About

What is SebDB?

SebDB is the world’s first AI-powered, open-source security behavior database. It forms the foundation of a fast-evolving behavioral ontology for cybersecurity.

Designed, led, and maintained by CybSafe as an open-source research initiative, SebDB maps security behaviors to impacts, threat actor tactics, intervention strategies, and security frameworks like MITRE ATT&CK and NIST CSF. It brings structure, meaning, and actionability to human cyber risk, something long overlooked or misunderstood in security programs.

SebDB goes beyond a list of behaviors. It’s the semantic infrastructure for understanding and managing human cyber risk: a machine-usable, evidence-based system built to enable reasoning, measurement, automation, and behavioral insight at scale.

What SebDB is

The standard for understanding human behavior in cybersecurity

An open-source behavioral ontology in progress, defining how human behaviors affect cybersecurity outcomes.
A structured, queryable system, that brings consistency, clarity, and repeatability to how security teams assess behavioral vulnerabilities.
A collaborative, evidence-driven project, guided by a public writing guide, set of principles, and peer review. Enriched by global contributions from the cybersecurity and academic communities.
A foundation for behavioral security, used by organizations to build measurable, intelligent, and adaptive human risk management programs.

90+

Security behaviors

Risk impact types

2010

Year launched

What SebDB does

SebDB defines and connects the core components of human cyber risks:

Security behaviors, like reusing passwords, enabling MFA, reporting phishing, locking devices, or using the wrong LLM for a task.
Behavioral categories, that group related behaviors into meaningful themes for visibility and focus.
Impacts, which reflect the negative consequences of risky behaviors, or the positive outcomes of secure ones.
Threat actor actions, mapped to MITRE ATT&CK tactics and techniques, showing how behaviors can disrupt or enable adversaries.
Security frameworks, including NIST CSF, so human risk can be operationalized like technical risk.

SebDB also includes tiering. Behaviors are ranked by their influence on risk. Tier 1 behaviors have the greatest influence, helping teams focus on what matters most.

Each behavior in SebDB is assessed for attributes like observability, plausibility, complexity, and influence on risk. These dimensions support multi-dimensional scoring, prioritization, and intervention planning.

Why SebDB matters

Security teams often focus only on what’s going wrong: failed phishing tests, poor password hygiene, missed alerts. But risk isn’t only created when people do the wrong thing. It’s also reduced when they consistently do the right thing. SebDB enables you to see the full spectrum of human security behaviors. Not just risky ones, but positive ones too. It allows organizations to:

Measure resilience, not just risk.
Connect behavior to security outcomes in a structured, repeatable way.
Prioritize behaviors that matter most.
Move beyond training metrics to meaningful behavior-based risk insights.
Align human risk with threat intelligence and control frameworks.

More than a database. A foundation for reasoning

SebDB is the beginning of an ontology. It is a structured representation of knowledge that will eventually define how security behaviors relate to:

Risks and impacts
Threat actor actions
Control mechanisms
Behavior change techniques
Intervention types

Where legacy training taxonomies fall short, SebDB is machine-actionable, extensible, and interoperable. It allows security teams to embed human behavior into threat models, workflows, and decision-making

This turns SebDB into a shared language and a reasoning layer. It enables automation, standardization, and behavioral intelligence across tools, teams, and vendors.

Proudly open source

SebDB is open source by design

More than a licensing decision, it reflects a belief that human cyber risk is too important, too complex, and too dynamic to be defined by closed systems or proprietary logic.

SebDB is transparent and free to use, inspect, and improve. It’s built to grow through collaboration.

Science works best in the open
Security benefits from collaboration.
Shared problems need shared thinking.

By sharing the structure, the logic, and the science behind SebDB, we invite scrutiny, contribution, and innovation. We invite the global security community to help shape the future of behavioral security.

In summary

SebDB gives shape and meaning to the human side of cybersecurity. It transforms fragmented behavior data into risk insight and resilience intelligence. It allows organizations to measure what matters, align with real-world threats, and act with precision. As well as a unique research project, it’s the foundation of a new approach to cyber risk. One that understands people not as the weakest link, but as an integral, measurable, and improvable part of security. And it'sjust getting started

What the community is saying

"Hooray the negative behaviours are gone!"

Nick Allen

Information Security Specialist, Just Eat Takeaway.com

"It is much appreciated, and it will benefit many. …I find the clarity of the SebDB Principles and Writing guide superb!"

Jan van de Weerdhof

Cybersecurity Manager

"Love the new behaviors around enhanced authentication methods such as passkey!"

Cassie Clark

Security Awareness Lead

"Following its first publication, SebDB quickly became a foundational tool – something I (and no doubt others) constantly come back to to ratify, validate and inspire our programmes. With the recent research- and evidence-backed updates, alignment with commonly used frameworks such as NIST and MITRE ATT&CK, and incorporation of feedback from professionals using this model in the wild, v4 SebDB has been made an even more relevant and indispensable part of the human risk toolkit."

Louise Cockburn

Information Security Awareness and Culture Manager, Quilter