Compliance Coverage

6 frameworks. Every rule mapped.

Every ATR rule carries mapping metadata for OWASP, MITRE ATLAS, NIST AI RMF, EU AI Act, ISO 42001, and SAFE-MCP. All metadata is MIT-licensed, downloadable, and auditable.

For procurement teams

Compliance officers cannot submit URLs as evidence in procurement. Download the structured compliance mapping package (PDF + JSON) with per-rule framework mappings, rule ID index, and quality score summary.

Download compliance mapping (GitHub Releases) →Browse compliance docs on GitHub →

OWASP Agentic Top 10

10/10

Full coverage across all 10 agentic AI risk categories.

MITRE ATLAS

100%

All 113 ATR rules carry MITRE ATLAS technique references. Grouped by tactic in the rule explorer.

NIST AI RMF

100%

All rules carry NIST AI RMF subcategory mappings. 16 subcategories across GV/MP/MS/MG. OSCAL catalog accepted under Path 1.

Detail page →

SAFE-MCP

91.8%

78 of 85 techniques covered (OpenSSF MCP security framework).

EU AI Act

Partial

Rules map to high-risk system obligations (Art. 9, 10, 15) for AI systems deployed in agentic contexts. Mapping documented per rule.

ISO 42001

Partial

Rules map to AI management system controls for risk identification, monitoring, and incident response.

Rule-by-rule verifiability

ATR's compliance mappings are not marketing claims. Each rule's YAML contains specific compliance metadata citing the exact regex or token that detects the attack — not a generic claim of 'alignment with framework'.

Browse raw rule YAML on GitHub →

NIST AI RMF detail→|Benchmark coverage→|Quality standard→