MISP / CIRCL
shippedCIRCL (Computer Incident Response Center Luxembourg) · since 2026-05-10 · reference · verified 2026-07-07
ATR rule-ID taxonomy + threat-intel galaxy merged into MISP's core distribution
Evidence →A standard is measured by adoption, not by assertion. This page lists projects that ship ATR rules in public, verifiable work — standards bodies, production deployments, open-source tooling. The shape of that adoption is itself the point: enterprises integrate through pull requests, not private forks. That is the governance texture an open standard is built for.
ADOPTERS.md is the single machine-readable source of truth for this list. Adopters self-declare via PR — the maintainers do not pre-approve entries. A schema-conforming PR with a verifiable evidence link gets merged; your PR is the record.
Total: 20 adopters · ADOPTERS.md → · evidence re-verified against GitHub 2026-07-07 — 34/34
Adopters whose adoption is itself a public-good interoperability artefact — taxonomies, profiles, schemas published by neutral bodies.
CIRCL (Computer Incident Response Center Luxembourg) · since 2026-05-10 · reference · verified 2026-07-07
ATR rule-ID taxonomy + threat-intel galaxy merged into MISP's core distribution
Evidence →OWASP Foundation · since 2026-05-11 · reference · verified 2026-07-07
ATR rule corpus referenced as the canonical agent-threat detection ruleset in the project's threat catalogue
Evidence →FINOS (Fintech Open Source Foundation, a Linux Foundation project) · since 2026-07-02 · reference · verified 2026-07-07
ATR guideline-mappings merged into the Common Cloud Controls catalogue (CN01/CN02/CN04/CN06) with Gemara MappingReference entries
Evidence →Adopters who ship ATR in a publicly-available customer-facing product.
Cisco · since 2026-04-22 · rule-import · verified 2026-07-07
ATR rule corpus consumed by the AI Defense skill-scanner; matches surface in the Cisco product UI as detection findings
Evidence →Microsoft · since 2026-04-26 · rule-import · verified 2026-07-07
287-rule ATR expansion auto-synced weekly into the Agent Governance Toolkit detection layer
Evidence →Gen Digital (Norton / Avast / LifeLock parent) · since 2026-05-11 · rule-import · verified 2026-07-07
Full ATR rule pack integrated into the Sage agentic-AI risk-scoring layer
Evidence →Open-source developer tools, frameworks, and SDKs that integrate ATR.
AG2 (ag2ai) · since 2026-06-28 · adapter · verified 2026-07-07
`ATRGuardrail` contrib capability that scans tool output and LLM input against the ATR ruleset via the `pyatr` engine; merged into the ag2-classic framework and since maintained by an AG2 maintainer
Evidence →SigmaHQ · since 2026-05-09 · adapter · verified 2026-07-07
Cross-listing in the Sigma tools directory; agent-threat-rules listed as a sibling detection-rule format
Evidence →Microsoft · since 2026-05-27 · rule-import · verified 2026-07-07
ATR adversarial-payload dataset loader merged into PyRIT (PR #1715, merged 2026-05-27 by maintainer Roman Lutz); a follow-up AgentThreatRulesScorer (PR #1893) is in review
Evidence →CIRCL (rulezet rule-management platform) · since 2026-06-18 · adapter · verified 2026-07-07
`atr_format.py` importer/converter mirroring the existing `sigma_format` module (24 unit tests) — ATR rules are manageable as a first-class format in rulezet
Evidence →Adopters who reference ATR in public catalogues, awesome-lists, or documentation indices.
Aigis (independent) · since 2026-07-07 · reference · verified 2026-07-07
Aigis↔ATR crosswalk — maps Aigis detection patterns to ATR rule IDs through the shared MITRE ATLAS technique axis, with a two-direction ATLAS coverage-gap analysis; merged into the Aigis repo
Evidence →Otto Sulin (independent) · since 2026-05-20 · reference · verified 2026-07-07
ATR listed in the MCP Security section
Evidence →CryptoAILab (independent) · since 2026-04-02 · reference · verified 2026-07-07
ATR listed in the LLM safety & security awesome-list
Evidence →precize (third-party community repo; NOT an OWASP Foundation publication) · since 2026-03-30 · reference · verified 2026-07-07
ATR detection mapping across the agentic-AI vulnerability categories in a third-party catalogue
Evidence →wearetyomsmnv (independent) · since 2026-04-08 · reference · verified 2026-07-07
ATR listed in the LLM-agent security tooling awesome-list
Evidence →nibzard (independent) · since 2026-04-09 · reference · verified 2026-07-07
"Deterministic Threat Rule Scanning" pattern accepted, referencing ATR
Evidence →Tal Eliyahu (independent) · since 2026-04-10 · reference · verified 2026-07-07
ATR listed in the AI security resource awesome-list
Evidence →AMD · since 2026-06-24 · reference · verified 2026-07-07
Official GAIA integrations doc — guarding the Lemonade model endpoint with an offline ATR input/output guard (prompt-injection detection pattern)
Evidence →ProjectRecon (independent) · since 2026-06-12 · reference · verified 2026-07-07
ATR listed in the Static Analysis & Linters section
Evidence →raphabot (independent) · since 2026-06-28 · reference · verified 2026-07-07
ATR listed in the Tools section
Evidence →If you want a spec walkthrough, design review, sample code for your language, or to discuss the shape of your integration, this is the path. Maintainers respond within seven days — part of a standard's job is to keep integrators from reinventing the format alone.
Open issue →If your integration is publicly verifiable, take this path. Schema-conforming entries with a verifiable evidence link get merged — maintainers do not pre-approve adopters. You write yourself into the public record, in the same file as Cisco, Microsoft, and MISP.
ADOPTERS.md →Your project ships ATR? Add this badge to your README — it tells downstream that your detections track a versioned, peer-reviewable standard.