Skip to content

Proposal: Add MITRE ATLAS as a named threat classification taxonomy in CycloneDX 2.0 #976

Description

@devashridatta-dotcom

Summary

This proposal requests adding MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) as a named threat classification taxonomy in CycloneDX 2.0, alongside the existing STRIDE, LINDDUN, MAESTRO, and MITRE ATT&CK taxonomies.

This proposal follows the invitation in #956, where @stevespringett noted that ATLAS is the natural home for AI-specific attack techniques and invited input on the taxonomy addition.

Background

MITRE ATT&CK documents attack techniques against traditional software, networks, and infrastructure. MITRE ATLAS documents attack techniques against AI and machine learning systems specifically. The two are complementary, not substitutes.

As of ATLAS v5.4.0 (February 2026): 16 tactics, 84 techniques, 56 sub-techniques, 32 mitigations, 42 real-world case studies. ATLAS data is available in STIX 2.1 format.

Without ATLAS in the taxonomy enumeration, AI-specific threats such as prompt injection (AML.T0051), model poisoning (AML.T0020), and agentic pipeline compromise (AML.T0052) cannot be formally classified in a CycloneDX BOM.

Proposed Change

Add ATLAS to the permitted threat classification taxonomy enumeration:

Current: STRIDE, LINDDUN, MAESTRO, MITRE ATT&CK
Proposed addition: ATLAS

Example threat object:

{
  "threats": [{
    "classification": "ATLAS",
    "technique": "AML.T0051",
    "name": "LLM Prompt Injection",
    "description": "Adversary crafts input to manipulate LLM behavior"
  }]
}

ATLAS to CWE to OWASP LLM Top 10 Mapping

ATLAS Technique ID CWE OWASP LLM Top 10
LLM Prompt Injection AML.T0051 CWE-1427 LLM01
Indirect Prompt Injection AML.T0051.001 CWE-1427 LLM01
Jailbreak AML.T0054 CWE-1427 LLM01
Poison Training Data AML.T0020 CWE-1039 LLM03
Backdoor ML Model AML.T0018 CWE-506 LLM03
Steal ML Model AML.T0030 CWE-200 LLM10
Invert ML Model AML.T0024 CWE-200 LLM06
Evade ML Model AML.T0015 CWE-1039 LLM09
Compromise Agentic Pipeline AML.T0052 None yet LLM08
Manipulate LLM Tool Call AML.T0056 None yet LLM08
Autonomous Workflow Chaining AML.T0058 None yet LLM08

Three agentic techniques (AML.T0052, AML.T0056, AML.T0058) have no formal CWE yet - documented as named weakness candidates in #333.

References

ATLAS_CWE_OWASP_Mapping_v0.1.xlsx

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions