Industry

60 Days, 8 Ecosystem Integrations — How an Open Standard Spreads

ATR ResearchMay 11, 20267 min

From v0.1.0 on 2026-03-08 to v2.1.1 with 8 production integrations and standards-body conversations on 2026-05-11. The mechanics behind ecosystem pull.

ATR v0.1.0 published 2026-03-08. ATR v2.1.1 with 336 rules, 8 ecosystem integrations, and standards-body engagement is where we sit on 2026-05-11. Sixty-four days. This is the mechanics, not a victory lap.

Production Deployments (Verified Merged)

These are merged PRs, in production, in third-party repos:

●Microsoft Agent Governance Toolkit — PR #908 merged 2026-04-13 (initial 15 rules), then PR #1277 (287 rules + weekly auto-sync workflow). Microsoft's pipeline now pulls ATR updates on a weekly cadence.
●Cisco AI Defense skill-scanner — PR #79 merged 2026-04-03 (34 rules), then PR #99 (full 336-rule pack). Two consecutive merges in the same repo.
●precize/Agentic-AI-Top10-Vulnerability — PR #14 merged 2026-03-30. Third-party OWASP Agentic mapping repository, providing the rule-to-OWASP-ASI cross-reference layer.

Active Integration PRs in Review

Open and in active dialogue with maintainers:

●NVIDIA Garak — PR #1676 (ATR plugin for Garak's probe framework)
●Gen Digital Sage — PR #33 (Norton/Avast parent company; AI agent security analyzer)
●IBM mcp-context-forge — PR #4109

Standards and Infrastructure

Where standards bodies and threat-intel infrastructure intersect:

●MISP taxonomies — PR #323 merged 2026-05-10. ATR rule IDs now part of MISP's vocabulary, giving threat-intel sharing a layer for AI-agent attack patterns.
●NIST OSCAL Team — open thread on usnistgov/OSCAL#2234 and follow-up email engagement. We shipped an OSCAL AI RMF catalog at Agent-Threat-Rule/ai-rmf-oscal-catalog covering 72 controls across all four AI RMF functions.
●NCCoE Community of Interest — confirmed 2026-05-09.
●OWASP Top 10 Agentic 2026 — 10/10 ASI mapped, 377 rule-to-ASI mappings across 336 rules.

Why an Open Standard Spread Fast

Five mechanical reasons, no charisma involved:

1. MIT licence — no procurement conversation needed. Engineers integrate first, lawyers review later.

2. Deterministic rule format — YAML + condition tree, schema-validated. Reviewers can read a rule in 30 seconds and understand the matcher.

3. Real production validation data — 96K-skill scan, 432-benign FP corpus, Garak recall. Maintainers don't have to take our word.

4. Low integration friction — language-agnostic, one repo to vendor, regex + condition primitives. Integration PRs land in a single file change.

5. Zero vendor strings — no telemetry, no SaaS dependency, no licence trap.

Three Lessons

The format is the moat. Not the rule count. The fact that the format is deterministic, schema-validated, MIT, and easy to vendor is what made 8 integrations possible in 60 days.

Production validation beats benchmarks. Maintainers ask "does this fire on real data" before they look at recall %. The 96K-Skill scan answered that before the conversation started.

Community visibility creates pull. We did not pitch most of these integrations. They were filed as PRs after the integrator found us through OWASP mapping, MISP, or NVIDIA Garak. The standard pulls itself once visible in the right places.

Day 64. Day 377 is the interesting milestone.

Microsoft PR #1277 · Cisco PR #99 · MISP PR #323 · OSCAL catalog