Framework

MITRE ATLAS

MITRE ATLAS is a community-contributed, MITRE-curated matrix that catalogues adversarial tactics and techniques observed against AI and ML systems in production. MITRE, the non-profit that maintains the better-known ATT&CK framework, runs ATLAS on the same shape: tactics as columns (the attacker's goal at a stage), techniques as cells under each tactic, with case studies linked to real incidents. ATT&CK was for everything else, ATLAS is for the AI layer specifically.
Reviewed by 7wData

Why it matters

ATLAS gives security teams a shared vocabulary for AI attacks that did not exist before 2022. Before, every team described prompt injection, model evasion, or training-data poisoning in their own words, which made comparison across vendors and across incidents almost impossible. ATLAS standardises the names, the tactic ordering, and the cross-references to case studies. That standardisation is what makes “we cover ATLAS tactic AML.T0051” a meaningful claim in a security questionnaire instead of marketing prose. Representative tactics include Reconnaissance, ML Model Access, Initial Access, ML Attack Staging, Evasion, and Exfiltration. The matrix is not exhaustive, it is a structured snapshot of what has been observed.

Where you’ll encounter it

Three concrete contexts. A red team scopes an AI-focused exercise against specific ATLAS technique IDs so the report reads alongside the company’s other ATT&CK-mapped red teams. A customer security questionnaire asks which ATLAS tactics you have detections for, and a vague answer fails it. An incident-response retrospective gets mapped to ATLAS technique IDs so future detections track against the same taxonomy. The practical pitfall: teams treat ATLAS as exhaustive when it is a living matrix. New tactics appear, old ones get split or merged, and a claim of “full ATLAS coverage” goes stale within a release or two.

Part of the 7wData AI Glossary. Tracking how concepts like this move in the expert conversation: daily signals at ins7ghts.com.