標準覆蓋

ATR 對應每個主要的 AI 安全框架。

從「理解威脅」直接到「偵測威脅」,不用從零寫規則。

OWASP Agentic
10/10
SAFE-MCP
78/85 (91.8%)
OWASP AST10
7/10
PINT F1
0

OWASP Agentic Top 10

10/10 categories covered.

ASI01
Agent Goal Hijack
13
STRONG
ASI02
Tool Misuse & Exploitation
11
STRONG
ASI03
Identity & Privilege Abuse
9
STRONG
ASI04
Agentic Supply Chain Vulnerabilities
8
STRONG
ASI05
Unexpected Code Execution / RCE
8
STRONG
ASI06
Memory & Context Poisoning
8
STRONG
ASI07
Insecure Inter-Agent Communication
5
MODERATE
ASI08
Cascading Failures
4
MODERATE
ASI09
Human-Agent Trust Exploitation
5
MODERATE
ASI10
Rogue Agents
7
MODERATE

OWASP Agentic Skills Top 10 (AST10)

8/10 categories with rule coverage. 3 categories are process/meta-level (not pattern-detectable).

AST01
Malicious Skills
7
STRONG
AST02
Supply Chain Compromise
8
STRONG
AST03
Over-Privileged Skills
4
MODERATE
AST04
Insecure Metadata
3
MODERATE
AST05
Unsafe Deserialization
3
MODERATE
AST06
Weak Isolation
3
PARTIAL
AST07
Update Drift
2
PARTIAL
AST08
Poor Scanning
0
GAP (meta-concern)
AST09
No Governance
0
GAP (process-level)
AST10
Cross-Platform Reuse
1
PARTIAL

SAFE-MCP (OpenSSF)

78 of 85 techniques covered (91.8%).

View full SAFE-MCP mapping on GitHub →

MITRE ATLAS

Per-rule MITRE ATLAS references in each rule YAML. Grouped by tactic in the rule explorer.

Browse rules with MITRE mappings →