Skip to main content

MITRE ATLAS

ScopeAI threat matrix (extends ATT&CK)
Use ForAttack mapping, threat modeling
Linkatlas.mitre.org

MITRE ATLAS (Adversarial Threat Landscape for AI Systems) extends the ATT&CK framework into the AI/ML domain, providing a structured knowledge base of adversarial tactics, techniques, and case studies specific to machine learning systems. For security teams already using ATT&CK for traditional threat modeling and detection engineering, ATLAS provides a natural extension that covers the AI attack surface using the same familiar matrix structure. The framework is built from real-world case studies and academic research, grounding each technique in demonstrated adversarial behavior rather than theoretical risk. ATLAS bridges the gap between the ML research community (which publishes attack papers) and the security operations community (which needs actionable threat intelligence). Combined with OWASP taxonomies for vulnerability classification and F.O.R.G.E. for technique-level engagement planning, ATLAS provides the strategic threat modeling layer that maps how adversaries move through AI systems.

Key Components

  • Tactic categories follow the ATT&CK structure with AI-specific additions: ML Model Access, ML Attack Staging, and techniques for reconnaissance, initial access, execution, persistence, and exfiltration as they apply to AI systems.
  • Case studies document real-world AI attacks including adversarial examples against production systems, training data poisoning incidents, and model extraction campaigns, providing evidence-based threat intelligence.
  • ML Supply Chain techniques map the attack surface across model registries, training pipelines, data sources, and serving infrastructure, covering the full lifecycle from data collection to production inference.
  • Evade ML Model techniques catalog methods for crafting inputs that cause misclassification, bypass detection, or degrade model performance, with documented effectiveness against specific model architectures.
  • The navigator tool provides an interactive matrix visualization for mapping coverage, planning red team assessments, and communicating findings using the same visual language as ATT&CK navigator, enabling consistent reporting across traditional and AI security assessments.