ATR Framework Crosswalks
ATR does not replace policy frameworks. It is the executable detection layer that operationalizes them at scan time — Sigma is to ATT&CK what ATR is to ATLAS. Published mappings below.
NIST AI RMF, ISO 42001, OWASP Top 10, EU AI Act Art. 15.
421 rules with deterministic YAML detectors and reproducible test cases.
Mapping Inventory
Each mapping has a .md or structured artifact in the ATR repo
OWASP Agentic Top 10 (2026)
77 rule-to-category mappings; every Agentic Top 10 category has at least 4 ATR rules detecting it.
Full mappingOWASP LLM Top 10 (2025)
Per-rule compliance.owasp_llm field; LLM01 prompt injection has the heaviest coverage.
Full mappingMITRE ATLAS
ATR is to ATLAS what Sigma is to ATT&CK — the executable layer for ATLAS adversarial TTPs.
NIST AI RMF (AI 100-1 + GenAI Profile 600-1)
Community OSCAL catalog v0.3 published 2026-05-10, covering all four AI RMF functions (Govern/Map/Measure/Manage). Acceptance email received 2026-05-11.
Full mappingISO/IEC 42001 (AI Management System)
Per-rule compliance.iso_iec_42001 field maps detections to specific Annex A clauses. Useful for AIMS certification audit evidence.
EU AI Act
Detections aligned with Art. 15 obligations for high-risk AI systems. Submission filed to EU AI Office Have-Your-Say (deadline 2026-06-03).
SAFE-MCP (OpenSSF)
Highest coverage of MCP-specific attack patterns. Detailed mapping in SAFE-MCP-MAPPING.md.
Full mappingFive Eyes Joint Guidance (CISA / NSA / NCSC / ASD / CCCS / NZ NCSC)
Joint guidance published 2026-05-01 calls for runtime detection of known attack patterns; ATR is the open MIT-licensed detection layer the guidance requires.
Full mappingCISA KEV Catalog
Auto-sync from CISA KEV ingests new entries within 24 hours. CVE-2026-42208 (LiteLLM SQL injection, CVSS 9.3) detected by ATR-2026-00451.
Adoption guidance
If your organization follows NIST AI RMF, ISO 42001, or EU AI Act, ATR rule findings can be submitted as audit evidence — each rule’s compliance field maps to specific clauses.