How ATR is maintained
ATR is an MIT-licensed open standard, not owned by any company. This page documents who maintains it, how decisions are made, and the conflict-of-interest disclosure between PanGuard AI Inc and the ATR community.
Responsible for rule quality, PR review, and releases.
Founder and primary maintainer of ATR. Responsible for RFC-001 quality standard design, community outreach, and ecosystem integration review. GitHub: eeee2345 (Adamthereal).
[email protected]ATR currently has one maintainer. We are actively recruiting a second. If you are interested, email [email protected]. Neutral hosting under an external foundation (Linux Foundation, OpenSSF, or equivalent) is on the roadmap; no decision has been made.
Six gates before any rule merges.
Valid YAML schema, valid regex (no ReDoS), at least 1 TP and 1 TN.
Confidence score formula (precision 40% + wild 30% + coverage 20% + evasion 10%) must clear the experimental threshold.
False positive rate must be 0 on 432 real-world benign skills.
New rule must not conflict with existing rules on the same input.
Maintainer reviews regex shape, test case coverage, and source citation. Stable tier requires human-reviewed provenance.
Maximum 10 new rules per PR. test_cases must include true_positives and true_negatives.
If the lead maintainer becomes unavailable.
Short term (within 30 days): The CODEOWNERS file and CI automation continue to function on GitHub. Merged rules continue to publish via npm. ATR has no dependency on a single server or closed system — rules are plain-text YAML and anyone can fork.
Medium term: A second maintainer (recruitment ongoing) takes over PR review. If none is identified within 30 days, existing contributors — adulau (MISP) and mertsatilmaz (OWASP) — will be invited to serve as interim maintainers.
Long term: The ATR roadmap includes evaluating transfer to a neutral foundation (Linux Foundation or OpenSSF). Transfer requires: two or more external maintainers, and at least one organization willing to fund governance overhead.
The relationship between ATR and PanGuard AI Inc.
ATR (Agent Threat Rules) is an MIT-licensed open standard maintained under the Agent-Threat-Rule GitHub organization. PanGuard AI Inc is a separate commercial company incorporated in Delaware, USA on 2026-05-12, founded by Adam Lin.
Overlap: The primary contact is the same person (Adam Lin). PanGuard AI's product depends on ATR rules as an upstream dependency — the same relationship Cisco AI Defense and Microsoft AGT have.
The boundary: ATR's rules, CHANGELOG, benchmark data, and documentation must not be distorted by PanGuard AI's commercial interests. ATR's issue tracker and PR review process is open to everyone, including PanGuard AI's competitors. ATR's GOVERNANCE.md is publicly auditable on GitHub.
If you observe any violation of this boundary, please open an issue on GitHub or email [email protected].
All contributions are published under MIT license. Contributors retain all rights to use their attack research in any form — ATR carries the detection, not ownership of the research.
A contributor's name appears in the rule's author field and metadata_provenance.discovered_by field. When MISP exports to STIX, when NIST cites the rule, attribution travels with it.