Skip to content
Ecosystem

Who ships the standard.

A standard is measured by adoption, not by assertion. This page lists projects that ship ATR rules in public, verifiable work — standards bodies, production deployments, open-source tooling. The shape of that adoption is itself the point: enterprises integrate through pull requests, not private forks. That is the governance texture an open standard is built for.

ADOPTERS.md is the single machine-readable source of truth for this list. Adopters self-declare via PR — the maintainers do not pre-approve entries. A schema-conforming PR with a verifiable evidence link gets merged; your PR is the record.

engineImplements a conforming ATR evaluation engine
rule-importConsumes the ATR rule corpus inside its own scanner
category-subsetImports a subset of ATR categories
adapterConverts ATR to/from another rule format
referenceReferences ATR in a catalogue, taxonomy, or docs
sidecar-proxyRuns ATR as a proxy/callback layer beside the agent
Standards bodies & frameworks (3)

Adopters whose adoption is itself a public-good interoperability artefact — taxonomies, profiles, schemas published by neutral bodies.

MISP / CIRCL

shipped

CIRCL (Computer Incident Response Center Luxembourg) · since 2026-05-10 · reference · verified 2026-07-07

ATR rule-ID taxonomy + threat-intel galaxy merged into MISP's core distribution

Evidence →

OWASP Agent Security Regression Harness

shipped

OWASP Foundation · since 2026-05-11 · reference · verified 2026-07-07

ATR rule corpus referenced as the canonical agent-threat detection ruleset in the project's threat catalogue

Evidence →

FINOS Common Cloud Controls

shipped

FINOS (Fintech Open Source Foundation, a Linux Foundation project) · since 2026-07-02 · reference · verified 2026-07-07

ATR guideline-mappings merged into the Common Cloud Controls catalogue (CN01/CN02/CN04/CN06) with Gemara MappingReference entries

Evidence →
Production deployments (3)

Adopters who ship ATR in a publicly-available customer-facing product.

Cisco AI Defense

shipped

Cisco · since 2026-04-22 · rule-import · verified 2026-07-07

ATR rule corpus consumed by the AI Defense skill-scanner; matches surface in the Cisco product UI as detection findings

Evidence →

Microsoft Agent Governance Toolkit

shipped

Microsoft · since 2026-04-26 · rule-import · verified 2026-07-07

287-rule ATR expansion auto-synced weekly into the Agent Governance Toolkit detection layer

Evidence →

Gen Digital Sage

shipped

Gen Digital (Norton / Avast / LifeLock parent) · since 2026-05-11 · rule-import · verified 2026-07-07

Full ATR rule pack integrated into the Sage agentic-AI risk-scoring layer

Evidence →
Open-source tooling & SDK integrations (4)

Open-source developer tools, frameworks, and SDKs that integrate ATR.

AG2 (AutoGen)

shipped

AG2 (ag2ai) · since 2026-06-28 · adapter · verified 2026-07-07

`ATRGuardrail` contrib capability that scans tool output and LLM input against the ATR ruleset via the `pyatr` engine; merged into the ag2-classic framework and since maintained by an AG2 maintainer

Evidence →

SigmaHQ

shipped

SigmaHQ · since 2026-05-09 · adapter · verified 2026-07-07

Cross-listing in the Sigma tools directory; agent-threat-rules listed as a sibling detection-rule format

Evidence →

Microsoft PyRIT

shipped

Microsoft · since 2026-05-27 · rule-import · verified 2026-07-07

ATR adversarial-payload dataset loader merged into PyRIT (PR #1715, merged 2026-05-27 by maintainer Roman Lutz); a follow-up AgentThreatRulesScorer (PR #1893) is in review

Evidence →

rulezet (CIRCL)

shipped

CIRCL (rulezet rule-management platform) · since 2026-06-18 · adapter · verified 2026-07-07

`atr_format.py` importer/converter mirroring the existing `sigma_format` module (24 unit tests) — ATR rules are manageable as a first-class format in rulezet

Evidence →
Documentation references & awesome-lists (10)

Adopters who reference ATR in public catalogues, awesome-lists, or documentation indices.

killertcell428/aigis

shipped

Aigis (independent) · since 2026-07-07 · reference · verified 2026-07-07

Aigis↔ATR crosswalk — maps Aigis detection patterns to ATR rule IDs through the shared MITRE ATLAS technique axis, with a two-direction ATLAS coverage-gap analysis; merged into the Aigis repo

Evidence →

ottosulin/awesome-ai-security

shipped

Otto Sulin (independent) · since 2026-05-20 · reference · verified 2026-07-07

ATR listed in the MCP Security section

Evidence →

CryptoAILab/Awesome-LM-SSP

shipped

CryptoAILab (independent) · since 2026-04-02 · reference · verified 2026-07-07

ATR listed in the LLM safety & security awesome-list

Evidence →

precize/Agentic-AI-Top10-Vulnerability

shipped

precize (third-party community repo; NOT an OWASP Foundation publication) · since 2026-03-30 · reference · verified 2026-07-07

ATR detection mapping across the agentic-AI vulnerability categories in a third-party catalogue

Evidence →

wearetyomsmnv/Awesome-LLM-agent-Security

shipped

wearetyomsmnv (independent) · since 2026-04-08 · reference · verified 2026-07-07

ATR listed in the LLM-agent security tooling awesome-list

Evidence →

nibzard/awesome-agentic-patterns

shipped

nibzard (independent) · since 2026-04-09 · reference · verified 2026-07-07

"Deterministic Threat Rule Scanning" pattern accepted, referencing ATR

Evidence →

TalEliyahu/Awesome-AI-Security

shipped

Tal Eliyahu (independent) · since 2026-04-10 · reference · verified 2026-07-07

ATR listed in the AI security resource awesome-list

Evidence →

AMD GAIA

shipped

AMD · since 2026-06-24 · reference · verified 2026-07-07

Official GAIA integrations doc — guarding the Lemonade model endpoint with an offline ATR input/output guard (prompt-injection detection pattern)

Evidence →

ProjectRecon/awesome-ai-agents-security

shipped

ProjectRecon (independent) · since 2026-06-12 · reference · verified 2026-07-07

ATR listed in the Static Analysis & Linters section

Evidence →

raphabot/awesome-cybersecurity-agentic-ai

shipped

raphabot (independent) · since 2026-06-28 · reference · verified 2026-07-07

ATR listed in the Tools section

Evidence →
Planning an integration

Open an Integration Request issue

If you want a spec walkthrough, design review, sample code for your language, or to discuss the shape of your integration, this is the path. Maintainers respond within seven days — part of a standard's job is to keep integrators from reinventing the format alone.

Open issue →
Already shipped

Open a PR against ADOPTERS.md

If your integration is publicly verifiable, take this path. Schema-conforming entries with a verifiable evidence link get merged — maintainers do not pre-approve adopters. You write yourself into the public record, in the same file as Cisco, Microsoft, and MISP.

ADOPTERS.md →
Badge

Your project ships ATR? Add this badge to your README — it tells downstream that your detections track a versioned, peer-reviewable standard.

ATR Integrated
Markdown:
[![ATR Integrated](https://img.shields.io/badge/ATR-Integrated-2563EB?style=flat)](https://agentthreatrule.org/ecosystem)