MISP / CIRCL
shippedCIRCL (Computer Incident Response Center Luxembourg) · since 2026-05-10 · reference
ATR rule-ID taxonomy + threat-intel galaxy merged into MISP's core distribution
Evidence →Ecosystem
Projects shipping ATR.
ADOPTERS.md is the single source of truth for this list. Adopters self-declare via PR — the maintainers do not pre-approve entries. A schema-conforming PR with a verifiable evidence link gets merged.
Total: 20 adopters · ADOPTERS.md →
Standards bodies & frameworks (4)
Adopters whose adoption is itself a public-good interoperability artefact — taxonomies, profiles, schemas published by neutral bodies.
OWASP Agent Security Regression Harness
shippedOWASP Foundation · since 2026-05-11 · reference
ATR rule corpus referenced as the canonical agent-threat detection ruleset in the project's threat catalogue
Evidence →NIST AI RMF — community OSCAL catalog (submission in review)
in reviewATR maintainers (community contribution; NOT a NIST publication) · since 2026-05-10 (community catalog published; PR opened 2026-05-21) · reference
Community-authored OSCAL catalog covering NIST AI RMF (72 controls + 31 cross-reference links), CC0-licensed, self-published at Agent-Threat-Rule/ai-rmf-oscal-catalog. The catalog has been submitted to the NIST OSCAL team as PR usnistgov/oscal-content#333; the PR is OPEN, the NIST OSCAL maintainer has flagged that scope alignment needs rework, and the ATR maintainers are awaiting NIST direction. Listed here for transparency about the submission, NOT as evidence of NIST endorsement.
Evidence →OpenTelemetry — semantic-conventions-genai
in reviewCNCF / OpenTelemetry GenAI SIG · since 2026-05-17 · reference
Proposal for `agent.threat.detection.*` semantic-convention attributes (which ATR populates on agent spans) is in review
Evidence →Production deployments (3)
Adopters who ship ATR in a publicly-available customer-facing product.
Cisco AI Defense
shippedCisco · since 2026-04-22 · rule-import
ATR rule corpus consumed by the AI Defense skill-scanner; matches surface in the Cisco product UI as detection findings
Evidence →Microsoft Agent Governance Toolkit
shippedMicrosoft · since 2026-04-26 · rule-import
287-rule ATR expansion auto-synced weekly into the Agent Governance Toolkit detection layer
Evidence →Gen Digital Sage
shippedGen Digital (Norton / Avast / LifeLock parent) · since 2026-05-11 · rule-import
Full ATR rule pack integrated into the Sage agentic-AI risk-scoring layer
Evidence →Open-source tooling & SDK integrations (8)
Open-source developer tools, frameworks, and SDKs that integrate ATR.
BerriAI LiteLLM
in reviewBerriAI · since 2026-05-16 · sidecar-proxy
ATR guardrail integration as a LiteLLM proxy callback; scans LLM input + output against the rule corpus at the proxy layer
Evidence →Promptfoo
in reviewPromptfoo · since 2026-04-08 · rule-import
MCP red-team output scanning consumes ATR rules to flag adversarial responses in evaluation runs
Evidence →NVIDIA garak
in reviewNVIDIA · since 2026-05-20 · rule-import
ATR detector plugin for the garak red-teaming framework
Evidence →IBM mcp-context-forge
in reviewIBM · since 2026-05-09 · sidecar-proxy
ATR threat-detection plugin for the MCP context-forge proxy
Evidence →Portkey AI Gateway
in reviewPortkey AI · since 2026-05-16 · sidecar-proxy
ATR detection plugin in the Portkey gateway plugin architecture
Evidence →Semgrep
in reviewSemgrep Inc. (community contribution) · since 2026-05-10 · adapter
YAML rule-format adapter that translates Semgrep rule conventions to ATR conformance for skill-manifest + MCP-tool security
Evidence →aaif-goose
in reviewAAIF (block/goose) · since 2026-05-19 · sidecar-proxy
PreToolUse hook denial integrates ATR rule evaluation at the tool-call boundary
Evidence →SigmaHQ
in reviewSigmaHQ · since 2026-05-09 · adapter
Cross-listing in the Sigma tools directory; agent-threat-rules listed as a sibling detection-rule format
Evidence →Documentation references & awesome-lists (4)
Adopters who reference ATR in public catalogues, awesome-lists, or documentation indices.
ottosulin/awesome-ai-security
shippedOtto Sulin (independent) · since 2026-05-20 · reference
ATR listed in the MCP Security section
Evidence →e2b-dev/awesome-ai-agents
in reviewE2B · since 2026-05-16 · reference
ATR listed in the AI agents awesome-list
Evidence →e2b-dev/awesome-ai-sdks
in reviewE2B · since 2026-05-16 · reference
ATR listed in the AI SDKs awesome-list
Evidence →Puliczek/awesome-mcp-security
in reviewPuliczek (independent) · since 2026-04-21 · reference
ATR listed in MCP threat-detection tools
Evidence →Commercial implementations (1)
Vendors offering commercial support, hosted engines, or enterprise SLAs around ATR.
PanGuard AI
shippedPanguard AI, Inc.
Hosted ATR engine + enterprise SLAs, compliance evidence module, and runtime guardrails
Visit →Planning an integration
Open an Integration Request issue
If you want a spec walkthrough, design review, sample code for your language, or to discuss the shape of your integration, this is the path. Maintainers respond within seven days.
Open issue →Already shipped
Open a PR against ADOPTERS.md
If your integration is publicly verifiable, take this path. Schema-conforming entries with a verifiable evidence link get merged — maintainers do not pre-approve adopters.
ADOPTERS.md →Badge
Your project ships ATR? Add this badge to your README.
Markdown:
[](https://agentthreatrule.org/ecosystem)