Produces ATT&CK/ATLAS heat map from past exercises. Use when the user asks for coverage report, heat map, technique coverage, or security exercise summary.
When user asks for coverage report, heat map, technique coverage, or exercise summary:
docs/agents/security-team-proof-of-work.md and docs/agents/data-sets/security-exercises/*.md## ATT&CK/ATLAS Coverage Report
**Date range:** YYYY-MM-DD to YYYY-MM-DD
**Exercises:** [count]
### ATT&CK Matrix (sample)
| Technique | Name | Tested | Detected | Mitigated |
|-----------|------|--------|----------|-----------|
| T1566 | Phishing | ✓ | ✓ | ✓ |
| T1190 | Exploit Public-Facing App | ✓ | ✗ | ✓ |
| ATLAS-T-001 | Prompt Injection | ✓ | ✓ | ✓ |
### ATLAS Matrix (AI/LLM)
| Technique | Name | Tested | Detected | Mitigated |
|-----------|------|--------|----------|-----------|
| ATLAS-T-001 | Prompt Injection | ... | ... | ... |
| ATLAS-T-002 | Context Poisoning | ... | ... | ... |
### Gaps
- [Techniques tested but not detected]
- [Techniques not yet tested]
### Summary
- **Covered:** X techniques
- **Gaps:** Y techniques (tested, not detected)
- **Untested:** Z techniques
docs/agents/security-team-proof-of-work.md — Exercise logdocs/agents/data-sets/security-exercises/*.md — Dated exercise files| Status | Meaning |
|---|---|
| Tested | Red simulated this technique |
| Detected | Blue alarm went off |
| Mitigated | Fix implemented (whether or not detected) |
| Gap | Tested but not detected |
| Untested | Not in any exercise yet |
docs/agents/data-sets/security-exercises/COVERAGE_REPORT_YYYY-MM-DD.mddocs/agents/security-team-proof-of-work.md § Recent runs