SALES-LED PLANS · FULL SPECIFICATION
Enterprise, Migrator Pro & Sovereign
The full specification for regulated production agents, living signed compliance evidence, nation-scale airgap deployment, and vendor OEM licensing. All pricing is sales-led.
ENTERPRISE — FULL SPECIFICATION
Three core modules plus included platform infrastructure
The full content covered by the Enterprise plan. Each core module stands on its own; platform infrastructure is bundled with the contract.
Module 1 · Migrator Pro
Bridge two decades of accumulated SOC detection IP into AI agent defense rules — automatically.
Banks, hospitals, and semiconductor SOCs have built up large libraries of Sigma, YARA, Snort, Splunk queries, and CVE mappings. These rules don't directly catch prompt injection or tool poisoning, but the attack knowledge underneath still applies — SQL injection didn't vanish, it moved into tool calls; command injection didn't vanish, it changed substrate.
Migrator Pro converts 15 source formats into ATR behavioral rules automatically, with a compliance evidence pack ready for auditors.
Supported source formats (15 total)
Capabilities included
- Joint LLM and human refinement at the quality level of Cisco-merged PRs
- Auto-mapping to five compliance frameworks: EU AI Act, NIST AI RMF, ISO/IEC 42001, OWASP Agentic, OWASP LLM Top 10
- Audit evidence packs signed with SHA-256 and Merkle tree
- 6-tab Web Dashboard with on-prem deployment
- Customer-contributed rules can flow back upstream into ATR and be adopted by Cisco, Microsoft, and other downstream vendors
Module 2 · AI Compliance Audit Evidence Module
Produce compliance evidence auditors can use directly — a capability Vanta and Drata cannot architecturally deliver.
Each detection event is mapped to a specific ATR rule ID and threaded across articles in six frameworks: EU AI Act, Colorado AI Act, NIST AI RMF, ISO/IEC 42001, OWASP Agentic Top 10, and OWASP LLM Top 10. Reports are delivered in PDF and JSON, signed with SHA-256 and Merkle tree.
Why Vanta and Drata cannot do this: they have no in-house detection engine, and they do not own ATR as the detection layer underneath. Lakera and Apono lack the full stack. PanGuard is the only product today that threads detection event → ATR rule → compliance article as a single audit-ready artefact.
Shipped capabilities
- NIST AI RMF 100% rule coverage (1,566 mappings, shipped in ATR v2.1.0)
- EU AI Act Articles 9, 12, 14, 15, and 50 auto-mapped
- Quarterly compliance reports threading detection event → ATR rule ID → 6-framework articles
- Tamper-evident PDF + JSON outputs signed with SHA-256 and Merkle tree
Module 3 · Direct line to the ATR standards maintainer
Customers don't passively adopt the standard — they participate in shaping ATR's roadmap.
Customers receive draft rules 30 days before public release, allowing internal deployment testing before attacks become public. Rules refined inside Migrator can also be sent back upstream — once merged into ATR, those rules ship across the ecosystem to Cisco AI Defense, Microsoft AGT, and others, effectively distributing your detection IP across the industry.
What the relationship includes
- Early access to draft rules 30 days before public release
- Upstream contribution path: customer rules can be adopted by Cisco, Microsoft, and other downstream vendors
- Priority rule update SLA within 4 hours (Community SLA is within 24 hours)
- Roadmap vote and quarterly executive review
Platform infrastructure (included)
SOVEREIGN AI NATIONAL REFERENCE
Reference deployment for sovereign AI nations
Every democracy is building sovereign AI models and compute, yet the security layer is still rented from US-private vendors. ATR, Migrator, and the Compliance module together form the open-standard answer to that gap.
Path 1 · Standards Reference
A national-level body (digital ministry, NCSC, AI safety agency) publicly cites ATR as the country's reference framework for AI agent security.
We list the country as an ecosystem reference on the sovereign-ai-defense page. Estimated time to commit: 1–2 weeks.
Path 2 · Technical Co-eval
The national red team runs its own adversarial corpus against ATR's full 747-rule library. We provide the detection engine, Migrator tooling, and full failure-case disclosure.
Output is an independent third-party validation report. All testing artifacts remain with the nation. Zero cost on both sides over a 90-day cycle.
Path 3 · Commercial Reference Deployment
Nation-scale reference deployment: full ATR, Migrator Pro, Compliance Module, Threat Cloud, in-region deployment, and custom rule packs.
Delivery is handled by a certified regional enterprise vendor partner, with PanGuard as the upstream ATR standards maintainer. The structure follows the Linux Foundation national-contract and Red Hat federal-contract precedent.
Why nations adopt this
Sovereign AI rests on three pillars: sovereign model, sovereign compute, and sovereign detection knowledge.
Nations have already invested billions building the first two in-house. The third is still rented from US-private vendors — exactly the dependency that sovereign AI programs were designed to eliminate.
Migrator bridges decades of a nation's accumulated SOC detection IP (Sigma, YARA, Snort, SCADA, and others) into the AI agent era — letting the nation keep sovereignty over its detection knowledge, with no rewriting and no rental from foreign vendors.
Full Sovereign AI Defense briefVENDOR OEM LICENSE
Ship ATR Pro Rule Pack inside your AI security product
Cisco AI Defense ships the full 747-rule ATR pack. Microsoft AGT ships 287 rules with weekly auto-sync. NVIDIA garak integration is in flight. For vendors who need the Cisco-merge-PR-quality enriched version — early access to draft rules, five-framework compliance metadata, white-label deployment — the OEM tier is purpose-built for that scenario.
OEM Use License
For vendors at the scale of Cisco, Microsoft, NVIDIA, or Gen Digital, embedding the enriched Pro Rule Pack inside their own product.
Includes early access to draft rules, five-framework compliance metadata, white-label deployment, custom attack classes, and ATR roadmap voting rights.
Strategic Partnership Terms
Reserved for vendors pursuing long-term ecosystem integration with ATR.
Negotiable terms include M&A right of first refusal, joint GTM, engineering collaboration, and an ATR Foundation governance seat.
SAMPLE AUDIT REPORT
What a Compliance Evidence report looks like
Below is an excerpt from the quarterly compliance evidence report Enterprise customers receive. Each detection is mapped to an ATR rule ID and threaded through specific articles in EU AI Act, NIST AI RMF, ISO/IEC 42001, and other frameworks — ready to submit directly to auditors.
Quarterly report excerpt
Q2 2026 Detection Evidence Report · Acme Corp ────────────────────────────────────────────── Total events intercepted by PanGuard Guard: 1,847 Mapping by compliance framework ────────────────────────────────────────────── EU AI Act Article 12 (logging requirement): 612 events └─ Primary rules: ATR-2026-00001, ATR-2026-00121, ATR-2026-00149 └─ Retention: 7-year audit log archive (Enterprise) NIST AI RMF Govern.1.1 (risk management): 488 events └─ Primary rules: ATR-2026-00080..00096 └─ Confidence: ≥0.90 across all flagged events ISO/IEC 42001 clause 6.2 (risk treatment): 347 events └─ Primary rules: ATR-2026-00040, ATR-2026-00099 Colorado AI Act SB24-205 (disclosure): 44 events OWASP Agentic Top 10 (ASI-01..10): 356 events (consolidated) OWASP LLM Top 10:2025 (LLM01..10): 289 events (consolidated) Auditor-ready artefacts ────────────────────────────────────────────── ✓ PDF report (signed, hash-verified) ✓ JSON export for SIEM ingestion ✓ Per-article evidence bundle ✓ ATR rule provenance chain
ATR STANDARDS ORGANIZATION
Open standard, independent governance, certification program
ATR is an MIT-licensed open detection protocol with governance independent of PanGuard. Anyone, any product, can use it freely. Skill certification is run by community reviewers at no cost (MITRE ATT&CK model). The only paid surface is Enterprise Membership — modeled on the Apache Software Foundation Platinum Sponsor pattern.
ATR Certified Skill
community-run review
Skill authors submit a PR free of charge to the ATR repo. Community volunteer reviewers audit transparently (MITRE ATT&CK / Let's Encrypt model). Certified skills get the badge, ATR registry listing, and PanGuard Community whitelist. PanGuard does not charge and does not decide outcomes — authority lives in transparency, not paywalls.
Submit on ATR GitHubATR Enterprise Member
annual membership
Logo on ATR registry · governance vote · priority PR review · early draft rule access · seat in annual roadmap meeting. Modeled on MITRE Engenuity and ISO working-group pattern.
Apply for membership