6 frameworks. Every rule mapped.
Every regulation says the same thing: you must manage AI agent risk. None of them say how to prove it on a real artifact. Each of ATR's 655 rules carries six framework mappings — OWASP LLM, OWASP Agentic, MITRE ATLAS, NIST AI RMF, EU AI Act, and ISO 42001 — with validity and 100% coverage enforced in CI. Each obligation thus connects to a detection that runs on a SKILL.md file, an MCP tool description, an agent config. SAFE-MCP is mapped at the technique level (78/85). All metadata is MIT-licensed, downloadable, and auditable.
A compliance officer cannot submit a URL as procurement evidence. Download the structured compliance mapping package (PDF + JSON): per-rule framework mappings, a rule ID index, a quality-score summary. Because it is an open standard, a reviewer does not have to trust ATR — they can verify every mapping themselves.
All mappings are ATR's own crosswalk documents, not endorsements by the named bodies.
All 655 rules carry an OWASP LLM Top 10 (2025) reference.
All 655 rules carry an OWASP Agentic Top 10 reference; all 10 ASI risk categories are covered.
All 655 rules carry a MITRE ATLAS technique reference, grouped by tactic in the rule explorer. (ATR's own ATLAS crosswalk.)
All 655 rules carry NIST AI RMF subcategory mappings across the GV/MP/MS/MG functions. A community-authored OSCAL catalog (CC0) is self-published, with the NIST OSCAL collaboration branch #338 in review — collaboration, not a NIST endorsement or adoption.
All 655 rules map to high-risk-AI obligations (Articles 9, 10, 12, 13, 14, 15). The Act names the duty; ATR supplies the runtime detection that produces evidence against the named article. It is detection evidence, not a compliance guarantee by itself.
All 655 rules map to AI management system clauses (6.2, 8.1–8.4, 9.1).
Technique-level coverage: 78 of 85 SAFE-MCP techniques are covered by at least one rule (conservative lower bound; last fully enumerated at v1.0.0).
'Aligned with a framework' is an assertion. The exact regex that detects an attack is evidence. ATR's compliance mappings live in each rule's YAML — specific compliance metadata citing the precise regex or token that detects the attack, never a generic claim of 'alignment with framework.' Anyone can put the mapping next to the thing it claims to detect and check.
Browse raw rule YAML on GitHub →Think a mapping is wrong? This is an open standard — fork it, challenge it, and open a PR or issue to correct any mapping.
Open an issue to challenge a mapping →