Integrate

Four paths. Same destination.

100 rules, ready to integrate. The same path Cisco walked.

TypeScript / Node.js

$ npm install agent-threat-rules

import { createEngine } from 'agent-threat-rules';

const engine = createEngine();
const verdict = engine.evaluate({
  type: 'llm_input',
  content: userMessage,
  timestamp: new Date().toISOString(),
});

if (verdict.outcome === 'deny') {
  // Block the request
}

Python (pyATR)

Docs →

$ cd python && pip install -e .

from atr import ATREngine

engine = ATREngine()
result = engine.evaluate(event={
    "type": "llm_input",
    "content": user_message,
})

if result.outcome == "deny":
    # Block the request

Raw YAML (any language)

Docs →

$ git submodule add https://github.com/Agent-Threat-Rule/agent-threat-rules.git

# Point your scanner at rules/ directory
# Each .yaml file follows ATR schema v1.0
# Parse with any YAML library
# Schema: spec/atr-schema.yaml

rules/
  prompt-injection/    # 22 rules
  tool-poisoning/      # 11 rules
  agent-manipulation/  # 10 rules
  ...

SIEM Integration

Docs →

$ atr convert splunk --output splunk-queries.txt

# Convert ATR rules to SIEM query language
atr convert splunk    # Output SPL queries
atr convert elastic   # Output Elasticsearch Query DSL
atr convert sarif     # Output SARIF v2.1.0 for CI/CD

Schema Stability Guarantee

If you depend on ATR as upstream, you need to know the format won't break. Here's our commitment:

ATR Schema v1.0 (current)

Published and stable. All new fields are optional additions. No existing field will be removed or renamed without a major version bump.

Backward Compatibility

Breaking changes only happen on major version transitions (v1 → v2). We provide migration guides and a minimum 6-month overlap period where both versions are supported.

Update Frequency

New rules are added continuously (avg 2-5 per week during active periods). Every rule passes CI validation + precision test before merge. Subscribe to GitHub Releases for changelogs.

Sync Methods

git submodule — pin to tag, update on your schedule
npm install — semver, lockfile controls version
GitHub Action— CI scans with latest rules automatically

Why ATR Instead of Writing Your Own?

Coverage

100 rules, 13 CVEs mapped, OWASP 10/10

You start from zero

New attack response

< 1 hour via Threat Cloud crystallization

Depends on your team's bandwidth

Evasion testing

64 documented evasion techniques, tested on every PR

You probably won't test this

OWASP / MITRE mapping

Pre-built. 10/10 Agentic + MITRE ATLAS per rule

Hours of manual mapping work

Maintenance

Community-maintained. MIT. Zero cost.

Full-time security engineer workload

Ecosystem

Cisco, OWASP, OpenSSF already consuming

Isolated. No shared intelligence.

ATRInternal Rules

License & Legal

MIT License

Use commercially, modify, distribute, sublicense. No restrictions.

No CLA

No Contributor License Agreement. Contributions are MIT-licensed and belong to the community.

Vendor Neutral

ATR is not owned by any company. It is a community-governed open standard.

Case Study: How Cisco Did It

ATR rules merged

1,272

lines added to Cisco AI Defense

3 days

from PR submission to merge

Cisco's DefenseClaw team integrated ATR rules as an upstream dependency. Their engineer submitted PR #79, we reviewed it, and it merged in 3 days. They then built a --rule-packs CLI feature (PR #80) specifically to consume ATR as a first-class rule source.

PR #79: Rules integration →PR #80: Rule-packs CLI →