MISP / CIRCL
已上線CIRCL (Computer Incident Response Center Luxembourg) · 自 2026-05-10 · 文件引用 · 證據現驗 2026-07-07
ATR rule-ID taxonomy + threat-intel galaxy merged into MISP's core distribution
證據連結 →一個標準靠採用衡量,不靠宣稱。這頁列的是把 ATR 規則綁進公開、可驗證成品的專案——標準機構、生產部署、開源工具——而採用的形狀本身就是重點:企業整合走 pull request,不是私有 fork。這正是一個開放標準想要的治理質感。
ADOPTERS.md 是這份清單的單一機器可讀來源。採用者自行提 PR 加入,維護者不預先審核;只要 schema 對、附上公開可驗證的證據連結就 merge——你的 PR 本身就是紀錄。
共計: 20 個採用者 · ADOPTERS.md → · 證據連結 2026-07-07 對 GitHub 現驗 34/34
其本身就是公共財互操作性產出的採用者:由中立機構發佈的分類、規範對應、schema。
CIRCL (Computer Incident Response Center Luxembourg) · 自 2026-05-10 · 文件引用 · 證據現驗 2026-07-07
ATR rule-ID taxonomy + threat-intel galaxy merged into MISP's core distribution
證據連結 →OWASP Foundation · 自 2026-05-11 · 文件引用 · 證據現驗 2026-07-07
ATR rule corpus referenced as the canonical agent-threat detection ruleset in the project's threat catalogue
證據連結 →FINOS (Fintech Open Source Foundation, a Linux Foundation project) · 自 2026-07-02 · 文件引用 · 證據現驗 2026-07-07
ATR guideline-mappings merged into the Common Cloud Controls catalogue (CN01/CN02/CN04/CN06) with Gemara MappingReference entries
證據連結 →在公開、面向客戶的產品中部署 ATR 的採用者。
Cisco · 自 2026-04-22 · 規則匯入 · 證據現驗 2026-07-07
ATR rule corpus consumed by the AI Defense skill-scanner; matches surface in the Cisco product UI as detection findings
證據連結 →Microsoft · 自 2026-04-26 · 規則匯入 · 證據現驗 2026-07-07
287-rule ATR expansion auto-synced weekly into the Agent Governance Toolkit detection layer
證據連結 →Gen Digital (Norton / Avast / LifeLock parent) · 自 2026-05-11 · 規則匯入 · 證據現驗 2026-07-07
Full ATR rule pack integrated into the Sage agentic-AI risk-scoring layer
證據連結 →整合 ATR 的開源開發者工具、框架、SDK。
AG2 (ag2ai) · 自 2026-06-28 · 格式轉接 · 證據現驗 2026-07-07
`ATRGuardrail` contrib capability that scans tool output and LLM input against the ATR ruleset via the `pyatr` engine; merged into the ag2-classic framework and since maintained by an AG2 maintainer
證據連結 →SigmaHQ · 自 2026-05-09 · 格式轉接 · 證據現驗 2026-07-07
Cross-listing in the Sigma tools directory; agent-threat-rules listed as a sibling detection-rule format
證據連結 →Microsoft · 自 2026-05-27 · 規則匯入 · 證據現驗 2026-07-07
ATR adversarial-payload dataset loader merged into PyRIT (PR #1715, merged 2026-05-27 by maintainer Roman Lutz); a follow-up AgentThreatRulesScorer (PR #1893) is in review
證據連結 →CIRCL (rulezet rule-management platform) · 自 2026-06-18 · 格式轉接 · 證據現驗 2026-07-07
`atr_format.py` importer/converter mirroring the existing `sigma_format` module (24 unit tests) — ATR rules are manageable as a first-class format in rulezet
證據連結 →在公開目錄、awesome-list、文件索引中引用 ATR 的採用者。
Aigis (independent) · 自 2026-07-07 · 文件引用 · 證據現驗 2026-07-07
Aigis↔ATR crosswalk — maps Aigis detection patterns to ATR rule IDs through the shared MITRE ATLAS technique axis, with a two-direction ATLAS coverage-gap analysis; merged into the Aigis repo
證據連結 →Otto Sulin (independent) · 自 2026-05-20 · 文件引用 · 證據現驗 2026-07-07
ATR listed in the MCP Security section
證據連結 →CryptoAILab (independent) · 自 2026-04-02 · 文件引用 · 證據現驗 2026-07-07
ATR listed in the LLM safety & security awesome-list
證據連結 →precize (third-party community repo; NOT an OWASP Foundation publication) · 自 2026-03-30 · 文件引用 · 證據現驗 2026-07-07
ATR detection mapping across the agentic-AI vulnerability categories in a third-party catalogue
證據連結 →wearetyomsmnv (independent) · 自 2026-04-08 · 文件引用 · 證據現驗 2026-07-07
ATR listed in the LLM-agent security tooling awesome-list
證據連結 →nibzard (independent) · 自 2026-04-09 · 文件引用 · 證據現驗 2026-07-07
"Deterministic Threat Rule Scanning" pattern accepted, referencing ATR
證據連結 →Tal Eliyahu (independent) · 自 2026-04-10 · 文件引用 · 證據現驗 2026-07-07
ATR listed in the AI security resource awesome-list
證據連結 →AMD · 自 2026-06-24 · 文件引用 · 證據現驗 2026-07-07
Official GAIA integrations doc — guarding the Lemonade model endpoint with an offline ATR input/output guard (prompt-injection detection pattern)
證據連結 →ProjectRecon (independent) · 自 2026-06-12 · 文件引用 · 證據現驗 2026-07-07
ATR listed in the Static Analysis & Linters section
證據連結 →raphabot (independent) · 自 2026-06-28 · 文件引用 · 證據現驗 2026-07-07
ATR listed in the Tools section
證據連結 →想要 spec walkthrough、design review、你的語言的 sample code,或先討論整合形狀,就走這條。維護者七天內回覆——標準的責任之一,是讓整合的人不必獨自摸索格式。
開 issue →整合已經公開可驗證,直接走這條。Schema 對、附 evidence link 就 merge——維護者不預先審核採用者,把你自己寫進公開紀錄,跟 Cisco、Microsoft、MISP 列在同一份檔案。
ADOPTERS.md →你的專案 ship 了 ATR?在 README 加上這個徽章——讓下游知道你的偵測規則對著一個版本化、可審查的標準。