Integrate

Four paths. Same destination.

427 rules, ready to integrate. The same path Cisco walked.

Choose Your Integration Level

L1Scan

Individual developers

One command or GitHub Action

Know if your AI tools are poisoned

Updates: npx pulls latest rules automatically

L2Embed

Platforms (IDEs, agent frameworks)

npm install + call ATR engine

Your users protected by 427 rules automatically

Updates: npm update or lockfile + CI

L3Bidirectional

Security platforms, enterprise SOC

Embed + report threats to Threat Cloud

Your endpoints become global sensors, you receive global intel

Updates: TC real-time push + npm update

Try it in 30 seconds

No signup, no API key. One command scans your SKILL.md or MCP config.

Scan a SKILL.md file

$ npx agent-threat-rules scan your-skill.md

Scan a directory

$ npx agent-threat-rules scan ./my-mcp-skills/

Install as Claude Code real-time guard

$ npx agent-threat-rules init --global

427 rules · 8 threat categories · < 5ms latency · zero dependencies · MIT license

SDK Integration

TypeScript / Node.js

Docs→

$ npm install agent-threat-rules

import { ATREngine } from 'agent-threat-rules';

const engine = new ATREngine();
const matches = engine.evaluate({
  type: 'tool_response',
  content: toolOutput,
  timestamp: new Date().toISOString(),
});

if (matches.length > 0) {
  // Threat detected — block or alert
}

Python (pyATR)

Docs→

$ pip install pyatr

from pyatr import ATREngine

engine = ATREngine()
result = engine.evaluate(event={
    "type": "llm_input",
    "content": user_message,
})

if result.outcome == "deny":
    # Block the request

Raw YAML (any language)

Docs→

$ git submodule add https://github.com/Agent-Threat-Rule/agent-threat-rules.git

# Point your scanner at rules/ directory
# Each .yaml file follows ATR-SPEC-v1 schema
# Parse with any YAML library
# Schema: spec/atr-schema.yaml

rules/
  prompt-injection/
  tool-poisoning/
  agent-manipulation/
  ... (8 categories)

GitHub Action (CI/CD)

Docs→

$ # Add to .github/workflows/atr-scan.yml

name: ATR Scan
on: [push, pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: Agent-Threat-Rule/agent-threat-rules@main
        with:
          path: '.'            # Scan entire repo
          severity: 'medium'   # Minimum severity
          fail-on-finding: 'true'
          upload-sarif: 'true' # Results in GitHub Security tab

SIEM Integration

Docs→

$ atr convert splunk --output splunk-queries.txt

# Convert ATR rules to SIEM query language
atr convert splunk    # Output SPL queries
atr convert elastic   # Output Elasticsearch Query DSL
atr convert sarif     # Output SARIF v2.1.0 for CI/CD

GitHub Action Adopters

Wire ATR into any GitHub repo's CI. Results write to SARIF and surface in the repo's GitHub Security tab — same place as CodeQL and dependabot.

Minimal Workflow

# .github/workflows/atr-scan.yml
on: [push, pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    permissions:
      security-events: write   # for SARIF upload
    steps:
      - uses: actions/checkout@v4
      - uses: Agent-Threat-Rule/agent-threat-rules@main
        with:
          severity: medium
          fail-on-finding: true

Public Adopters

No public adopters tracked yet. If your repo uses the ATR Action, let us know via a GitHub issue and we'll list it here.

Adoption forms vary — Cisco AI Defense (PR #79 PoC + PR #99 production) integrates the full rule pack via a rule-packs CLI; Microsoft AGT (PR #908 PoC + PR #1277 production) integrates 287 rules as PolicyDocument with a weekly auto-sync workflow; Gen Digital Sage (PR #33) ships the rule pack inside the agentic-AI risk-scoring layer. These three count as upstream adoption, separate from Action usage.

Schema Stability Guarantee

If you depend on ATR as upstream, you need to know the format won't break. Here's our commitment:

ATR-SPEC-v1 (stable)

Published and stable. All new fields are optional additions. No existing field will be removed or renamed without a major version bump.

Backward Compatibility

Breaking changes only happen on major version transitions (v1 → v2). We provide migration guides and a minimum 6-month overlap period where both versions are supported.

Update Frequency

New rules are added continuously (avg 2-5 per week during active periods). Every rule passes CI validation + precision test before merge. Subscribe to GitHub Releases for changelogs.

Sync Methods

git submodule — pin to tag, update on your schedule
npm install — semver, lockfile controls version
GitHub Action — CI scans with latest rules automatically

Why ATR Instead of Writing Your Own?

Coverage

427 rules, 39 CVEs mapped, 8 threat categories

You build your own rule set

Coverage

ATR427 rules, 39 CVEs mapped, 8 threat categories

DIYYou build your own rule set

New attack response

Threat Cloud crystallization, targeting hours

Depends on your team's bandwidth

New attack response

ATRThreat Cloud crystallization, targeting hours

DIYDepends on your team's bandwidth

Evasion testing

64 documented evasion techniques, tested on every PR

Requires dedicated effort to build

Evasion testing

ATR64 documented evasion techniques, tested on every PR

DIYRequires dedicated effort to build

OWASP / MITRE mapping

Pre-built. 10/10 Agentic + MITRE ATLAS per rule

Hours of manual mapping work

OWASP / MITRE mapping

ATRPre-built. 10/10 Agentic + MITRE ATLAS per rule

DIYHours of manual mapping work

Maintenance

Community-maintained. MIT. Zero cost.

Requires ongoing engineering effort

Maintenance

ATRCommunity-maintained. MIT. Zero cost.

DIYRequires ongoing engineering effort

Ecosystem

Cisco integrated, OWASP and OpenSSF PRs under review

Maintained independently, no shared rules

Ecosystem

ATRCisco integrated, OWASP and OpenSSF PRs under review

DIYMaintained independently, no shared rules

ATRInternal Rules

License & Legal

MIT License

Use commercially, modify, distribute, sublicense. No restrictions.

No CLA

No Contributor License Agreement. Contributions are MIT-licensed and belong to the community.

Vendor Neutral

ATR is not owned by any company. It is a community-governed open standard.

Trusted By

Cisco AI Defense

Full ATR rule pack · skill-scanner production (PR #99)

427 detection rules

8 threat categories

96,096 skills scanned

6 registries · 751 malware

30 ecosystem integrations

11 merged · 19 under review

Report Threats — Turn Your Endpoints Into Global Sensors

Your scanner found a new threat? Report it to Threat Cloud. ATR crystallizes it into a detection rule, reviews it, and distributes it globally. Your discovery protects everyone.

Method 1: CLI (simplest)

$ npx agent-threat-rules scan . --report-to-cloud

Method 2: Library (platform integration)

// Auto-report when your platform detects threats

import { ATREngine, createTCReporter } from 'agent-threat-rules';

const engine = new ATREngine({

reporter: createTCReporter(), // anonymous, no API key

});

// detections auto-batched to TC

Method 3: API (fully custom)

# Direct TC API call

curl -X POST https://tc.agentthreatrule.org/api/threats \

-H 'Content-Type: application/json' \

-d '{"ruleId":"ATR-2026-00121","severity":"critical",

"contentHash":"abc123","scanTarget":"my-skill"}

What happens after reporting

1. Aggregate

TC collects signals from endpoints

2. Crystallize

AI analyzes patterns, drafts rules

3. Review

Human reviews FP + attack classification

4. Distribute

Merged to ATR → npm publish → global update

Case Study: How Cisco Did It

full pack

in skill-scanner production

2 PRs

PoC (#79) → production (#99)

3 days

first PR to merge

Cisco's AI Defense team integrated ATR rules as an upstream dependency. The first PR #79 (2026-04-03) merged a 34-rule PoC in three days. Follow-up PR #80 built the --rule-packs CLI to consume ATR as a first-class rule source. Production PR #99 (2026-04-22) landed the full ATR rule pack inside Cisco AI Defense's skill-scanner.

PR #79: PoC (34 rules) →PR #80: rule-packs CLI →PR #99: production →