A standard is only as strong
as the people who maintain it.
Sigma, CVE, and YARA became universal not because a company owned them, but because enough people chose to describe threats in one shared language. ATR follows the same path β contributors write rules, adopters wire them into production, researchers report the bypasses. Each one moves the standard a step closer to universal. A rule written in Taipei catches an attack first reported in Seattle.
Found a way to bypass an ATR rule? This is the most valuable contribution there is. Known evasions are documented in the open β report one and the whole ecosystem closes the gap at once, so no one has to rediscover it.
An ATR rule flagged something benign? A false-positive report is one more worst-case figure we publish, not hide β it makes the precision we report, lane by lane, more honest.
Write a detection rule in YAML. It must carry real attack payloads and true/false-positive test cases, not a prose description β so it can be peer-reviewed, conformance-tested, and reproduced by any engine.
Seen an AI agent attack technique no rule covers yet? Describe it in Discussions. The technique gets documented first; a rule follows β the knowledge layer doesn't wait on the detection layer.
Add one line to contributors.yaml and open a PR. Your GitHub avatar, country, and contribution types appear here β alongside everyone carrying an open standard toward universal. The list is public, and it stays.
2 countries. A universal standard is worth as much as the number of places speaking the same language for threats. Goal: a contributor in every country running AI agents.