Security Posture Template

Module 9, Lesson 9.5 · ninth frozen capstone artifact · copy into /capstone/security-posture.md

Save this as: /capstone/security-posture.md. Two to four pages when filled. Plain markdown. Same /capstone/ folder as every other frozen artifact.

Review cadence: every 90 days. Every section. Every row. The next-review date is the last line of the document.

Five safety rules. Reinforced in every Module 9 recipe. Written into Section 1.

Audience = only you.
No secret in any conversation, ever.
Sensitive data goes local, or nowhere.
Pre-flight cost estimate, monthly budget, hard provider cap — cost has three horizons.
One human knows.

How to use this template

Each numbered section below has a short intent paragraph and a markdown block. Copy every block, in order, into /capstone/security-posture.md. Fill the blanks in your own words. Do not skip sections. Do not reorder. A missing section is a hole at the center of the document that the rest of Module 10's documentation will reference.

Header block

The first block of the document. Identifies the author, anchors the review cadence, names the one human.

# Security Posture

**Author:** _____________________________________________________
**Started:** <YYYY-MM-DD>
**Last reviewed:** <YYYY-MM-DD>
**Next review:** <YYYY-MM-DD — ≤ 90 days from last review>
**One human:** <name> — <how they are contacted>

> Audience = only you. No secret in any conversation. Sensitive data
> goes local. Cost has three horizons. One human knows.

Section 1 — Threat model

Section 1

Threat model

Pulled from Lesson 9.1 worksheet. Name the three adversaries in your own context; declare out-of-scope; name the one you are most underprepared for.

## 1. Threat model

The three adversaries I defend against:

**1. The careless self.** ________________________________________
____________________________________________________________________
Recent near-misses (last 60 days): ________________________________
____________________________________________________________________

**2. The hostile internet.** _____________________________________
____________________________________________________________________
Highest-exposure surfaces: ________________________________________
____________________________________________________________________

**3. The supply chain.** _________________________________________
____________________________________________________________________
Current plugin / MCP / skill count: ______ — last audited <date>

**Out of scope** (named so the scope stays honest):
- Nation-state actors
- Ransomware crews
- Zero-days in my tools
- Insider in my household
- ________________________________________________________________

**Most underprepared for:** _____________________________________
— this is the adversary the rest of this document sharpens
defenses against.

Section 2 — Data classification

Section 2

Data classification

Pulled from Lesson 9.4 worksheet. Three buckets, each with its own routing rule. The classification drives the routing — no case-by-case.

## 2. Data classification

**Public** — already on the open internet.
- _______________________________________________________________
- _______________________________________________________________
Routing: any model, local or cloud.

**Personal** — about me / my household, not published.
- _______________________________________________________________
- _______________________________________________________________
Routing: default cloud model, or local. Not third-party MCP-hosted
models.

**Sensitive** — real harm if disclosed.
- _______________________________________________________________
- _______________________________________________________________
Routing: local model only, or no agent at all.

**Routing rule:** the class is the routing. Classification is done
before the artifact enters a pipeline, not during. When in doubt,
classify up.

Section 3 — Trust boundaries

Section 3

Trust boundaries

Pulled from Lesson 9.2 worksheet. Every place untrusted text enters the system, and the three-defense hardening at each.

## 3. Trust boundaries

- **Boundary:** _________________________________________________
  - What crosses it: ___________________________________________
  - Segregation: _______________________________________________
  - Refusal line: ______________________________________________
  - Containment rail: __________________________________________

- **Boundary:** _________________________________________________
  - What crosses it: ___________________________________________
  - Segregation: _______________________________________________
  - Refusal line: ______________________________________________
  - Containment rail: __________________________________________

- **Boundary:** _________________________________________________
  - What crosses it: ___________________________________________
  - Segregation: _______________________________________________
  - Refusal line: ______________________________________________
  - Containment rail: __________________________________________

Audience-equals-you applies at every boundary: the worst-case
output of a successful injection is a draft only I read.

Section 4 — Secrets posture

Section 4

Secrets posture

Pulled from Lesson 9.3 worksheet. The one store; the scope and cap per key; the rotation cadence; the emergency trigger.

## 4. Secrets posture

**Where keys live (the one store):** ______________________________

**Scope and cap per key:**
- ______________________________________________________________
- ______________________________________________________________

**Rotation cadence:** every 90 days, plus immediately on suspicion.

**Emergency rotation trigger:** any of —
- a key appears in a transcript, screenshot, or commit;
- a provider unusual-activity alert;
- an unrecognized charge;
- a plugin / skill with credential access updated without audit;
- any circumstance where I am not sure the key is still private.

**Action on trigger:** rotate, do not patch.

Section 5 — Cost posture

Section 5

Cost posture

Cost has three horizons: the single invocation (pre-flight estimate, inherited from Module 8), the month (budget alert), and the catastrophe (hard provider cap).

## 5. Cost posture

**Monthly AI budget:** \$______ — chosen deliberately,
not “as much as it costs.”

**Hard provider cap:** \$______ — set in the cloud provider's
billing console. Below this cap the provider refuses to serve more
requests. The cap is the difference between a bad week and a
survivable mistake.

**Alert threshold:** \$______ — I get a message when monthly
spend crosses this line.

**Pre-flight estimate policy:** every pipeline has a current
estimate in its blueprint; the estimate is re-run on every
structural change (inherited from Module 8).

Section 6 — Incident loop

Section 6

Incident loop

Pulled from Lesson 9.5 drill. The four-step sequence, in order. The named one human. The last-drill date.

## 6. Incident loop

When something goes wrong, I will do these four things in this
order, without exception:

1. **Stop.** Kill the running pipeline. Revoke the key. Disable
   the plugin. Whatever is still running, stop it first.
2. **Assess.** What did it touch. What did it spend. What did it
   produce. Who saw it.
3. **Repair.** Rotate (not patch). Update the posture doc. Tighten
   the rail that failed. Re-run the affected work cleanly.
4. **Tell one human.** Within 24 hours of any incident I cannot
   fully explain.

**The one human:** ______________________________________________
Contact: ________________________________________________________

**Last drill date:** <YYYY-MM-DD> — scenario walked: ___________
**Next drill:** <YYYY-MM-DD — ≤ 90 days>

Footer block — review discipline

---

**Review discipline.** Every 90 days. Every section. Every row.

Last reviewed: <YYYY-MM-DD>
Next review: <YYYY-MM-DD>

Freeze checklist

Header block filled: author, started, last reviewed, next review (≤ 90 days), one human named.
Section 1 has all three adversary blocks, the out-of-scope list, and the most-underprepared-for line.
Section 2 has all three buckets with at least one real artifact each, and the routing rule.
Section 3 has at least one per-boundary block filled for every source of untrusted text the system has.
Section 4 names the one store, lists scope and cap per key, and states the rotation cadence and emergency trigger.
Section 5 has real dollar figures for budget, hard cap, and alert threshold — not placeholders.
Section 6 has the four-step loop, the named one human with contact, and the last-drill date — and the drill has actually been run.

This template accompanies Lesson 9.5 of AI Architect Academy. The six-section structure, the five safety rules, the 90-day review cadence, and the one-human requirement are concept. Specific provider commands, console paths, and local-model endpoints are recipe and live in the Recipe Book. /capstone/security-posture.md is the ninth frozen capstone artifact — the last one before Module 10.