Skip to content
Integrate

Four paths. Same destination.

108 rules, ready to integrate. The same path Cisco walked.

TypeScript / Node.js

Docs
$ npm install agent-threat-rules
import { ATREngine } from 'agent-threat-rules';

const engine = new ATREngine();
const matches = engine.evaluate({
  type: 'tool_response',
  content: toolOutput,
  timestamp: new Date().toISOString(),
});

if (matches.length > 0) {
  // Threat detected — block or alert
}

Python (pyATR)

Docs
$ pip install git+https://github.com/Agent-Threat-Rule/agent-threat-rules.git#subdirectory=python
from pyatr import ATREngine

engine = ATREngine()
result = engine.evaluate(event={
    "type": "llm_input",
    "content": user_message,
})

if result.outcome == "deny":
    # Block the request

Raw YAML (any language)

Docs
$ git submodule add https://github.com/Agent-Threat-Rule/agent-threat-rules.git
# Point your scanner at rules/ directory
# Each .yaml file follows ATR schema v1.0
# Parse with any YAML library
# Schema: spec/atr-schema.yaml

rules/
  prompt-injection/
  tool-poisoning/
  agent-manipulation/
  ... (9 categories)

SIEM Integration

Docs
$ atr convert splunk --output splunk-queries.txt
# Convert ATR rules to SIEM query language
atr convert splunk    # Output SPL queries
atr convert elastic   # Output Elasticsearch Query DSL
atr convert sarif     # Output SARIF v2.1.0 for CI/CD

Schema Stability Guarantee

If you depend on ATR as upstream, you need to know the format won't break. Here's our commitment:

ATR Schema v1.0 (current)

Published and stable. All new fields are optional additions. No existing field will be removed or renamed without a major version bump.

Backward Compatibility

Breaking changes only happen on major version transitions (v1 → v2). We provide migration guides and a minimum 6-month overlap period where both versions are supported.

Update Frequency

New rules are added continuously (avg 2-5 per week during active periods). Every rule passes CI validation + precision test before merge. Subscribe to GitHub Releases for changelogs.

Sync Methods
git submodulepin to tag, update on your schedule
npm installsemver, lockfile controls version
GitHub ActionCI scans with latest rules automatically

Why ATR Instead of Writing Your Own?

Coverage
ATR108 rules, 17 CVEs mapped, 9 threat categories
DIYYou build your own rule set
New attack response
ATRThreat Cloud crystallization, targeting hours
DIYDepends on your team's bandwidth
Evasion testing
ATR64 documented evasion techniques, tested on every PR
DIYRequires dedicated effort to build
OWASP / MITRE mapping
ATRPre-built. 10/10 Agentic + MITRE ATLAS per rule
DIYHours of manual mapping work
Maintenance
ATRCommunity-maintained. MIT. Zero cost.
DIYRequires ongoing engineering effort
Ecosystem
ATRCisco integrated, OWASP and OpenSSF PRs under review
DIYMaintained independently, no shared rules
 ATRInternal Rules

License & Legal

MIT License

Use commercially, modify, distribute, sublicense. No restrictions.

No CLA

No Contributor License Agreement. Contributions are MIT-licensed and belong to the community.

Vendor Neutral

ATR is not owned by any company. It is a community-governed open standard.

Trusted By
Cisco AI Defense

34 ATR rules as upstream

23,000+ monthly downloads

npm, zero marketing

90,000+ skills scanned

ClawHub + OpenClaw + Skills.sh

10 ecosystem integrations

3 merged · 7 under review

Case Study: How Cisco Did It

34
ATR rules merged
1,272
lines added to Cisco AI Defense
3 days
from PR submission to merge

Cisco's DefenseClaw team integrated ATR rules as an upstream dependency. Their engineer submitted PR #79, we reviewed it, and it merged in 3 days. They then built a --rule-packs CLI feature (PR #80) specifically to consume ATR as a first-class rule source.

PR #79: Rules integration →PR #80: Rule-packs CLI →