a5c-ai

Evaluación automatizada de la seguridad de proveedores mediante la generación de cuestionarios, análisis de respuestas y puntuación de riesgo.

Análisis semántico de diferencias de código, impulsado por LLM, para detectar troyanos de lógica de negocio.

Monitoreo continuo de la seguridad de proveedores para calificaciones de seguridad, notificaciones de infracciones y detección de cambios de riesgo.

Capacidades de prueba de seguridad e investigación adversaria para modelos de IA/ML, que incluyen la generación de ejemplos adversarios, pruebas de robustez, ataques de extracción, pruebas de envenenamiento de datos, análisis de equidad e integración con el framework ART.

Generación de documentación para bases de código C, C++ y Java utilizando Doxygen y Javadoc. Extrae documentación de API del código fuente, genera referencias cruzadas, gráficos de llamadas y documentación técnica completa.

Habilidad experta para el análisis, validación y generación de documentación de especificaciones OpenAPI/Swagger. Analiza y valida especificaciones, detecta cambios incompatibles, genera ejemplos de código y verifica las mejores prácticas.

Experiencia en el sistema de documentación Sphinx para documentación técnica y de API. Configura proyectos, autodoc para APIs de Python, intersphinx para enlaces entre proyectos, extensiones y múltiples formatos de salida.

SOC 2 Trust Services Criteria compliance automation for evidence collection, control mapping, and audit preparation

Deep integration with Ghidra and IDA Pro for binary analysis and reverse engineering

Advanced binary exploitation and mitigation bypass

Multi-cloud security assessment and penetration testing capabilities. Execute Prowler/ScoutSuite assessments, analyze IAM policies, identify cloud misconfigurations, test permissions, and enumerate cloud resources across AWS/GCP/Azure.

Advanced debugging integration for vulnerability research

Web application security testing with Burp Suite integration

Comprehensive fuzzing operations with AFL++, libFuzzer, and OSS-Fuzz integration

Isolated analysis environment management for malware and exploit testing. Create and manage isolated VMs, configure Cuckoo Sandbox, set up REMnux/FlareVM environments, manage Docker-based analysis containers, and capture filesystem and process changes.

Ethereum and blockchain smart contract security analysis

STIX/TAXII threat intelligence format and sharing

Markdown documentation, MDX, and content formatting.

CVE and CWE database querying and management

Digital forensics and incident response capabilities. Analyze memory dumps with Volatility, parse filesystem artifacts, extract browser forensics, analyze Windows event logs, create forensic timelines, recover deleted files, and generate forensic reports.

Android and iOS application security testing

Network protocol capture, analysis, and fuzzing capabilities

Specialized skill for generating and managing Architecture Decision Records (ADRs). Supports Nygard, MADR, and custom templates with auto-numbering, linking, and status management.

Specialized skill for generating C4 model architecture diagrams. Supports Structurizr DSL, PlantUML, and Mermaid formats with multi-level abstraction (Context, Container, Component, Code).

Validate and analyze AWS CloudFormation templates for security and best practices

MITRE ATT&CK framework mapping and analysis

Offensive security tools and techniques integration

Run chaos engineering experiments using Chaos Monkey, Litmus, or Gremlin

Estimate cloud costs across AWS, Azure, and GCP with pricing comparison

Analyze database query performance with execution plans and index recommendations

Exploit development automation using pwntools framework

Integration with security-focused static analysis tools

Generate and run mock API servers from OpenAPI specifications

Analyze code complexity metrics including cyclomatic complexity, code smells, and technical debt

Generate documentation sites using Docusaurus, MkDocs, or VuePress

YARA rule creation, testing, and deployment

Generate monitoring dashboards for Grafana and DataDog with alert integration

Render Graphviz DOT graphs to images with multiple layout algorithms

Specialized skill for processing Markdown and MDX documentation. Supports parsing, rendering, TOC generation, link validation, frontmatter processing, and diagram embedding.

Validate OpenAPI specifications for correctness, security, and best practices

Google Analytics 4, tag management, and event tracking.

Check compliance with SOC 2, GDPR, HIPAA, and PCI-DSS standards

Generate GraphQL schemas from data models with resolver stubs and federation support

Generate structured logging schemas with correlation ID patterns and ELK/Splunk integration

Render Mermaid diagrams to images with theme customization and Markdown integration

Render PlantUML diagrams to various image formats with theme and styling support

Generate module dependency graphs with circular dependency detection and coupling metrics

Generate load test scripts for k6, Locust, and Gatling from OpenAPI specs