## Gemini Prompt Engineering Notes

Prompt engineering helps improve the quality, relevance, and consistency of AI outputs. To increase the likelihood of the Gemini API to generate a similar report to the one our sponsor provided, we will be testing structured, specific prompts to control the model's randomness and prevent having to expend resources to train a model.

Gemini API Structure:
- User Inputs: Multimodal, allows prompts to include text, images, video, and audio
- System Instructions: Guide the model's behavior and provide context for the entire user interaction. We will definetly specify the output format to ensure it is saved into the database correctly.
    - Plan to test: Persona/role, output style/tone
- Configuration Parameters: Control content generation and fine-tune the model's reponse.

### Data From Sponsor

Questionnaire / Organization Profile Example

| Org Name | Email Domain | Website Domain | External IP | Do you require MFA to access email? | Do you require MFA to log into computers? | Do you require MFA to access sensitive data systems? | Does your organization have an employee acceptable use policy? | Does your organization do security awareness training for new employees? | Does your organization do security awareness training for all employees at least once per year? |
| :---: | :---: | :--: | :--: | :--: | :--: | :--: | :--: | :--: | :--: |
| Valier School District | valier.k12.mt.us | www.valier.k12.mt.us | 216.220.16.170 | Yes | Yes | Yes | Yes | Yes | Yes |

DNS DIG on Email Domain

``` 
id 49113
opcode QUERY
rcode NOERROR
flags QR RD RA
;QUESTION
valier.k12.mt.us. IN ANY
;ANSWER
valier.k12.mt.us. 3600 IN SOA cudess1.umt.edu. dns-request.umt.edu. 2024030501 21600 900 1209600 86400
valier.k12.mt.us. 3600 IN NS ens-o1.umt.edu.
valier.k12.mt.us. 3600 IN NS cudess2.umt.edu.
valier.k12.mt.us. 3600 IN NS cudess1.umt.edu.
valier.k12.mt.us. 3600 IN A 216.239.38.21
valier.k12.mt.us. 3600 IN A 216.239.32.21
valier.k12.mt.us. 3600 IN A 216.239.34.21
valier.k12.mt.us. 3600 IN A 216.239.36.21
valier.k12.mt.us. 3600 IN MX 1 aspmx.l.google.com.
valier.k12.mt.us. 3600 IN MX 10 aspmx2.googlemail.com.
valier.k12.mt.us. 3600 IN MX 10 aspmx3.googlemail.com.
valier.k12.mt.us. 3600 IN MX 5 alt1.aspmx.l.google.com.
valier.k12.mt.us. 3600 IN MX 5 alt2.aspmx.l.google.com.
valier.k12.mt.us. 3600 IN TXT "v=spf1 include:_spf.google.com include:mg.infinitecampus.org -all"
;AUTHORITY
;ADDITIONAL
```

DNS DIG on Email DMARC Domain

```
id 45565
opcode QUERY
rcode NOERROR
flags QR RD RA
;QUESTION
_dmarc.valier.k12.mt.us. IN ANY
;ANSWER
_dmarc.valier.k12.mt.us. 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@valier.k12.mt.us"
;AUTHORITY
;ADDITIONAL
```

Port Scan on Web

```
--------------------------------------------------
Scanning Target: 216.239.32.21
Scanning started at:2025-07-18 22:09:34.408091
--------------------------------------------------
Port 80 is open
Port 443 is open
```

Port Scan on External IP

```
--------------------------------------------------
Scanning Target: 216.220.16.170
Scanning started at:2025-07-18 22:12:17.055226
--------------------------------------------------
no ports open
```

### Sample Prompt from Sponsor

Given this DNS DIG, Port scan of the website, Port scan of the firewall, and the answers to the security questionnaire, write a report on the cybersecurity readiness of the organization.

### Example Report from Sponsor, Generated from ChatGPT

**Cybersecurity Readiness Report for Valier School District**

**Date:** July 18, 2025

**1. Overview**

This report evaluates the cybersecurity posture of Valier School District based on technical scans (DNS, DMARC, and port scanning) and a self-reported security questionnaire. The findings reflect a strong commitment to foundational cybersecurity practices across user access, email protection, network exposure, and staff awareness.

**2. Organizational Information**
- **Organization Name:** Valier School District
- **Email Domain:** valier.k12.mt.us
- **Website Domain:** www.valier.k12.mt.us
- **External IP (Firewall):** 216.220.16.170
- **Website Hosting IPs:** 216.239.32.21, 216.239.34.21, 216.239.36.21, 216.239.38.21
- **DNS Hosting:** Managed by University of Montana (umt.edu nameservers)

**3. Security Questionnaire Review**
| Security Control | Status |
| :--------------: | :----: |
| MFA for Email | Yes |
| MFA for Computer Login | Yes |
| MFA for Sensitive Systems | Yes |
| Acceptable Use Policy | Yes |
| New Employee Security Awareness Training | Yes |
| Annual All-Employee Security Training | Yes |

**Summary:** The district reports complete implementation of basic cyber hygiene practices, especially user authentication (Multi-Factor Authentication) and routine training. This indicates a proactive and policy-driven approach to risk mitigation.

**4. DNS & Email Security**

**DNS Records**
- DNS is managed by the University of Montana (cudess1.umt.edu, cudess2.umt.edu), suggesting centralized and professionally administered DNS.
- A records point to IPs within Google's network (likely Google Sites hosting for web content).
**MX Records (Email)**
- The district uses Google Workspace (Gmail) for email, as shown by multiple aspmx.l.google.com MX records.
- SPF record is correctly configured: v=spf1 include:_spf.google.com include:mg.infinitecampus.org -all
    - This helps mitigate spoofing by defining authorized mail senders.
**DMARC Record**
- A valid DMARC record exists with a **reject** policy: v=DMARC1; p=reject; rua=mailto:dmarc@valier.k12.mt.us
    - This instructs receiving servers to reject unauthenticated mail, providing strong protection against phishing.
**Conclusion:** DNS and email protections (SPF, DMARC, and hosting security) are configured correctly and follow best practices.

**5. Port Scanning Results**

**Website Hosting (Google IP: 216.239.32.21)**
- **Port 80 (HTTP):** Open
- **Port 443 (HTTPS):** Open
These are expected for a publicly accessible website and are typical for Google-hosted services.

**Firewall / External IP (216.220.16.170)**
- **All scanned ports are closed**
This is a strong sign of network perimeter hardening and good firewall configuration. No externally exposed services were found on the organization's primary IP.

**6. Risk Assessment & Readiness Summary**
| Category | Status | Notes |
| :------: | :----: | :---: |
| Authentication Security | Strong | MFA is required across key systems |
| Email Security | Strong | SPF and DMARC with "reject" policy in place |
| Network Exposure | Secure | No exposed services on the external firewall IP |
| Web Hosting | Secure | Google-hosted; limited attack surface |
| Policy & Training | Comprehensive | Acceptable use policies and regular training in place |

**7. Recommendations**
Although the cybersecurity readiness is solid, continuous improvement is essential. We recommend the following:
1. **Verify DKIM**: While SPF and DMARC are configured, ensure **DKIM** is also active for all sending domains.
2. **Vulnerability Scanning**: Consider regular internal and external vulnerability assessments of network devices and servers.
3. **Incident Response Plan**: Document and regularly test a cybersecurity incident reponse and disaster recovery plan.
4. **Asset Inventory**: Maintain a regularly updated inventory of hardware/software assets and monitor for unauthorized changes.
5. **Third-party Risk**: Evaluate vendors (e.g., Infinite Campus) for their security psture, especially since they're included in SPF.

**8. Conclusion**

Valier School District demonstrates a strong cybersecurity foundation, particularly in authentication, email protection, staff training, and perimeter security. Continued vigilance and regular audits will help maintain and improve this strong security posture.

**Prepared by:**

Cybersecurity Assessment Team

**Date:** July 18, 2025

## Testing Gemini API

[Gemini Models](https://ai.google.dev/gemini-api/docs/models)

### Testing Framework
Model Type
1. Gemini 2.5 Pro
2. Gemini 2.5 Flash
3. Gemini 2.5 Flash-Lite

Input Type
1. PDF/Document Input
2. JSON Input
3. Text/Markdown Input

In [1]:
import os
import google.generativeai as genai
from dotenv import load_dotenv, find_dotenv

load_dotenv(find_dotenv())
genai.configure(api_key=os.environ["GEMINI_API_KEY"])
model = genai.GenerativeModel('gemini-2.5-pro')

  from .autonotebook import tqdm as notebook_tqdm


In [2]:
import json
import re
import markdown

def generate_html_from_markdown(text_content):
    """
    Extracts Markdown content and converts it into a full, styled HTML string.
    This function contains all the text processing logic.

    Args:
        text_content (str): The raw text content.

    Returns:
        str or None: The complete HTML string, or None if extraction fails.
    """
    markdown_content = text_content

    # 1. Content Extraction Logic
    try:
        # Check for code-fenced JSON structure first
        json_match = re.search(r'```json\s*(.*?)\s*```', text_content, re.DOTALL)
        if json_match:
            json_string = json_match.group(1).strip()
            try:
                data = json.loads(json_string)
                markdown_content = data.get("text", "")
            except json.JSONDecodeError:
                print("Warning: JSON inside the code block is not valid. Treating entire content as plain text.")
                markdown_content = text_content
        else:
            # Try to load the entire content as plain JSON
            try:
                data = json.loads(text_content)
                markdown_content = data.get("text", "")
            except json.JSONDecodeError:
                # If neither works, treat the entire input as Markdown text
                markdown_content = text_content

        if not isinstance(markdown_content, str):
            print(f"Error: Markdown content is not a string, it's a {type(markdown_content)}. Aborting HTML generation.")
            return None

        # 2. Markdown to HTML Conversion
        html_output = markdown.markdown(markdown_content, extensions=['tables', 'fenced_code'])

        # 3. Full HTML Structure with CSS for PDF Styling (WeasyPrint needs this structure)
        full_html = f"""
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Markdown Export</title>
    <style>
        @page {{
            size: A4;
            margin: 1in;
            @top-center {{ content: element(header); }}
        }}
        body {{
            font-family: 'Noto Sans', sans-serif;
            line-height: 1.6;
            color: #333;
        }}
        h1, h2, h3, h4, h5, h6 {{ color: #1a1a1a; margin-top: 1.5em; }}
        pre {{
            background-color: #f4f4f4;
            padding: 1rem;
            border-radius: 4px;
            overflow-x: auto;
            border: 1px solid #ddd;
            font-family: monospace;
        }}
        code {{ font-family: monospace; }}
        blockquote {{
            border-left: 5px solid #007bff;
            padding-left: 1.5rem;
            color: #555;
            margin: 1rem 0;
        }}
        table {{
            border-collapse: collapse;
            width: 100%;
            margin: 1.5rem 0;
        }}
        th, td {{
            border: 1px solid #ddd;
            padding: 10px;
            text-align: left;
        }}
        th {{
            background-color: #e9ecef;
            font-weight: bold;
        }}
        img {{ max-width: 100%; height: auto; }}
    </style>
</head>
<body>
{html_output}
</body>
</html>
"""
        return full_html

    except Exception as e:
        print(f"An unexpected error occurred during content generation: {e}")
        return None



In [None]:
def export_html_to_files(full_html_content, html_output_filename="output.html"):
    """
    Takes the generated HTML string and performs the file exports (HTML and PDF).
    This function uses the WeasyPrint library.

    Args:
        full_html_content (str): The HTML content generated by generate_html_from_markdown.
        pdf_output_filename (str): The path to save the generated PDF file.
        html_output_filename (str): The path to save the intermediate HTML file.
    """
    if not full_html_content:
        print("Export failed: HTML content is empty or None.")
        return

    try:
        with open(html_output_filename, "w", encoding="utf-8") as f:
            f.write(full_html_content)
        print(f"✅ Successfully exported HTML: {html_output_filename}")

    except Exception as e:
        print(f"❌ An unexpected error occurred during file export: {e}")

In [4]:
# import json
# import re
# import markdown
# from weasyprint import HTML, CSS

# def json_to_pdf(text_content, pdf_output_filename="output.pdf", html_output_filename="output.html"):
#     print("hi")

In [5]:
import json

proModel = genai.GenerativeModel('gemini-2.5-pro')
flashModel = genai.GenerativeModel('gemini-2.5-flash')
flashLiteModel = genai.GenerativeModel('gemini-2.5-flash-lite')

prompt_text = 'Prompt:\nGiven this DNS DIG, Port scan of the website, Port scan of the firewall, and the answers to the security questionnaire, write a report on the cybersecurity readiness of the organization.'

context1_text = 'Context:\n'
context2_text = 'Context:\n'

example_text = 'Example:\n' + prompt_text

filepaths = ["template/test_questionnaire.json", "template/test_port_scan_external_ip.json", "template/test_port_scan_web.json", "template/test_dns_dig_email.json", "template/test_dns_dig_email_dmarc.json", "template/test_sample_report.json"]
sample1_filepaths = ["sample1/sample1_questionnaire.json", "sample1/sample1_dns_dig_email_dmarc.json" ,"sample1/sample1_dns_dig_email.json", "sample1/sample1_port_scan_external_ip.json", "sample1/sample1_port_scan_web.json"]
sample2_filepaths = ["sample2/sample2_questionnaire.json", "sample2/sample2_dns_dig_email_dmarc.json", "sample2/sample2_dns_dig_email.json", "sample2/sample2_port_scan_external_ip.json", "sample2/sample2_port_scan_web.json"]

for file in filepaths:
    try:
        with open(file, 'r', encoding='utf-8') as f:
            data = json.load(f)
            example_text += f"{file}:\n{json.dumps(data,indent=2)}\n--\n"

    except FileNotFoundError:
        f"[ERROR] File not found at path: {file}"
    except json.JSONDecodeError:
        f"[ERROR] Failed to decode JSON from file: {file}. Please check the file's syntax"
    except Exception as e:
        f"[ERROR] An unexpected error occurred: {e}"

print("=======  Example ==========")
print(example_text)
print("===========================")

for file in sample1_filepaths:
    try:
        with open(file, 'r', encoding='utf-8') as f:
            data = json.load(f)
            context1_text += f"{file}:\n{json.dumps(data,indent=2)}\n--\n"

    except FileNotFoundError:
        f"[ERROR] File not found at path: {file}"
    except json.JSONDecodeError:
        f"[ERROR] Failed to decode JSON from file: {file}. Please check the file's syntax"
    except Exception as e:
        f"[ERROR] An unexpected error occurred: {e}"

print("======== Sample 1 =========")
print(prompt_text)
print(context1_text)
print("===========================")

for file in sample2_filepaths:
    try:
        with open(file, 'r', encoding='utf-8') as f:
            data = json.load(f)
            context2_text += f"{file}:\n{json.dumps(data,indent=2)}\n--\n"

    except FileNotFoundError:
        f"[ERROR] File not found at path: {file}"
    except json.JSONDecodeError:
        f"[ERROR] Failed to decode JSON from file: {file}. Please check the file's syntax"
    except Exception as e:
        f"[ERROR] An unexpected error occurred: {e}"

print("======== Sample 2 =========")
print(prompt_text)
print(context2_text)
print("===========================")

Example:
Prompt:
Given this DNS DIG, Port scan of the website, Port scan of the firewall, and the answers to the security questionnaire, write a report on the cybersecurity readiness of the organization.template/test_questionnaire.json:
{
  "text": {
    "Organization Name": "Valier School District",
    "Email Domain": "valier.k12.mt.us",
    "Website Domain": "www.valier.k12.mt.us",
    "External IP": "216.220.16.170",
    "Do you require MFA to access email?": "Yes",
    "Do you require MFA to log into computers?": "Yes",
    "Do you require MFA to access sensitive data systems?": "Yes",
    "Does your organization have an employee acceptable use policy?": "Yes",
    "Does your organization do security awareness training for new employees?": "Yes",
    "Does your organization do security awareness training for all employees at least once per year?": "Yes"
  }
}
--
template/test_port_scan_external_ip.json:
{
  "text": "--------------------------------------------------\nScanning Targ

In [6]:
# === SAMPLE 1 ===

# input markdown-formatted text, output markdown
response = proModel.generate_content(contents=[prompt_text, context1_text + "\n" + example_text])
print(response.text)

**Cybersecurity Readiness Report for Apex Innovations**

**Date:** October 14, 2025

**1. Overview**

This report provides a cybersecurity readiness assessment for Apex Innovations. The evaluation is based on a review of the organization's self-reported security practices via a questionnaire, combined with technical analysis of its public-facing DNS records and network port scans. The findings indicate a strong commitment to user authentication and email security, with some areas for improvement in network perimeter hardening.

**2. Organizational Information**
- **Organization Name:** Apex Innovations
- **Email Domain:** apexinnovations.com
- **Website Domain:** www.apexinnovations.com
- **External IP / Web Server:** 72.21.196.160

**3. Security Questionnaire Review**

| Security Control | Status |
| :--- | :---: |
| MFA for Email | Yes |
| MFA for Computer Login | Yes |
| MFA for Sensitive Systems | Yes |
| Acceptable Use Policy | Yes |
| New Employee Security Awareness Training | Ye

In [None]:
generated_html = generate_html_from_markdown(response.text)
export_html_to_files(generated_html, "pro_sample1_markdown_markdown.html")

✅ Successfully exported HTML: pro_sample1_markdown_markdown.html


In [8]:
response = flashModel.generate_content(contents=[prompt_text, context1_text + "\n" + example_text])
print(response.text)

**Cybersecurity Readiness Report for Apex Innovations**

**Date:** October 14, 2025

**1. Overview**

This report assesses the cybersecurity posture of Apex Innovations based on DNS records, email security configurations (SPF, DMARC), external port scans, and responses to a security questionnaire. The organization demonstrates a strong foundation in several key areas, particularly in user authentication, email security, and employee awareness. Network exposure appears well-managed, with only essential web services openly accessible.

**2. Organizational Information**
-   **Organization Name:** Apex Innovations
-   **Email Domain:** apexinnovations.com
-   **Website Domain:** www.apexinnovations.com
-   **External IP:** 72.21.196.160
-   **DNS Hosting:** Self-managed or hosted by a provider using Apex Innovations' nameservers (ns1.apexinnovations.com, ns2.apexinnovations.com).
-   **Email Service:** Microsoft 365 / Outlook.com (based on SPF record).

**3. Security Questionnaire Review**

In [None]:
generated_html = generate_html_from_markdown(response.text)
export_html_to_files(generated_html, "flash_sample1_markdown_markdown.html")

✅ Successfully exported HTML: flash_sample1_markdown_markdown.html


In [10]:
response = flashLiteModel.generate_content(contents=[prompt_text, context1_text + "\n" + example_text])
print(response.text)

**Cybersecurity Readiness Report for Apex Innovations**

**Date:** October 14, 2025

**1. Overview**

This report assesses the cybersecurity readiness of Apex Innovations based on provided DNS DIG records, port scan results for the website and firewall, and responses to a security questionnaire. The findings indicate a generally sound cybersecurity posture with strong foundational controls, particularly in user authentication and email security.

**2. Organizational Information**

*   **Organization Name:** Apex Innovations
*   **Email Domain:** apexinnovations.com
*   **Website Domain:** www.apexinnovations.com
*   **External IP (Firewall):** 72.21.196.160
*   **Website Hosting IP:** 72.21.196.160
*   **DNS Hosting:** Managed by Apex Innovations' own nameservers (ns1.apexinnovations.com, ns2.apexinnovations.com)

**3. Security Questionnaire Review**

| Security Control                              | Status |
| :-------------------------------------------- | :----- |
| MFA for Email   

In [None]:
generated_html = generate_html_from_markdown(response.text)
export_html_to_files(generated_html, "flash_lite_sample1_markdown_markdown.html")

✅ Successfully exported HTML: flash_lite_sample1_markdown_markdown.html


In [12]:
# === SAMPLE 2 ===

# input markdown-formatted text, output markdown
response = proModel.generate_content(contents=[prompt_text, context2_text + "\n" + example_text])
print(response.text)

**Cybersecurity Readiness Report for G.A.S. Inc.**

**Date:** October 14, 2025

**1. Overview**

This report provides an assessment of the cybersecurity readiness of G.A.S. Inc. based on a security questionnaire and technical scans of the organization's public-facing digital assets. The evaluation reveals critical deficiencies across network security, email authentication, user access controls, and security policies. The organization's current posture presents a high risk of unauthorized access, data breach, and business email compromise. Immediate and comprehensive remediation efforts are strongly advised.

**2. Organizational Information**
- **Organization Name:** G.A.S. Inc.
- **Email Domain:** gasinc.net
- **Website Domain:** www.gasinc.net
- **External / Website IP:** 104.28.1.189

**3. Security Questionnaire Review**
The self-reported questionnaire indicates a lack of fundamental cybersecurity policies and controls.

| Security Control | Status |
| :--- | :---: |
| MFA for Email 

In [None]:
generated_html = generate_html_from_markdown(response.text)
export_html_to_files(generated_html, "pro_sample2_markdown_markdown.html")

✅ Successfully exported HTML: pro_sample2_markdown_markdown.html


In [15]:
response = flashModel.generate_content(contents=[prompt_text, context2_text + "\n" + example_text])
print(response.text)

**Cybersecurity Readiness Report for G.A.S. Inc.**

**Date:** October 14, 2025

**1. Overview**

This report assesses the cybersecurity posture of G.A.S. Inc. based on technical scans (DNS, DMARC, and port scanning) and a self-reported security questionnaire. The findings indicate a significantly low level of cybersecurity readiness across multiple critical areas, presenting substantial risks to the organization's data, systems, and operations. Urgent action is required to address these vulnerabilities.

**2. Organizational Information**
-   **Organization Name:** G.A.S. Inc.
-   **Email Domain:** gasinc.net
-   **Website Domain:** www.gasinc.net
-   **External IP:** 104.28.1.189
-   **DNS Hosting:** Self-managed (dns1.gasinc.net, dns2.gasinc.net)
-   **Email Hosting:** Mailhostbox.com

**3. Security Questionnaire Review**

| Security Control | Status |
| :-------------------------------: | :----: |
| MFA for Email | No |
| MFA for Computer Login | No |
| MFA for Sensitive Data Systems

In [None]:
generated_html = generate_html_from_markdown(response.text)
export_html_to_files(generated_html, "flash_sample2_markdown_markdown.html")

✅ Successfully exported HTML: flash_sample2_markdown_markdown.html


In [17]:
response = flashLiteModel.generate_content(contents=[prompt_text, context2_text + "\n" + example_text])
print(response.text)

**Cybersecurity Readiness Report for G.A.S. Inc.**

**Date:** October 14, 2025

**1. Overview**

This report assesses the cybersecurity readiness of G.A.S. Inc. based on the provided DNS DIG information, port scan results for the website and firewall, and answers to a security questionnaire. The findings indicate several areas of concern and opportunities for significant improvement in the organization's security posture.

**2. Organizational Information**

*   **Organization Name:** G.A.S. Inc.
*   **Email Domain:** gasinc.net
*   **Website Domain:** www.gasinc.net
*   **External IP (Firewall):** 104.28.1.189
*   **Website Hosting IP:** 104.28.1.189 (also appears to be the firewall IP)

**3. Security Questionnaire Review**

| Security Control                              | Status |
| :-------------------------------------------- | :----- |
| MFA to access email?                          | No     |
| MFA to log into computers?                    | No     |
| MFA to access sensitive dat

In [None]:
generated_html = generate_html_from_markdown(response.text)
export_html_to_files(generated_html, "flash_lite_sample2_markdown_markdown.html")

✅ Successfully exported HTML: flash_lite_sample2_markdown_markdown.html


In [39]:
# === SAMPLE 1 ===

#input markdown-formatted text, output JSON
response = proModel.generate_content(
    contents=[prompt_text, context1_text + "\n" + example_text],
    generation_config={
        'response_mime_type': 'application/json',
        'response_schema': {
            'type':'object',
            'properties': {
                'Overview': {'type': 'string'},
                'Organizational Information': {'type': 'array', 'items': {'type': 'string'}},
                'Security Questionnaire Review': {'type': 'array', 'items': {'type': 'string'}},
                'DNS & Email Security': {'type': 'array', 'items': {'type': 'string'}},
                'Port Scanning Results': {'type': 'array', 'items': {'type': 'string'}},
                'Risk Assessment & Readiness Summary': {'type': 'array', 'items': {'type': 'string'}},
                'Recommendations': {'type': 'array', 'items': {'type': 'string'}},
                'Conclusion': {'type': 'string'},
            },
            'required': ['Overview', 'Organizational Information', 'Security Questionnaire Review', 'DNS & Email Security', 'Port Scanning Results', 'Risk Assessment & Readiness Summary', 'Recommendations', 'Conclusion']
        }
    }
)
print(response.text)

{
  "Overview": "This report provides a cybersecurity readiness assessment for Apex Innovations, based on a review of their self-reported security questionnaire, DNS and email security configurations, and external port scans. The assessment reveals a strong commitment to security fundamentals, particularly in user authentication and email protection. However, a potential misconfiguration in email records presents a notable risk that requires attention.",
  "Organizational Information": [
    "Organization Name: Apex Innovations",
    "Email Domain: apexinnovations.com",
    "Website Domain: www.apexinnovations.com",
    "External / Website IP: 72.21.196.160"
  ],
  "Security Questionnaire Review": [
    "MFA Implementation: The organization reports mandatory Multi-Factor Authentication (MFA) for email access, computer logins, and access to sensitive data systems. This significantly strengthens user account security.",
    "Security Policies: An employee acceptable use policy is in plac

In [41]:
response = flashModel.generate_content(
    contents=[prompt_text, context1_text + "\n" + example_text],
    generation_config={
        'response_mime_type': 'application/json',
        'response_schema': {
            'type':'object',
            'properties': {
                'Overview': {'type': 'string'},
                'Organizational Information': {'type': 'array', 'items': {'type': 'string'}},
                'Security Questionnaire Review': {'type': 'array', 'items': {'type': 'string'}},
                'DNS & Email Security': {'type': 'array', 'items': {'type': 'string'}},
                'Port Scanning Results': {'type': 'array', 'items': {'type': 'string'}},
                'Risk Assessment & Readiness Summary': {'type': 'array', 'items': {'type': 'string'}},
                'Recommendations': {'type': 'array', 'items': {'type': 'string'}},
                'Conclusion': {'type': 'string'},
            },
            'required': ['Overview', 'Organizational Information', 'Security Questionnaire Review', 'DNS & Email Security', 'Port Scanning Results', 'Risk Assessment & Readiness Summary', 'Recommendations', 'Conclusion']
        }
    }
)
print(response.text)

{
  "Overview": "This report assesses the cybersecurity readiness of Apex Innovations, incorporating findings from DNS records, DMARC configuration, port scans of their external IP and website, and responses from a security questionnaire. The organization demonstrates a robust foundational security posture, particularly in user authentication, email security, and employee training. Key areas of strength include widespread Multi-Factor Authentication (MFA) and comprehensive email authentication protocols (SPF and DMARC with a 'reject' policy). The network perimeter shows expected openings for web services, indicating a need for continued vigilance on web application security.",
  "Organizational Information": [
    "Organization Name: Apex Innovations",
    "Email Domain: apexinnovations.com",
    "Website Domain: www.apexinnovations.com",
    "External IP (Firewall & Website): 72.21.196.160",
    "DNS Hosting: Self-managed via ns1.apexinnovations.com and ns2.apexinnovations.com"
  ],
 

In [42]:
response = flashLiteModel.generate_content(
    contents=[prompt_text, context1_text + "\n" + example_text],
    generation_config={
        'response_mime_type': 'application/json',
        'response_schema': {
            'type':'object',
            'properties': {
                'Overview': {'type': 'string'},
                'Organizational Information': {'type': 'array', 'items': {'type': 'string'}},
                'Security Questionnaire Review': {'type': 'array', 'items': {'type': 'string'}},
                'DNS & Email Security': {'type': 'array', 'items': {'type': 'string'}},
                'Port Scanning Results': {'type': 'array', 'items': {'type': 'string'}},
                'Risk Assessment & Readiness Summary': {'type': 'array', 'items': {'type': 'string'}},
                'Recommendations': {'type': 'array', 'items': {'type': 'string'}},
                'Conclusion': {'type': 'string'},
            },
            'required': ['Overview', 'Organizational Information', 'Security Questionnaire Review', 'DNS & Email Security', 'Port Scanning Results', 'Risk Assessment & Readiness Summary', 'Recommendations', 'Conclusion']
        }
    }
)
print(response.text)

{
  "Overview": "This report evaluates the cybersecurity posture of Apex Innovations based on technical scans (DNS, DMARC, and port scanning) and a self-reported security questionnaire. The findings indicate a strong implementation of foundational cybersecurity controls across user authentication, email security, and network exposure.",
  "Organizational Information": [
    "Organization Name: Apex Innovations",
    "Email Domain: apexinnovations.com",
    "Website Domain: www.apexinnovations.com",
    "External IP (Firewall): 72.21.196.160",
    "Website Hosting IP: 72.21.196.160",
    "DNS Hosting: Implicitly managed by the organization, with authoritative nameservers likely within their control."
  ],
  "Security Questionnaire Review": [
    "MFA for Email: Yes",
    "MFA for Computer Login: Yes",
    "MFA for Sensitive Systems: Yes",
    "Acceptable Use Policy: Yes",
    "New Employee Security Awareness Training: Yes",
    "Annual All-Employee Security Training: Yes",
    "Summary:

In [None]:
generated_html = generate_html_from_markdown(response.text)
export_html_to_files(generated_html, "flash_lite_sample1_markdown_json.html")

In [43]:
# === SAMPLE 2 ===

#input markdown-formatted text, output JSON
response = proModel.generate_content(
    contents=[prompt_text, context2_text + "\n" + example_text],
    generation_config={
        'response_mime_type': 'application/json',
        'response_schema': {
            'type':'object',
            'properties': {
                'Overview': {'type': 'string'},
                'Organizational Information': {'type': 'array', 'items': {'type': 'string'}},
                'Security Questionnaire Review': {'type': 'array', 'items': {'type': 'string'}},
                'DNS & Email Security': {'type': 'array', 'items': {'type': 'string'}},
                'Port Scanning Results': {'type': 'array', 'items': {'type': 'string'}},
                'Risk Assessment & Readiness Summary': {'type': 'array', 'items': {'type': 'string'}},
                'Recommendations': {'type': 'array', 'items': {'type': 'string'}},
                'Conclusion': {'type': 'string'},
            },
            'required': ['Overview', 'Organizational Information', 'Security Questionnaire Review', 'DNS & Email Security', 'Port Scanning Results', 'Risk Assessment & Readiness Summary', 'Recommendations', 'Conclusion']
        }
    }
)
print(response.text)

{
  "Overview": "This report assesses the cybersecurity readiness of G.A.S. Inc. based on a security questionnaire and technical scans of its public-facing infrastructure. The findings reveal critical deficiencies in fundamental security controls, including user authentication, email security, network perimeter defense, and employee security awareness. The organization currently exhibits a high-risk security posture and requires immediate remediation to protect against common cyber threats.",
  "Organizational Information": [
    "Organization Name: G.A.S. Inc.",
    "Email Domain: gasinc.net",
    "Website Domain: www.gasinc.net",
    "External IP: 104.28.1.189"
  ],
  "Security Questionnaire Review": [
    "MFA for Email: No - This is a critical weakness, leaving email accounts vulnerable to takeover via credential theft.",
    "MFA for Computer Login: No - The lack of MFA on workstations increases the risk of unauthorized access to the internal network.",
    "MFA for Sensitive Syst

In [44]:
response = flashModel.generate_content(
    contents=[prompt_text, context2_text + "\n" + example_text],
    generation_config={
        'response_mime_type': 'application/json',
        'response_schema': {
            'type':'object',
            'properties': {
                'Overview': {'type': 'string'},
                'Organizational Information': {'type': 'array', 'items': {'type': 'string'}},
                'Security Questionnaire Review': {'type': 'array', 'items': {'type': 'string'}},
                'DNS & Email Security': {'type': 'array', 'items': {'type': 'string'}},
                'Port Scanning Results': {'type': 'array', 'items': {'type': 'string'}},
                'Risk Assessment & Readiness Summary': {'type': 'array', 'items': {'type': 'string'}},
                'Recommendations': {'type': 'array', 'items': {'type': 'string'}},
                'Conclusion': {'type': 'string'},
            },
            'required': ['Overview', 'Organizational Information', 'Security Questionnaire Review', 'DNS & Email Security', 'Port Scanning Results', 'Risk Assessment & Readiness Summary', 'Recommendations', 'Conclusion']
        }
    }
)
print(response.text)

{
 "Overview": "This report evaluates the cybersecurity posture of G.A.S. Inc. based on technical scans (DNS, DMARC, and port scanning) and a self-reported security questionnaire. The findings indicate a critically weak cybersecurity posture across multiple domains, including user authentication, email security, and network perimeter exposure. The lack of basic security policies, employee training, and the presence of numerous open and potentially insecure ports on their external IP collectively point to a high-risk environment.",
 "Organizational Information": [
  "Organization Name: G.A.S. Inc.",
  "Email Domain: gasinc.net",
  "Website Domain: www.gasinc.net",
  "External IP: 104.28.1.189"
 ],
 "Security Questionnaire Review": [
  "MFA for Email: No",
  "MFA for Computer Login: No",
  "MFA for Sensitive Data Systems: Yes",
  "Acceptable Use Policy: No",
  "New Employee Security Awareness Training: No",
  "Annual All-Employee Security Training: No",
  "Summary: G.A.S. Inc. lacks fund

In [45]:
response = flashLiteModel.generate_content(
    contents=[prompt_text, context2_text + "\n" + example_text],
    generation_config={
        'response_mime_type': 'application/json',
        'response_schema': {
            'type':'object',
            'properties': {
                'Overview': {'type': 'string'},
                'Organizational Information': {'type': 'array', 'items': {'type': 'string'}},
                'Security Questionnaire Review': {'type': 'array', 'items': {'type': 'string'}},
                'DNS & Email Security': {'type': 'array', 'items': {'type': 'string'}},
                'Port Scanning Results': {'type': 'array', 'items': {'type': 'string'}},
                'Risk Assessment & Readiness Summary': {'type': 'array', 'items': {'type': 'string'}},
                'Recommendations': {'type': 'array', 'items': {'type': 'string'}},
                'Conclusion': {'type': 'string'},
            },
            'required': ['Overview', 'Organizational Information', 'Security Questionnaire Review', 'DNS & Email Security', 'Port Scanning Results', 'Risk Assessment & Readiness Summary', 'Recommendations', 'Conclusion']
        }
    }
)
print(response.text)

{
  "Overview": "This report assesses the cybersecurity readiness of G.A.S. Inc. based on provided DNS, port scanning, and security questionnaire data. The assessment reveals several critical areas of concern, particularly regarding basic security controls and network exposure.",
  "Organizational Information": [
    "Organization Name: G.A.S. Inc.",
    "Email Domain: gasinc.net",
    "Website Domain: www.gasinc.net",
    "External IP: 104.28.1.189"
  ],
  "Security Questionnaire Review": [
    "MFA for Email: No - Significant risk of account compromise.",
    "MFA for Computer Login: No - Poses a risk to endpoint security.",
    "MFA for Sensitive Data Systems: Yes - Positive control, but lack of MFA for email/computers is a major weakness.",
    "Acceptable Use Policy: No - Lacks foundational policy for user conduct and security.",
    "New Employee Security Awareness Training: No - Increases risk of initial security oversights.",
    "Annual All-Employee Security Training: No - Emp

In [21]:
from pypdf import PdfReader

def extract_text_from_pdf(pdf_path):
    text = ""
    try:
        reader = PdfReader(pdf_path)
        for page in reader.pages:
            text += page.extract_text() + "\n"
    except Exception as e:
        print(f"Error reading PDF: {e}")
        return None
    return text

In [22]:
prompt_text = 'Prompt:\nGiven this DNS DIG, Port scan of the website, Port scan of the firewall, and the answers to the security questionnaire, write a report on the cybersecurity readiness of the organization.'

context1_text = 'Context:\n'
context2_text = 'Context:\n'
example_text = 'Example:\n' + prompt_text

filepaths = ["template/test_questionnaire.json", "template/test_port_scan_external_ip.json", "template/test_port_scan_web.json", "template/test_dns_dig_email.json", "template/test_dns_dig_email_dmarc.json"]
pdfFile = "template/test_report.pdf"

sample1_filepaths = ["sample1/sample1_questionnaire.json", "sample1/sample1_dns_dig_email_dmarc.json" ,"sample1/sample1_dns_dig_email.json", "sample1/sample1_port_scan_external_ip.json", "sample1/sample1_port_scan_web.json"]
sample2_filepaths = ["sample2/sample2_questionnaire.json", "sample2/sample2_dns_dig_email_dmarc.json", "sample2/sample2_dns_dig_email.json", "sample2/sample2_port_scan_external_ip.json", "sample2/sample2_port_scan_web.json"]

for file in filepaths:
    try:
        with open(file, 'r', encoding='utf-8') as f:
            data = json.load(f)
            example_text += f"{file}:\n{json.dumps(data,indent=2)}\n--\n"

    except FileNotFoundError:
        f"[ERROR] File not found at path: {file}"
    except json.JSONDecodeError:
        f"[ERROR] Failed to decode JSON from file: {file}. Please check the file's syntax"
    except Exception as e:
        f"[ERROR] An unexpected error occurred: {e}"

example_text += extract_text_from_pdf(pdfFile)

print("=======  Example ==========")
print(example_text)
print("===========================")

for file in sample1_filepaths:
    try:
        with open(file, 'r', encoding='utf-8') as f:
            data = json.load(f)
            context1_text += f"{file}:\n{json.dumps(data,indent=2)}\n--\n"

    except FileNotFoundError:
        f"[ERROR] File not found at path: {file}"
    except json.JSONDecodeError:
        f"[ERROR] Failed to decode JSON from file: {file}. Please check the file's syntax"
    except Exception as e:
        f"[ERROR] An unexpected error occurred: {e}"

print("======== Sample 1 =========")
print(prompt_text)
print(context1_text)
print("===========================")

for file in sample2_filepaths:
    try:
        with open(file, 'r', encoding='utf-8') as f:
            data = json.load(f)
            context2_text += f"{file}:\n{json.dumps(data,indent=2)}\n--\n"

    except FileNotFoundError:
        f"[ERROR] File not found at path: {file}"
    except json.JSONDecodeError:
        f"[ERROR] Failed to decode JSON from file: {file}. Please check the file's syntax"
    except Exception as e:
        f"[ERROR] An unexpected error occurred: {e}"

print("======== Sample 2 =========")
print(prompt_text)
print(context2_text)
print("===========================")

Example:
Prompt:
Given this DNS DIG, Port scan of the website, Port scan of the firewall, and the answers to the security questionnaire, write a report on the cybersecurity readiness of the organization.template/test_questionnaire.json:
{
  "text": {
    "Organization Name": "Valier School District",
    "Email Domain": "valier.k12.mt.us",
    "Website Domain": "www.valier.k12.mt.us",
    "External IP": "216.220.16.170",
    "Do you require MFA to access email?": "Yes",
    "Do you require MFA to log into computers?": "Yes",
    "Do you require MFA to access sensitive data systems?": "Yes",
    "Does your organization have an employee acceptable use policy?": "Yes",
    "Does your organization do security awareness training for new employees?": "Yes",
    "Does your organization do security awareness training for all employees at least once per year?": "Yes"
  }
}
--
template/test_port_scan_external_ip.json:
{
  "text": "--------------------------------------------------\nScanning Targ

In [23]:
# === SAMPLE 1 ===

# input PDF, output markdown
response = proModel.generate_content(contents=[prompt_text, context1_text + "\n" + example_text])
print(response.text)

Cybersecurity Readiness Report for Apex Innovations
Date: October 14, 2025

**1. Overview**

This report provides an evaluation of the cybersecurity readiness of Apex Innovations, based on a combination of a self-reported security questionnaire and external technical scans, including DNS analysis and port scanning. The findings indicate a strong commitment to identity management, employee awareness, and email security. However, the network architecture, which exposes web services on the primary external IP address, presents a notable area for improvement and a potential risk to the organization.

**2. Organizational Information**

*   **Organization Name:** Apex Innovations
*   **Email Domain:** apexinnovations.com
*   **Website Domain:** www.apexinnovations.com
*   **External / Website IP:** 72.21.196.160 (Note: The primary external IP and the web server IP are the same)

**3. Security Questionnaire Review**

| Security Control | Status |
| :--- | :---: |
| MFA for Email | ✅ Yes |
| M

In [None]:
generated_html = generate_html_from_markdown(response.text)
export_html_to_files(generated_html, "pro_sample1_pdf_markdown.html")

✅ Successfully exported HTML: pro_sample1_pdf_markdown.html


In [25]:
response = flashModel.generate_content(contents=[prompt_text, context1_text + "\n" + example_text])
print(response.text)

## Cybersecurity Readiness Report for Apex Innovations

**Date:** October 14, 2025

**1. Overview**
This report assesses the cybersecurity posture of Apex Innovations based on information gathered from DNS records (DIG), port scans of the external IP and website, and responses to a security questionnaire. The findings indicate a robust commitment to essential cybersecurity practices, particularly in user access controls, email security, and staff awareness. The organization appears to directly host its website on its external-facing IP address.

**2. Organizational Information**
*   **Organization Name:** Apex Innovations
*   **Email Domain:** apexinnovations.com
*   **Website Domain:** www.apexinnovations.com
*   **External IP / Website IP:** 72.21.196.160
*   **DNS Hosting:** Self-managed (ns1.apexinnovations.com, ns2.apexinnovations.com)

**3. Security Questionnaire Review**
Apex Innovations reports a strong adherence to foundational cybersecurity policies and controls:

| Security 

In [None]:
generated_html = generate_html_from_markdown(response.text)
export_html_to_files(generated_html, "flash_sample1_pdf_markdown.html")

✅ Successfully exported HTML: flash_sample1_pdf_markdown.html


In [27]:
response = flashLiteModel.generate_content(contents=[prompt_text, context1_text + "\n" + example_text])
print(response.text)

Cybersecurity Readiness Report for Apex Innovations Date: October 14, 2025

**1. Overview**

This report assesses the cybersecurity readiness of Apex Innovations based on provided DNS information, port scan results for the website and firewall, and responses to a security questionnaire. The findings indicate a generally strong security posture with robust practices in place for authentication and email security, coupled with a well-hardened external network perimeter.

**2. Organizational Information**

*   **Organization Name:** Apex Innovations
*   **Email Domain:** apexinnovations.com
*   **Website Domain:** www.apexinnovations.com
*   **External IP (Firewall):** 72.21.196.160
*   **Website Hosting IP:** 72.21.196.160 (as indicated by the A record for the domain)
*   **DNS Hosting:** Managed internally (indicated by `ns1.apexinnovations.com` and `ns2.apexinnovations.com` as name servers).

**3. Security Questionnaire Review**

| Security Control                       | Status |
| :-

In [None]:
generated_html = generate_html_from_markdown(response.text)
export_html_to_files(generated_html, "flash_lite_sample1_pdf_markdown.html")

✅ Successfully exported HTML: flash_lite_sample1_pdf_markdown.html


In [29]:
# === SAMPLE 2 ===

# input PDF, output markdown
response = proModel.generate_content(contents=[prompt_text, context2_text + "\n" + example_text])
print(response.text)

Cybersecurity Readiness Report for G.A.S. Inc.
Date: October 14, 2025

**1. Overview**
This report evaluates the cybersecurity posture of G.A.S. Inc. based on a security questionnaire and external technical scans. The findings reveal critical vulnerabilities in network security, email configuration, user authentication, and organizational policy. The organization currently has a very weak security posture and is at high risk of a cyberattack, including ransomware, data breach, and business email compromise. Immediate and decisive action is required to mitigate these risks.

**2. Organizational Information**
● **Organization Name:** G.A.S. Inc.
● **Email Domain:** gasinc.net
● **Website Domain:** www.gasinc.net
● **External IP Address:** 104.28.1.189

**3. Security Questionnaire Review**

| Security Control | Status |
| :--- | :--- |
| MFA for Email | ❌ **No** |
| MFA for Computer Login | ❌ **No** |
| MFA for Sensitive Systems | ✅ Yes |
| Acceptable Use Policy | ❌ **No** |
| New Employe

In [None]:
generated_html = generate_html_from_markdown(response.text)
export_html_to_files(generated_html, "pro_sample2_pdf_markdown.html")

✅ Successfully exported HTML: pro_sample2_pdf_markdown.html


In [31]:
response = flashModel.generate_content(contents=[prompt_text, context2_text + "\n" + example_text])
print(response.text)

## Cybersecurity Readiness Report for G.A.S. Inc.

**Date:** October 14, 2025

---

### 1. Overview

This report provides an assessment of the cybersecurity posture of G.A.S. Inc. based on a review of technical information (DNS records, DMARC status, and external port scans) and self-reported answers to a security questionnaire. The findings indicate significant vulnerabilities and a low level of cybersecurity readiness across several critical areas, necessitating immediate attention and remediation.

### 2. Organizational Information

*   **Organization Name:** G.A.S. Inc.
*   **Email Domain:** gasinc.net
*   **Website Domain:** www.gasinc.net
*   **External IP:** 104.28.1.189
*   **DNS Hosting:** Self-managed (dns1.gasinc.net, dns2.gasinc.net)
*   **Email Hosting:** Mailhostbox (mx.mailhostbox.com)

### 3. Security Questionnaire Review

The security questionnaire reveals critical gaps in foundational security practices within G.A.S. Inc.

| Security Control                       | St

In [None]:
generated_html = generate_html_from_markdown(response.text)
export_html_to_files(generated_html, "flash_sample2_pdf_markdown.html")

✅ Successfully exported HTML: flash_sample2_pdf_markdown.html


In [33]:
response = flashLiteModel.generate_content(contents=[prompt_text, context2_text + "\n" + example_text])
print(response.text)

## Cybersecurity Readiness Report for G.A.S. Inc.

**Date:** October 14, 2025

### 1. Overview

This report assesses the cybersecurity readiness of G.A.S. Inc. based on the provided DNS, port scan results, and answers to a security questionnaire. The findings indicate several critical areas of vulnerability and a lack of fundamental security controls, suggesting a low level of cybersecurity readiness.

### 2. Organizational Information

*   **Organization Name:** G.A.S. Inc.
*   **Email Domain:** gasinc.net
*   **Website Domain:** www.gasinc.net
*   **External IP (Firewall):** 104.28.1.189
*   **Website Hosting IP:** 104.28.1.189

### 3. Security Questionnaire Review

| Security Control                           | Status | Notes                                                                                                                               |
| :----------------------------------------- | :----- | :----------------------------------------------------------------------------

In [None]:
generated_html = generate_html_from_markdown(response.text)
export_html_to_files(generated_html, "flash_lite_sample2_pdf_markdown.html")

✅ Successfully exported HTML: flash_lite_sample2_pdf_markdown.html


In [47]:
# === SAMPLE 1 ===

#input PDF, output JSON
response = proModel.generate_content(
    contents=[prompt_text, context1_text + "\n" + example_text],
    generation_config={
        'response_mime_type': 'application/json',
        'response_schema': {
            'type':'object',
            'properties': {
                'Overview': {'type': 'string'},
                'Organizational Information': {'type': 'array', 'items': {'type': 'string'}},
                'Security Questionnaire Review': {'type': 'array', 'items': {'type': 'string'}},
                'DNS & Email Security': {'type': 'array', 'items': {'type': 'string'}},
                'Port Scanning Results': {'type': 'array', 'items': {'type': 'string'}},
                'Risk Assessment & Readiness Summary': {'type': 'array', 'items': {'type': 'string'}},
                'Recommendations': {'type': 'array', 'items': {'type': 'string'}},
                'Conclusion': {'type': 'string'},
            },
            'required': ['Overview', 'Organizational Information', 'Security Questionnaire Review', 'DNS & Email Security', 'Port Scanning Results', 'Risk Assessment & Readiness Summary', 'Recommendations', 'Conclusion']
        }
    }
)
print(response.text)

{
  "Overview": "This report provides a cybersecurity readiness assessment for Apex Innovations, based on a security questionnaire and technical scans of their public-facing infrastructure. The findings indicate strong internal security policies, including widespread MFA adoption and security training, coupled with excellent email security configurations. However, the external network perimeter shows open ports for HTTP and HTTPS on the primary external IP, suggesting a web server is directly exposed, which presents a notable area of risk.",
  "Organizational Information": [
    "Organization Name: Apex Innovations",
    "Email Domain: apexinnovations.com",
    "Website Domain: www.apexinnovations.com",
    "External IP / Web Server IP: 72.21.196.160"
  ],
  "Security Questionnaire Review": [
    "MFA for Email: Yes",
    "MFA for Computer Login: Yes",
    "MFA for Sensitive Systems: Yes",
    "Acceptable Use Policy: Yes",
    "New Employee Security Awareness Training: Yes",
    "Annua

In [48]:
response = flashModel.generate_content(
    contents=[prompt_text, context1_text + "\n" + example_text],
    generation_config={
        'response_mime_type': 'application/json',
        'response_schema': {
            'type':'object',
            'properties': {
                'Overview': {'type': 'string'},
                'Organizational Information': {'type': 'array', 'items': {'type': 'string'}},
                'Security Questionnaire Review': {'type': 'array', 'items': {'type': 'string'}},
                'DNS & Email Security': {'type': 'array', 'items': {'type': 'string'}},
                'Port Scanning Results': {'type': 'array', 'items': {'type': 'string'}},
                'Risk Assessment & Readiness Summary': {'type': 'array', 'items': {'type': 'string'}},
                'Recommendations': {'type': 'array', 'items': {'type': 'string'}},
                'Conclusion': {'type': 'string'},
            },
            'required': ['Overview', 'Organizational Information', 'Security Questionnaire Review', 'DNS & Email Security', 'Port Scanning Results', 'Risk Assessment & Readiness Summary', 'Recommendations', 'Conclusion']
        }
    }
)
print(response.text)

{
  "Overview": "This report assesses the cybersecurity readiness of Apex Innovations, analyzing findings from DNS records, email security configurations, external port scans, and a self-reported security questionnaire. The organization demonstrates a strong foundational security posture with robust user authentication, comprehensive email protection, and a well-managed network perimeter, alongside strong policy and training adherence.",
  "Organizational Information": [
    "Organization Name: Apex Innovations",
    "Email Domain: apexinnovations.com",
    "Website Domain: www.apexinnovations.com",
    "External IP (Website/Firewall): 72.21.196.160",
    "DNS Management: apexinnovations.com (based on SOA and NS records)"
  ],
  "Security Questionnaire Review": [
    "MFA for Email: Yes",
    "MFA for Computer Login: Yes",
    "MFA for Sensitive Data Systems: Yes",
    "Employee Acceptable Use Policy: Yes",
    "New Employee Security Awareness Training: Yes",
    "Annual All-Employee S

In [49]:
response = flashLiteModel.generate_content(
    contents=[prompt_text, context1_text + "\n" + example_text],
    generation_config={
        'response_mime_type': 'application/json',
        'response_schema': {
            'type':'object',
            'properties': {
                'Overview': {'type': 'string'},
                'Organizational Information': {'type': 'array', 'items': {'type': 'string'}},
                'Security Questionnaire Review': {'type': 'array', 'items': {'type': 'string'}},
                'DNS & Email Security': {'type': 'array', 'items': {'type': 'string'}},
                'Port Scanning Results': {'type': 'array', 'items': {'type': 'string'}},
                'Risk Assessment & Readiness Summary': {'type': 'array', 'items': {'type': 'string'}},
                'Recommendations': {'type': 'array', 'items': {'type': 'string'}},
                'Conclusion': {'type': 'string'},
            },
            'required': ['Overview', 'Organizational Information', 'Security Questionnaire Review', 'DNS & Email Security', 'Port Scanning Results', 'Risk Assessment & Readiness Summary', 'Recommendations', 'Conclusion']
        }
    }
)
print(response.text)

{
  "Overview": "This report evaluates the cybersecurity posture of Apex Innovations based on technical scans (DNS, DMARC, and port scanning) and a self-reported security questionnaire. The findings indicate a strong implementation of foundational security controls, particularly concerning authentication, email security, and staff awareness.",
  "Organizational Information": [
    "Organization Name: Apex Innovations",
    "Email Domain: apexinnovations.com",
    "Website Domain: www.apexinnovations.com",
    "External IP (Firewall): 72.21.196.160",
    "Website Hosting IP: 72.21.196.160"
  ],
  "Security Questionnaire Review": [
    "MFA for Email: Yes",
    "MFA for Computer Login: Yes",
    "MFA for Sensitive Data Systems: Yes",
    "Acceptable Use Policy: Yes",
    "New Employee Security Awareness Training: Yes",
    "Annual All-Employee Security Training: Yes",
    "Summary: Apex Innovations reports a high level of security maturity, with mandatory MFA across critical systems and 

In [51]:
# === SAMPLE 2 ===

#input PDF, output JSON
response = proModel.generate_content(
    contents=[prompt_text, context2_text + "\n" + example_text],
    generation_config={
        'response_mime_type': 'application/json',
        'response_schema': {
            'type':'object',
            'properties': {
                'Overview': {'type': 'string'},
                'Organizational Information': {'type': 'array', 'items': {'type': 'string'}},
                'Security Questionnaire Review': {'type': 'array', 'items': {'type': 'string'}},
                'DNS & Email Security': {'type': 'array', 'items': {'type': 'string'}},
                'Port Scanning Results': {'type': 'array', 'items': {'type': 'string'}},
                'Risk Assessment & Readiness Summary': {'type': 'array', 'items': {'type': 'string'}},
                'Recommendations': {'type': 'array', 'items': {'type': 'string'}},
                'Conclusion': {'type': 'string'},
            },
            'required': ['Overview', 'Organizational Information', 'Security Questionnaire Review', 'DNS & Email Security', 'Port Scanning Results', 'Risk Assessment & Readiness Summary', 'Recommendations', 'Conclusion']
        }
    }
)
print(response.text)

{
  "Overview": "This report assesses the cybersecurity readiness of G.A.S. Inc. based on a security questionnaire and external network scans. The assessment reveals critical deficiencies in fundamental security controls, including user authentication, email security, network perimeter defense, and employee security awareness. The organization currently has a very high-risk security posture and requires immediate action to mitigate significant vulnerabilities.",
  "Organizational Information": [
    "Organization Name: G.A.S. Inc.",
    "Email Domain: gasinc.net",
    "Website Domain: www.gasinc.net",
    "External IP: 104.28.1.189"
  ],
  "Security Questionnaire Review": [
    "MFA for Email: No - CRITICAL RISK. Lack of MFA on email exposes the organization to business email compromise and phishing attacks.",
    "MFA for Computer Login: No - CRITICAL RISK. This significantly increases the risk of unauthorized access to endpoints and internal network resources.",
    "MFA for Sensitiv

In [52]:
response = flashModel.generate_content(
    contents=[prompt_text, context2_text + "\n" + example_text],
    generation_config={
        'response_mime_type': 'application/json',
        'response_schema': {
            'type':'object',
            'properties': {
                'Overview': {'type': 'string'},
                'Organizational Information': {'type': 'array', 'items': {'type': 'string'}},
                'Security Questionnaire Review': {'type': 'array', 'items': {'type': 'string'}},
                'DNS & Email Security': {'type': 'array', 'items': {'type': 'string'}},
                'Port Scanning Results': {'type': 'array', 'items': {'type': 'string'}},
                'Risk Assessment & Readiness Summary': {'type': 'array', 'items': {'type': 'string'}},
                'Recommendations': {'type': 'array', 'items': {'type': 'string'}},
                'Conclusion': {'type': 'string'},
            },
            'required': ['Overview', 'Organizational Information', 'Security Questionnaire Review', 'DNS & Email Security', 'Port Scanning Results', 'Risk Assessment & Readiness Summary', 'Recommendations', 'Conclusion']
        }
    }
)
print(response.text)

{
"Overview": "This report evaluates the cybersecurity posture of G.A.S. Inc. based on technical scans (DNS, DMARC, and port scanning) and a self-reported security questionnaire. The findings indicate several critical vulnerabilities and a general lack of foundational cybersecurity practices, posing a significant risk to the organization's data and operations.",
"Organizational Information": [
"Organization Name: G.A.S. Inc.",
"Email Domain: gasinc.net",
"Website Domain: www.gasinc.net",
"External IP: 104.28.1.189"
],
"Security Questionnaire Review": [
"MFA for Email Access: No (Critical Weakness - Leaves email accounts vulnerable to credential theft)",
"MFA for Computer Login: No (Critical Weakness - Increases risk of unauthorized access to internal systems)",
"MFA for Sensitive Data Systems: Yes (Strength - Essential for protecting high-value assets)",
"Employee Acceptable Use Policy: No (Major Weakness - Lack of clear guidelines for employee behavior)",
"New Employee Security Awaren

In [53]:
response = flashLiteModel.generate_content(
    contents=[prompt_text, context2_text + "\n" + example_text],
    generation_config={
        'response_mime_type': 'application/json',
        'response_schema': {
            'type':'object',
            'properties': {
                'Overview': {'type': 'string'},
                'Organizational Information': {'type': 'array', 'items': {'type': 'string'}},
                'Security Questionnaire Review': {'type': 'array', 'items': {'type': 'string'}},
                'DNS & Email Security': {'type': 'array', 'items': {'type': 'string'}},
                'Port Scanning Results': {'type': 'array', 'items': {'type': 'string'}},
                'Risk Assessment & Readiness Summary': {'type': 'array', 'items': {'type': 'string'}},
                'Recommendations': {'type': 'array', 'items': {'type': 'string'}},
                'Conclusion': {'type': 'string'},
            },
            'required': ['Overview', 'Organizational Information', 'Security Questionnaire Review', 'DNS & Email Security', 'Port Scanning Results', 'Risk Assessment & Readiness Summary', 'Recommendations', 'Conclusion']
        }
    }
)
print(response.text)

{
  "Overview": "This report assesses the cybersecurity readiness of G.A.S. Inc. based on provided DNS, port scanning, and security questionnaire data. The findings highlight areas of strength and areas requiring immediate attention to improve the organization's overall security posture.",
  "Organizational Information": [
    "Organization Name: G.A.S. Inc.",
    "Email Domain: gasinc.net",
    "Website Domain: www.gasinc.net",
    "External IP Address (Firewall): 104.28.1.189"
  ],
  "Security Questionnaire Review": [
    "MFA for Email: No",
    "MFA for Computer Login: No",
    "MFA for Sensitive Data Systems: Yes",
    "Acceptable Use Policy: No",
    "Security Awareness Training (New Employees): No",
    "Security Awareness Training (Annual): No",
    "Summary: The organization lacks fundamental security controls such as MFA for email and computer logins, an acceptable use policy, and regular security awareness training for employees. This presents significant risks related to ac

### Summary

Score 1-3 from least to greatest generation quality.
| Input | Output | 2.5 Pro | 2.5 Flash | 2.5 Flash Lite |
| :--: | :--: | :--: | :--: | :--: |
| Markdown | Markdown | 1 | 1 | 2 |
| Markdown | JSON | 3 | 3 | 1 |
| PDF | Markdown | 2 | 2 | 1 |
| PDF | JSON | 3 | 3 | 2 |

### Notes:
#### Markdown/Markdown:
- Pro Markdown Markdown: Sample 1 did not generate the cybersecurity team at the end. Headers were not easy to read as the font size was similar to the other paragraph text. Sample 2 had some text not indented into separate newlines.
- Flash Markdown Markdown: Sample 1 had more text not properly moved into separate newlines. Headers were also not easy to read. Table text was center aligned and harder to read at a glance. Sample 2 had similar issues.
- Flash Lite Markdown Markdown: Sample 1 had text not properly moved into separate newlines and bullet-pointed lists not rendering due to the newline issue. Though, the tables wer left-aligned and easier to understand than the Flash model's output. Sample 2 in particular had better results than the Flash and maybe even the Pro model.
- Overall, did not perform as consistent as I would have liked. Markdown being used as both the input and output lead to inconsistencies in the styling.

#### Markdown/JSON:
- Pro Markdown JSON: For the bare bone minimum text per header, JSON works quite effectively. The Pro model in particular was able to hit home all of the points. It would only lose points on styling, as with this method, the styling would be handed over to frontend rather than being handled by the backend (which, if communicated effectively, would not be an issue).
- Flash Markdown JSON: Similar to the Pro model, the JSON output works effectively to generate only the headers of information we provide.
- Flash Lite Markdown JSON: For some reason, Sample 1 was able to generate the emojis. However, it also generated some of the Markdown text which was not expected. Lost points on mixing up the output formatting.
- Overall, performed as consistent as I expected- the Pro and Flash models in particular. If we choose to have the frontend capture most of the formatting of the PDF, then we will be able to use the JSON output.

#### PDF/Markdown:
- Pro PDF Markdown: Sample 1 was not able to move some of the text properly into separate newlines, leading to breaks in the bullet-pointed formatting. Similarly, Sample 2 had breaks in the numbered list for Recommendations. However, it was able to come up with creative emokis and formatted the tables in a way that was easy to understand at a glance.
- Flash PDF Markdown: Sample 1 also had some breaks in the bullet-pointed format. Sample 2 however, had more tables and was easy-to-read at a glance. Both had emojis like the Pro model's output but limited to checks and x's.
- Flash Lite PDF Markdown: Sample 1 did not have a proper header for the report and most of the paragraphs were not indented correctly into new, bullet-pointed lines. Sample 2 however, was able to generate successfully without any errors in the response. The only potential issue was lack of emoji's to simplify information and have it easier to see at a glance.
- Overall, the PDF input was able to get more context to the model as compared to the Markdown/Markdown reports, but the Markdown output was still leading to inconsistencies in the styling.

### PDF/JSON:
- Pro PDF JSON: Best of the three models due to it's extensive information, even putting the potential risk for Sample 1. Sample 2 had capital letters with URGENT on the recommendations which was extremely helpful.
- Flash PDF JSON: Included strange spacing in the beginning for a couple of the string values trying to mimic the bullet-pointed format. Not sure if we like those.
- Flash Lite PDF JSON: Not the best but still performed well compared to other input/output tests.
- Overall, the PDF input and JSON output performed the highest compared to all other report types. The PDF input provided enough context to the model and JSON has the most consistent output. Similar with the other JSON output, if we choose to have the JSON output we have to have frontend capture most if not all of the formatting for the PDF. We will go with the Flash as the free tier rate limits are much lower and easier to manage than the Pro.