ATT&CK framework. Small, portable detection tests for validating security controls.

Practitioner-oriented guide to using LLMs in security workflows: log analysis, detection rule writing, incident triage, report generation. Practical prompt templates for security tasks.

Demonstrated GPT-4 exploiting real-world web vulnerabilities autonomously. 73% success rate on day-one CVEs. Key reference for questions about AI-augmented offensive capabilities and the asymmetry debate.

Analysis of how LLMs can be used for offensive security tasks and the implications for defensive guardrails. Covers the dual-use nature of security LLMs.

Comprehensive taxonomy of 58+ prompting techniques with effectiveness analysis. Covers chain-of-thought, few-shot, self-consistency, and adversarial prompting. Academic grounding for prompt engineering questions.

Annual threat landscape reports with empirical data on vulnerability exploitation timelines, patch adoption rates, and the efficacy of risk-based prioritization. Use for data-driven questions, not vendor comparisons.

Platform for ML experiment tracking, model versioning, and collaborative model development with security considerations.

U.S. Executive Order (Oct 2023) establishing AI safety requirements, red-teaming standards, and reporting obligations for frontier AI systems.

The definitive security risk list for LLM-powered applications. Covers prompt injection, insecure output handling, training data poisoning, and more.

Comprehensive taxonomy of adversarial ML attacks and mitigations. Covers evasion, poisoning, extraction, and inference attacks with standardized terminology.

Adversarial Threat Landscape for AI Systems. ATT&CK-style knowledge base of adversarial ML techniques, tactics, and real-world case studies.

Comprehensive guide to AI red teaming from Microsoft's dedicated AI security team. Covers methodology, tools, and findings.

The authoritative framework for managing AI risks. Defines four core functions: Govern, Map, Measure, Manage. Essential reading for anyone building or deploying AI systems.

Updated cybersecurity framework with six core functions: Govern, Identify, Protect, Detect, Respond, Recover.

Introduced DP-SGD for training neural networks with formal differential privacy guarantees. Foundation for private ML.

First practical membership inference attack against ML models. Showed that ML APIs leak information about their training data.

Introduced PGD-based adversarial training, currently the most reliable defense against adversarial examples. Established the robustness-accuracy tradeoff.

International standard for establishing and maintaining an AI management system. Includes 39 controls across 10 areas.

Seminal backdoor attack paper. Demonstrated trojaned models in transfer learning scenarios. Foundational for AI supply chain security questions.

Demonstrated that adversarial examples transfer between models, enabling black-box attacks via surrogate models. Key work on transferability.

Introduced the C&W attack, demonstrating that defensive distillation and other defenses could be reliably bypassed. Changed how robustness is evaluated.

Collection of Anthropic's published research on AI safety, alignment, interpretability, and security.

The European Union's comprehensive AI regulation. Classifies AI systems by risk level and sets requirements for high-risk systems.

Python Risk Identification Toolkit for generative AI. Automated red teaming framework for testing LLM applications.

Voluntary framework for improving privacy through enterprise risk management. Complements the Cybersecurity Framework.

The seminal paper introducing FGSM (Fast Gradient Sign Method). Established that adversarial examples are a fundamental property of neural networks, not a bug.

Demonstrated that LLMs memorize and can be prompted to regurgitate training data verbatim, including PII. Foundational work on LLM privacy risks.

Coalition for Content Provenance and Authenticity. Technical standard for digital content provenance and integrity.

Hugging Face's safe serialization format for ML models. Prevents arbitrary code execution from pickle-based attacks.

Showed that gradually escalating benign conversations can bypass safety filters over multiple turns. Defeats per-message safety checks.

Demonstrated indirect prompt injection attacks through RAG documents, emails, and web content. Essential reading for RAG security.

The GCG attack paper. Showed that adversarial suffixes can bypass safety alignment in LLMs, transferring across models.

CISA guidance on understanding, detecting, and defending against deepfake threats in organizational contexts.

Five practical safety problems: avoiding side effects, reward hacking, scalable oversight, safe exploration, distributional shift. Still the canonical taxonomy for AI safety research questions.

The largest model hub. Security features: malware scanning, pickle scanning, safetensors format. Questions on model provenance, serialization risks (pickle exploits), and model marketplace trust.

Security documentation for LangChain agent framework — sandboxing, tool permissions, prompt injection defenses, and deployment hardening.

Application container security guide covering image, registry, orchestrator, container, and host OS security.

NVIDIA's open-source LLM vulnerability scanner. Tests for prompt injection, jailbreaking, data leakage, and more.

Reports on state-affiliated actors using AI for influence operations. Documents actual observed misuse, not theoretical risks. Key for questions about real-world AI-enabled disinformation.

Research on propaganda techniques, cognitive security, and information warfare. The "firehose of falsehood" model explains high-volume, multi-channel disinformation. Good for strategic questions.

Security docs for major ML platforms. Covers authentication, authorization, experiment tracking security, model registry access controls. Practical infrastructure security questions.

Introduced SISA training for efficient machine unlearning — enabling models to "forget" specific training data without full retraining.

Standardized benchmark for evaluating adversarial robustness of ML models. Leaderboard of most robust models.

Benchmark measuring whether language models generate truthful answers. Tests for common misconceptions and falsehoods.

Industry coalition implementing C2PA. Open-source tools for content credentials. Practical implementation questions about provenance at scale.

Largest public AI red teaming event. 2,200+ participants testing multiple foundation models. Established community norms for responsible AI red teaming. Good for questions on practical red team methodology.

Analysis of risks specific to AI agents: tool use, chain-of-thought exploitation, multi-step task failures, delegation risks. Key for understanding why agents create new attack surfaces beyond single-turn interactions.

Crowdsourced red teaming methodology with 38,961 attacks across multiple models. Taxonomy of harmful outputs and effectiveness of different red teaming strategies. Key reference for structured AI red teaming.

Anthropic's framework for responsible AI development. Defines AI Safety Levels (ASL) and capability thresholds.

Anthropic's approach to AI alignment using a set of principles (a "constitution") to train helpful and harmless AI. Foundation of modern RLHF alternatives.

Demonstrated that long-context LLMs can be jailbroken by providing many examples of the desired behavior. Scales with context window size.

Anthropic's open protocol for connecting AI models to external tools and data sources. Critical reading for agentic AI security.

Technical standard for content provenance. Cryptographic binding of creation metadata to content. The leading technical approach to synthetic media authentication. Questions on architecture, limitations, and adoption challenges.

Comprehensive taxonomy of AI risks: weaponization, misinformation, power concentration, value lock-in, rogue AI. Good for strategic-level safety questions beyond technical alignment.

Official Kubernetes documentation on securing clusters, pods, and workloads. Essential for ML infrastructure security.

Framework for analyzing and countering disinformation. Provides a structured approach to information manipulation threats.

(See cross-cutting.md.) For C7 specifically: conformity assessments, technical documentation requirements, post-market monitoring, fundamental rights impact assessments. Detailed compliance questions.

Law enforcement perspective on deepfake threats: evidence tampering, identity fraud, CEO fraud, CSAM. Policy and response frameworks.

Annual trends report. AI trust, risk, and security management (AI TRiSM) has been featured prominently. Good for strategic-level questions about where the industry is heading.

Positions AI security technologies on the hype cycle. Useful for questions about technology maturity, adoption timelines, and distinguishing hype from operational readiness.

Analysis of how LLMs can amplify influence operations: cost reduction, scalability, personalization, multilingual content. Framework for assessing disinformation risk from generative AI.

Open-source DP libraries and practical guides. Bridges theory to implementation. Good for questions on real-world DP deployment challenges and privacy budget management.

Google's conceptual framework for securing AI systems. Covers supply chain, data governance, and deployment security.

Research on reward modeling, debate, recursive reward modeling, and interpretability. Provides an alternative perspective to Anthropic/OpenAI approaches.

Framework for evaluating dangerous capabilities: persuasion, deception, cyber operations, self-replication. Defines evaluation methodology for frontier model safety. Questions on what to test and how to interpret results.

Google DeepMind's watermarking technology for AI-generated content. Embeds imperceptible watermarks in images, audio, and text.

Extracted training data from ChatGPT (production model) using a divergence attack. Showed alignment doesn't prevent memorization. Questions on the gap between safety fine-tuning and data protection.

Security best practices for using Hugging Face Hub — model scanning, SafeTensors, access controls, and supply chain considerations.

Comprehensive library for adversarial ML. Supports attacks, defenses, and robustness evaluation across multiple ML frameworks.

Discovered 100+ malicious models on Hugging Face exploiting pickle deserialization for code execution. Real-world evidence of AI supply chain attacks. Good for scenario-based questions.

Microsoft's tool for assessing the security of ML models. Supports evasion, extraction, and inversion attacks.

Practical lessons from large-scale LLM red teaming across real products. Covers failure modes, testing methodologies, and organizational patterns. Rare insight into enterprise-scale AI security.

The theoretical foundation for differential privacy. Essential for questions on privacy-preserving ML training (DP-SGD) and the epsilon-delta framework.

Landmark study: false news spreads farther, faster, deeper than true news on social media. Not AI-specific but foundational for understanding why AI-generated disinformation is dangerous.

Companion to AI RMF 1.0 specifically for generative AI. Maps 12 GenAI risks to RMF actions. Covers CBRN, CSAM, confabulation, data privacy, environmental, human-AI interaction, information integrity, IP, obscenity, toxicity, value chain.

(See cross-cutting.md for details.) The primary AI governance framework for US context. Questions should test practical application of Govern/Map/Measure/Manage, not just recall.

Extending software bill of materials concepts to AI: model cards, data cards, training provenance. Emerging standard for AI supply chain transparency.

GPU cluster security, multi-tenant GPU isolation, model serving infrastructure hardening. Vendor-specific but covers unique infrastructure challenges (GPU memory isolation, CUDA vulnerabilities) not covered elsewhere.

Framework for agentic AI governance: scope control, human oversight, auditability, containment. Defines key properties agents should have and failure modes to prevent.

Description of external red teaming program and findings from GPT-4 pre-deployment testing. The system card details risk categories, testing methodology, and residual risks.

Research on the core alignment challenge: can weaker systems supervise stronger ones? Showed partial generalization is possible. Key for superalignment and scalable oversight questions.

Framework for ensuring the integrity of software artifacts throughout the supply chain. Applicable to ML model pipelines.

Extension of the LLM Top 10 specifically for agentic patterns. Covers excessive agency, insecure plugin/tool design, and multi-agent trust boundaries.

OWASP guidance on securing agentic AI systems — tool use, delegation chains, memory poisoning, and multi-agent architectures.

Top 10 security risks specific to machine learning systems, including supply chain attacks, data poisoning, and model theft.

Certification program for responsible AI. Assessment criteria across fairness, explainability, accountability, robustness. Emerging industry certification.

Research group studying abuse in information technologies, including AI-enabled disinformation, platform manipulation, and election interference.

Comprehensive annual data on AI progress: research output, investment, policy, public opinion, technical performance. The best source for quantitative AI landscape questions.

Security audit firm with deep AI/ML expertise. Published research on pickle deserialization attacks, model file format security, and ML pipeline vulnerabilities. Technical depth from a security-first perspective.

Large-scale benchmark dataset and tools for detecting facial manipulation in images and video. Used for deepfake detection research.

Historical survey tracing adversarial ML from 2004 spam filters through deep learning. Essential for questions on the evolution and taxonomy of adversarial attacks (evasion, poisoning, model extraction).

Extended training data extraction to image models. Showed Stable Diffusion memorizes and regurgitates training images. Important for multimodal AI data security questions.

The RLHF paper that enabled ChatGPT-style alignment. Reward model from human preferences + PPO. Foundational for understanding modern alignment approaches and their limitations.

Survey of tool-using, retrieval-augmented, and reasoning LMs. The architectural foundation for understanding agent capabilities and their security implications.

Comprehensive survey covering generation techniques (autoencoders, GANs, diffusion), detection approaches (visual artifacts, frequency analysis, physiological signals), and the arms race dynamic.

Largest prompt injection competition dataset. Taxonomy of prompt injection techniques: context ignoring, fake completion, payload splitting, obfuscation. Empirical data on attack success rates across models.

Benchmark dataset and detection methods for facial manipulation. Covers DeepFakes, Face2Face, FaceSwap, NeuralTextures. Standard reference for deepfake detection evaluation.

ToolEmu framework for evaluating agent risks in sandboxed environments. 36 risk categories across tool use failures. Practical methodology for agent security testing questions.

Systematic analysis of jailbreak techniques: competing objectives and mismatched generalization. Framework for understanding why safety training is inherently incomplete. Essential for nuanced jailbreak questions.

The canonical quantum computing textbook. Covers qubits, gates, circuits, algorithms, and error correction. The reference for foundational questions — use judiciously as this is deeply technical.

Federal guidance on preparing for quantum threats. Cryptographic inventory requirements, risk assessment methodology, and migration prioritization. Practical governance questions.

Practical guidance for cloud providers and enterprises on quantum-safe migration. Covers certificate management, key negotiation, and hybrid deployment models.

Standards for QKD deployment: interfaces, security proofs, network architecture. The main standardization effort for quantum networking.

European Telecommunications Standards Institute guide to quantum key distribution. Covers BB84, E91, and practical deployment considerations.

Expert survey on when quantum computers will break RSA-2048. Tracks annual probability estimates from leading researchers.

Quantum supremacy paper (Sycamore, 2019), quantum error correction milestones. Primary source for state-of-the-art capability questions.

Free courses on quantum computing fundamentals, from qubits and gates to quantum algorithms. Includes hands-on access to real quantum computers.

Open-source textbook teaching quantum computing through code. Covers linear algebra, quantum circuits, Shor's algorithm, and Grover's algorithm.

RFC 9180 (HPKE), draft standards for hybrid TLS key exchange, PQ/T hybrid certificates. The engineering details of how PQC gets deployed in real protocols. Questions on protocol-level migration decisions.

Introduction to quantum computing concepts and Q# programming language. Covers quantum mechanics, algorithms, and applications.

Step-by-step preparation guide: discovery (find all crypto), assessment (prioritize), planning (migration strategy). Practical engineering questions about organizational preparation.

NIST's primary post-quantum key encapsulation mechanism standard. Based on the CRYSTALS-Kyber algorithm. Replaces RSA/ECDH key exchange.

NIST's primary post-quantum digital signature standard. Based on CRYSTALS-Dilithium. Replaces RSA/ECDSA signatures.

Hash-based post-quantum signature standard. Conservative choice based on well-understood hash function security. Backup to ML-DSA.

Detailed technical analysis of the post-quantum cryptographic algorithms evaluated in NIST's third round. Essential for understanding algorithm selection rationale.

Transition guidance for cryptographic algorithms. Established precedent for how NIST manages algorithm deprecation (e.g., SHA-1, DES). Informs questions about how PQC transition will be mandated.

Migration guidance and timelines. Deprecation schedule for current algorithms. Hybrid approaches. The roadmap document for PQC transition questions.

NSA's mandated quantum-resistant algorithm suite for national security systems. Defines transition timelines for all classified communications.

NSA's guidance on quantum threats to cryptography. Explains which algorithms are vulnerable and timelines for transition.

White House memo requiring federal agencies to inventory cryptographic systems and begin migration to quantum-resistant algorithms.

Open-source C library implementing quantum-safe cryptographic algorithms. Enables testing and integration of PQC into existing systems.

Bulletin on quantum threats to payment card security (AES, RSA in payment protocols). Sector-specific compliance questions for financial services PQC migration.

DOE's blueprint for a quantum internet. Five milestones from verification of entanglement to fault-tolerant quantum networking. Questions on quantum network architecture and its security properties.

US strategy for quantum R&D. NQI Act of 2018, reauthorized 2024. Context for policy questions about national quantum strategies and investment.

Mosca's theorem: if the time to migrate (x) + shelf life of data (y) > time to quantum computer (z), then start migration now. The canonical framework for "harvest now, decrypt later" risk assessment.

Practical risk assessment framework for organizations. Combines timeline estimates with crypto-agility assessment. Good for enterprise-focused quantum security planning questions.

The first quantum key distribution (QKD) protocol. Foundational for all quantum networking questions. Security based on quantum mechanics (no-cloning theorem, measurement disturbance).

Survey of PQC families: lattice, code-based, multivariate, hash-based, isogeny-based. Good for comparative questions on different PQC approaches and their security assumptions.

Entanglement-based QKD. Security based on Bell inequality violations. Compare/contrast with BB84 for protocol design questions.

Quadratic speedup for unstructured search. Halves the effective key length of symmetric algorithms (AES-128 → 64-bit equivalent). Questions on what Grover's algorithm does and doesn't break.

The paper that started it all. Shor's algorithm breaks RSA, DSA, ECDSA, and Diffie-Hellman. Essential for questions on which classical cryptographic assumptions quantum computing breaks.

Six stages of quantum internet development from trusted repeater to full quantum computing network. Defines the maturity model for quantum networking questions.

Practical frameworks for achieving cryptographic agility: algorithm abstraction layers, protocol versioning, key management infrastructure updates. Vendor content but covers unique practical challenges.