Security Findings Prompts

High-risk regular employees

Look up my top 10 highest-risk regular employees (not contingent workers). Surface any trends across their HR attributes — manager, department, location, worker subtype — that suggest weak governance.

A ranked table of high-risk FTEs with risk scores, key HR attributes, and trend notes.

Focus investigations on the riskiest population first.

High-risk contractors

Look up my top 10 highest-risk contractors. Surface any trends across their HR attributes that suggest weak governance.

A ranked table of high-risk contractors with risk scores, HR attributes, and governance concerns.

Tighten controls on contractors, who often hold elevated access with weaker oversight.

IdP identities without an HR record

Show me all identities in [IdP, e.g. Okta] that do not have a [HRIS, e.g. Workday] identifier. Only include active users and exclude non-human accounts.

A list of users in your IdP with no matching record in your HRIS.

Catch ghost accounts, missed offboardings, and orphaned identities before they become incidents.

Check a specific person's deprovisioning

Is [person's name]'s access fully revoked? Show every app and entitlement they still have.

A list of remaining access for that person, or confirmation they're fully deprovisioned.

Verify offboarding completed correctly when a manager flags a concern.

Compare two sources of truth

Compare the active users in [Source A] against [Source B]. Show me anyone present in one and not the other.

A reconciliation table of identities present in only one system.

Find discrepancies between IdP, HRIS, and other authoritative systems.

HR-attribute trends per app

Let's dig into [App Name]. Looking at HR attributes of users assigned, what trends do you see — expected or unexpected? Break down by attribute type and value and flag anomalies.

An attribute breakdown of the app's users with expected vs. unexpected commentary.

Confirm the right population uses the app; flag terminated users, wrong departments, or contractors with admin access.

Application access analysis (deep audit)

Analyze permissions in my [App Name] environment in depth. Justify access to specific licenses and roles from both a least-privilege and a cost perspective, using organizational context.

Insights mapped to org context — which licenses/roles are over-provisioned, which are appropriately scoped, and where cost can be reclaimed.

Combine cost optimization and least-privilege in one pass on a high-value app.

Apps missing activity data

Show me a list of applications that can't show last-login data. Group by integration source so I can see where the visibility gaps are.

A table of apps without usage data and the source they're integrated from.

Identify your blind spots before relying on usage signals for cleanup decisions.

Find access with no expiry

What apps have time-limited access available? With this list, show any current access grants that have no expiry set.

A list of apps configured for time-limited access alongside the users who currently have indefinite access to them.

Spot temporary access that quietly became permanent.

Time remaining on access grants

For [App Name], show me each active user's remaining time on their access grant, sorted by soonest to expire.

A list of users with the app and their expiry date, sorted by urgency.

Plan renewals, extensions, or proactive offboarding for time-limited access.

Access requests by expiry status

Show me access requests for [App Name] grouped by whether they have an expiry date or not.

A split table of expiring vs. indefinite access requests for the app.

Audit whether time-limited access policies are actually being enforced in requests.

Over-provisioning review (top N apps)

Look at my top 100 apps by number of assigned users. For each, label whether it looks over-provisioned based on whether the app is niche or general-purpose. Include assigned user count and a reason column. Sort by assigned users.

A ranked table of apps with an over-provisioning label, assigned user count, and reasoning per app.

Right-size assignments to cut license spend and reduce blast radius.

Low-activity apps

Show me apps with the most assigned users but less than 20% active usage in the last 90 days. Suggest candidates for review or deprovisioning.

A table of low-activity apps with assigned users, active %, and a remediation suggestion.

Reclaim spend and reduce standing-access risk on apps no one uses.

Unused licenses by team

Which departments have the most unused [App Name] licenses? Show assigned vs. active user counts per department.

A per-department breakdown of license waste for the app.

Target license reclamation at the teams where it'll have the biggest impact.

Email domain risk

Show me the top 10+ email domains across my environment with their share of the population. For each domain, list the apps and groups they have access to, and how they map to worker type or other HR attributes.

A table of email domains with population share, app/group access, and worker-type mapping.

Surface risky external/alias domains and where they hold sensitive access.

AI services sprawl

Give me a summary of the different AI services our staff are signing up for. Group by category and call out which ones look officially sanctioned vs. ad-hoc.

A grouped summary of AI tools in use, with sanctioned vs. unsanctioned signal.

Get ahead of shadow AI before it becomes a data-handling or compliance issue.

Compliance-tier check

According to our [internal standard / policy name], which applications are ranked Tier 1? Does [App Name] meet the requirements?

A list of Tier 1 apps per your standard (once uploaded in Knowledge Hub), plus a yes/no compliance assessment for the named app.

Quickly audit specific apps against your internal access-management standard.