Security
Vendor Security Packet Builder
Turn scattered security facts into a reusable response packet without improvising compliance poetry.
Use when
A prospect, partner, or platform asks for security, privacy, compliance, or infrastructure details and the answer could overpromise or expose sensitive internals.
Intermediatedifficulty
Securitycategory
Mia daily expansionsource
Cadence
Before answering vendor security questionnaires or procurement due diligence
Verification
Every answer maps to an approved source, uncertain claims are queued for review, and nothing is sent externally without approval.
Structured loop spec
| Field | Value |
|---|---|
| Name | Vendor Security Packet Builder |
| Category | Security |
| Trigger | Before answering vendor security questionnaires or procurement due diligence |
| Objective | Turn scattered security facts into a reusable response packet without improvising compliance poetry. |
| Allowed inputs | Relevant files, source notes, logs, tests, screenshots, metrics, or task state for this loop |
| Allowed actions | Collect the questionnaire, deadline, recipient, required format, prior approved answers, public policies, architecture notes, and any security docs already cleared for use.; Classify each question as public fact, approved standard answer, needs technical owner, needs legal/privacy review, sensitive detail, or out of scope.; Draft concise answers that cite the approved source, preserve uncertainty, and avoid naming internal systems, customers, vendors, controls, or metrics unless already cleared.; Create a review queue for unknowns, exceptions, requested evidence, redlines, and any answer that could create a contractual, legal, security, or roadmap commitment.; Update the reusable packet only with approved language, and do not submit, upload, sign, or email the response without explicit approval. |
| Verification | Every answer maps to an approved source, uncertain claims are queued for review, and nothing is sent externally without approval. |
| Stop condition | Stop when the verifier passes, the budget is exhausted, no progress is made, a blocker appears, or approval is required. |
| Budget | Set a time, turn, token, retry, file, or dollar cap before running the loop. |
| Approval boundary | Human approval required before publishing, sending, deleting, spending, changing accounts, touching production, or making reputational/legal/financial commitments. |
| Safe output | Draft, report, checklist, table, or approval-gated recommendation |
| Works with | Claude, ChatGPT, Gemini, any tool-using AI assistant |
Steps
- Collect the questionnaire, deadline, recipient, required format, prior approved answers, public policies, architecture notes, and any security docs already cleared for use.
- Classify each question as public fact, approved standard answer, needs technical owner, needs legal/privacy review, sensitive detail, or out of scope.
- Draft concise answers that cite the approved source, preserve uncertainty, and avoid naming internal systems, customers, vendors, controls, or metrics unless already cleared.
- Create a review queue for unknowns, exceptions, requested evidence, redlines, and any answer that could create a contractual, legal, security, or roadmap commitment.
- Update the reusable packet only with approved language, and do not submit, upload, sign, or email the response without explicit approval.
Prompt
Run the Vendor Security Packet Builder loop. Given a security questionnaire, due diligence request, or compliance review, gather prior approved answers, public policies, architecture notes, and cleared security docs. Classify each question by source and approval need. Draft concise source-backed answers, flag sensitive or uncertain claims, and build a review queue for technical, legal, privacy, roadmap, or contractual commitments. Do not submit, upload, sign, or email anything externally without explicit approval. Return the draft packet, source map, unanswered questions, and approval queue.Run in Claude Code
Paste this into Claude Code (or any tool-using agent) to run the loop bounded: one change per round, the same verification every round, durable state files, and explicit stop conditions.
Run the "Vendor Security Packet Builder" loop from AI Loop Library (https://ailooplibrary.com/loops/vendor-security-packet-builder/) as a bounded loop.
Goal: Turn scattered security facts into a reusable response packet without improvising compliance poetry.
Rules: one change per round; run the same verification every round (Every answer maps to an approved source, uncertain claims are queued for review, and nothing is sent externally without approval.); append each round to docs/loops/vendor-security-packet-builder/progress.md and update docs/loops/vendor-security-packet-builder/state.json; stop on verifier pass, 8 rounds, 3 consecutive failed verifications, no progress, a blocker, or anything needing human approval (money, production, outbound, deletion). Finish with a proof report: rounds used, changes made, verification output, remaining risk, and the next human decision.