Skip to content

Citation

Citation

A standard becomes infrastructure the day other people's work can point at it and not have it move. ATR is built to be cited — by a paper, a CVE record, a CI script — through identifiers that never change after publication and a DOI that outlives any URL. The formats below are how you reference it.

Working Draft·version 3.5.6·updated 16 June 2026·canonical /spec·editor Adam Lin

When to cite ATR

URLs move, projects get renamed, pages 404. A citation pins something that changes into an anchor that does not — so in the following contexts, cite this specification rather than only linking to a URL. The cited version should be the latest version published on /spec at the time of writing, and the citation should include that version number (e.g. v3.5.0). The version moves forward, but the version you cited remains reachable.

  • Academic publications. Conference papers, journal articles, theses that reference the ATR rule format, an ATR engine, ATR benchmark results, or use ATR as a baseline for comparison.
  • Security research and technical reports. External reports that reuse ATR rules, cite ATR coverage figures, or reference specific threats by their ATR-YYYY-NNNNN identifier in threat-intelligence documents.
  • Institutional documentation. Standards-body publications, research-institute white papers, and government recommendations that list ATR as a reference standard or interoperability format.
  • Sovereign-AI compliance and conformance filings. AI risk-management and agent-security filings submitted to regulators that cite ATR as the basis for the detection-rule layer, or declare an organization's ATR integration level by L1 / L2 / L3 conformance.

Citation Formats

The AI-agent attack surface does not respect disciplinary lines — the engineer writing a paper, the analyst writing a policy white paper, the officer filing for compliance are all describing the same layer of threat. So the same standard has to read cleanly across four citation traditions. The four formats below map to four of them: BibTeX is native to LaTeX; APA is the social-sciences standard; IEEE is the engineering standard; Chicago is common in the humanities. Select the one your target journal or institution requires — each points back to the same specification, the same DOI.

@misc{atr2026,
  title  = {ATR: Agent Threat Rules — Open Detection Standard for AI Agent Threats},
  author = {Lin, Kuan-Hsin and {ATR Community}},
  year   = {2026},
  version = {3.5.6},
  doi    = {10.5281/zenodo.19178002},
  url    = {https://agentthreatrule.org/spec},
  note   = {MIT license}
}

DOI: 10.5281/zenodo.19178002

Related Identifiers

A standard has many doors facing the world, but only one anchor. The identifiers below point to equivalent or derived distributions of this specification. The DOI is the anchor — the normative anchor for academic citation, pointing at a snapshot that never changes even as every npm version and every GitHub branch keeps moving. The rest (GitHub, npm, PyPI, Zenodo, canonical URL) are distribution forms for implementers — scaffolding around the anchor, not the anchor itself.

The normative anchor for citation is the DOI. Zenodo holds an immutable snapshot per release; the GitHub repository tracks ongoing evolution; the npm and PyPI packages are distribution artifacts used by implementers. Below the specification, at the level of a single rule, threats are referenced by CVE / CWE-style ATR-YYYY-NNNNN identifiers — the ID never changes after publication; the rule's content may be revised, but the identifier stays stable, so a paper, a threat-intel feed, or a CI script can safely reference one specific rule rather than the whole standard. A stable identifier is the precondition for a standard to be depended on as infrastructure.


Editor: Adam Lin <[email protected]> — DOI 10.5281/zenodo.19178002 — MIT License — ISO 8601 2026-06-16