If you're unsure how Protos AI can support your work as a Cyber Underwriter or Broker, you can start with these example prompts based on common scenarios in cyber insurance. They'll help you explore the types of insights and outcomes Protos AI can deliver.
Portfolio-Wide Threat Exposure Advisory for Insured Clients
Scenario
Insurer has a portfolio of mid-market cyber insurance clients across finance, healthcare, and logistics. After a recent wave of attacks (e.g. Scattered Spider, Akira ransomware, MOVEit CVEs), the cyber underwriters and risk engineers want to know:
Which of our insureds are most exposed to these threats?
What technical weak points are visible across our book?
Can we generate tailored briefs to share with the most at-risk clients?
Prompt (Copy-Paste)
For the following list of insured clients, analyze their current exposure to ransomware and targeted threat actor activity based on their external attack surface, recent CVEs, and threat intel feeds. Cross-reference exposures with each client’s policy limit, coverage type, and retention to prioritize risk. Generate a brief for each client, highlighting:
Observed threats and vulnerabilities (e.g., open RDP, exposed VPNs, unpatched CVEs)
Matching threat actor TTPs or malware infrastructure
Risk level (low/medium/high) based on exposure vs policy size
Recommended mitigation actions.
Attach (find file below):
Insured clients portfolio.csv
What Protos AI Will Do
For each insured client:
Scan external infrastructure via passive recon tools (FOFA, Shodan)
Check IPs/domains against threat intelligence feeds, malware databases, and botnet C2 infrastructure
Assess recent CVEs and malware behavior (e.g., Trojan downloaders, sandbox evasion, lateral movement)
Match against threat actor TTPs, focusing on ransomware delivery methods (e.g., public cloud abuse, credential harvesting, unpatched software)
Cross-reference exposure with policy terms, including:
Coverage type (e.g., primary, excess, quota share)
Policy limits and retention thresholds
Score and prioritize each client’s risk, considering both technical exposure and insurance impact
Generate client-specific threat briefs, including:
Summary of observed infrastructure or malware
Relevant attacker tactics and threat types
Justification for risk rating (Low / Medium / High)
Actionable recommendations
Outcome:
Enables data-driven portfolio triage based on real-world threat signals and insurance exposure
Supports loss ratio reduction by proactively identifying clients at highest risk of ransomware claims
Equips cyber underwriters with rational defensibility for adjusting terms, exclusions, or coverage limits
Strengthens Insurer’s positioning as a cyber-intelligent insurer, capable of delivering both capacity and value-added threat advisory
Impact Assessment of Scattered Spider Threat to Your Client / Organisation
Scenario
You want to assess the potential impact of the threat actor Scattered Spider on Protos Labs, based on the ACSC's joint advisory issued in July 2025. Your focus is on evaluating exposures visible on Protos Labs’ external attack surface — such as remote access portals, cloud authentication systems, and administrative interfaces — that align with the actor’s known TTPs.
The goal is to identify at-risk systems and prioritize mitigations before targeted intrusion occurs.
Prompt (Copy-Paste)
Assess the impact of the Scattered Spider threat actor on Atmos Group based on the ACSC advisory. Analyze exposed external systems and identify which ones are at risk given Scattered Spider’s known tactics and targeting behavior. Check the following links as reference: Scattered Spider | Cyber.gov.au, Protos Labs
What Protos AI will do
Scan and enrich Protos Labs' external infrastructure (e.g. VPN portals, M365, VMware interfaces, remote access tools
Cross-reference with Scattered Spider TTPs (phishing, MFA fatigue, token theft, ESXi pivoting)
Score each exposed asset by exploitation likelihood, and potential business impact
Recommend specific mitigations, prioritization, and detection opportunities aligned with the advisory
Outcome
A clear, actionable risk assessment showing how Scattered Spider could compromise Protos Labs through exposed internet-facing systems. Includes TTP-to-asset mapping, severity rankings, and defensive recommendations to support SOC action, board updates, or insurer communications.
Structured Risk Overview for Underwriting in Cyber Insurance
Scenario
You are reviewing a new cyber insurance proposal submission and want a structured risk overview before making an underwriting decision. You’ve received the client's completed proposal form and their domain. You may also have access to a sample contract, their public website, and third-party security ratings (e.g. SecurityScorecard). You want Protos AI to assist in screening, summarizing, and drafting a preliminary risk write-up.
Prompt (Copy-Paste)
Analyze this cyber insurance application and assist with underwriting review. I’ve uploaded the completed proposal form. The insured’s main domain is protoslabs.io. Please:
Extract key details from the proposal form (controls, exposures, incidents, etc.)
Review external security data (e.g., SecurityScorecard, Shodan, or FOFA)
Highlight any mismatches between declared and observed security posture
If available, analyze the attached sample contract for breach clauses and liability terms
Provide a brief business profile based on their website and public information
Generate a structured underwriting summary, including:
Risk strengths and gaps
Notable issues or inconsistencies
Follow-up questions
Preliminary recommendation (e.g., write, decline, clarify)
Attach (find files below):
Cyber Insurance Underwriting Guidelines.pdf
VAPT Report - Nusantara Cloud Solutions.pdf
ACP Cyber Insurance Proposal Form.pdf
Outcome:
A time-saving underwriting assistant that provides a first-draft write-up, summarizes risks clearly, and enables more consistent, auditable decisions. Over time, this AI can evolve into a client-facing triage agent or automated screen.
Risk Assessment for Insurance Advisory
Scenario:
A client has submitted their cyber insurance proposal. As part of your advisory service, you want to proactively assess their external cyber exposure and validate their self-reported controls. The goal is to enrich underwriting decisions and provide actionable risk insights.
Prompt (Copy-Paste):
"Analyze the risk exposure of my client, Protos Labs (protoslabs.io), using their attached insurance proposal forms, VA/PT report and external scans. Identify exposed assets and services, assess for vulnerabilities or threats, and check for any gaps between declared controls and actual findings. Summarize key gaps in the declaration, risks and provide clear, actionable insights for my risk analysis consideration."
Attach (find files below):
Demo Internal VA/PT report.pdf
Demo Cyber Insurance Proposal.pdf
What Protos AI will do:
Discover public-facing assets using reconnaissance and scanning tools.
Analyze exposed services for vulnerabilities, misconfigurations, and outdated technologies.
Cross-validate reported security controls with observed infrastructure risk.
Enrich findings with threat intelligence (e.g., historical abuse, malware hosting, attribution links).
Summarize findings with remediation recommendations tailored to the insurance context.
Outcome: A professional-grade exposure report that validates the client's declared posture, supports underwriting or pricing decisions, and provides advisory-grade insights with actionable recommendations.
Suspicious Network Activity Investigation
Scenario:
A client submits a sample of network logs and requests assistance in identifying any suspicious or malicious activity. They are unsure if the activity is part of a coordinated campaign. This analysis could impact their cyber insurance application or serve as a post-bind support request.
Prompt (Copy-Paste):
"I received the following network log sample from a client. Help me analyze it to determine if there are any signs of malicious behavior. If so, assess whether it might be part of a larger campaign or coordinated threat."
Attach (find files below):
network log sample.txt
What Protos AI will do:
Parse the log data to extract domains, IPs, URLs, file hashes, and behaviors.
Correlate indicators with known threats, malware families, or campaigns.
Apply behavioral heuristics to flag suspicious patterns.
Recommend follow-up actions (e.g., blocklists, client alerts, further investigation).
Outcome: Analyst-level interpretation of raw data in minutes, plus potential campaign attribution.
Vulnerability Threat Advisory — Widespread Device Compromise
Scenario:
A significant security incident, potentially affecting a large number of networked devices, has been reported. You need to determine if any of your clients' infrastructure is impacted and subsequently prepare a timely advisory for them.
Prompt (Copy-Paste):
"Analyze the information provided in the following security report/link: [Insert Link to Security Report/Advisory Here]. Based on this, help me prepare a targeted advisory for my client, alerting them to potential risks and necessary actions if their systems are affected."
What Protos AI will do:
Understand and summarize the key findings and technical details from the provided report.
Extract relevant indicators of compromise (IOCs), such as affected device types, vulnerable versions, leaked data characteristics, or known threat actor tactics.
Cross-reference these indicators with available client infrastructure data to identify at-risk systems.
Format the results into a clear, actionable client-facing advisory, including:
A concise explanation of the vulnerability and its potential impact.
Specific recommendations for assessing exposure and mitigating risk.
Urgent action steps for clients to take if they are affected.
Outcome: A tailored advisory that enables you to promptly inform clients about widespread vulnerabilities and act as a trusted cybersecurity partner.