Skip to content

Modeling AI-agent threats as a Gemara threat catalogue: capability granularity and a small slice to validate #422

Description

@eeee2345

Hello. I maintain Agent Threat Rules (ATR), an open MIT-licensed detection ruleset for AI agent attacks: over 640 machine-readable rules across 10 attack categories, each already cross-referenced to OWASP Agentic and LLM, MITRE ATLAS, NIST AI RMF, EU AI Act, and ISO 42001.

I would like to explore expressing these AI-agent threats as a Gemara threat catalogue, and I want to get the modeling right before proposing anything substantial.

Two questions:

  1. capabilities is required on a Threat. For agent-attack threats (for example tool-response injection, or cross-agent privilege escalation), what granularity do you intend for capabilities? The Capability Profiles work in [Question] Should we support Capability Profiles? #419 looks directly related. Is there guidance or an example I should follow so a catalogue fits that direction?

  2. Would a small slice of 5 to 10 threats be the right way to validate the modeling first, before a fuller catalogue?

Happy to follow the ADR process. I am not looking to drop a full catalogue; I would rather align on the model first.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions