You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello. I maintain Agent Threat Rules (ATR), an open MIT-licensed detection ruleset for AI agent attacks: over 640 machine-readable rules across 10 attack categories, each already cross-referenced to OWASP Agentic and LLM, MITRE ATLAS, NIST AI RMF, EU AI Act, and ISO 42001.
I would like to explore expressing these AI-agent threats as a Gemara threat catalogue, and I want to get the modeling right before proposing anything substantial.
Two questions:
capabilities is required on a Threat. For agent-attack threats (for example tool-response injection, or cross-agent privilege escalation), what granularity do you intend for capabilities? The Capability Profiles work in [Question] Should we support Capability Profiles? #419 looks directly related. Is there guidance or an example I should follow so a catalogue fits that direction?
Would a small slice of 5 to 10 threats be the right way to validate the modeling first, before a fuller catalogue?
Happy to follow the ADR process. I am not looking to drop a full catalogue; I would rather align on the model first.
Hello. I maintain Agent Threat Rules (ATR), an open MIT-licensed detection ruleset for AI agent attacks: over 640 machine-readable rules across 10 attack categories, each already cross-referenced to OWASP Agentic and LLM, MITRE ATLAS, NIST AI RMF, EU AI Act, and ISO 42001.
I would like to explore expressing these AI-agent threats as a Gemara threat catalogue, and I want to get the modeling right before proposing anything substantial.
Two questions:
capabilitiesis required on a Threat. For agent-attack threats (for example tool-response injection, or cross-agent privilege escalation), what granularity do you intend for capabilities? The Capability Profiles work in [Question] Should we support Capability Profiles? #419 looks directly related. Is there guidance or an example I should follow so a catalogue fits that direction?Would a small slice of 5 to 10 threats be the right way to validate the modeling first, before a fuller catalogue?
Happy to follow the ADR process. I am not looking to drop a full catalogue; I would rather align on the model first.