{ "schema_version": "atlas.assessment.v1", "generated_at": "2026-05-17T18:46:39.617Z", "caveat": "Based on MITRE ATLAS public data, not proof of any organization’s internal security maturity.", "source": { "repo_url": "https://github.com/mitre-atlas/atlas-data", "canonical_url": "https://atlas.mitre.org/", "maintenance_url": "https://github.com/mitre-atlas/atlas-data", "repo_commit": "8ee2c689a7d3c65ddf2bfe4950a4f3ecffa6f48b", "repo_tag": "v5.6.1", "yaml_version": "5.6.0", "release_date": "2026-05-05T21:59:10-04:00", "commit_message": "Release v5.6.1" }, "scorecards": [ { "id": "technique_maturity", "label": "Techniques with maturity labels", "value": "170/170", "detail": "Every technique in this release carries a maturity label.", "tone": "green" }, { "id": "mitigation_linkage", "label": "Techniques with mitigation links", "value": "74/170", "detail": "Mitigation coverage is explicit for a minority of techniques.", "tone": "cyan" }, { "id": "case_study_linkage", "label": "Techniques with case-study links", "value": "145/170", "detail": "Most techniques have at least one public case-study mapping.", "tone": "violet" }, { "id": "tactic_case_study_coverage", "label": "Tactics with case studies", "value": "16/16", "detail": "Every tactic in the current matrix has at least one case study.", "tone": "amber" }, { "id": "mitigation_metadata", "label": "Mitigations with lifecycle metadata", "value": "35/35", "detail": "All mitigations carry lifecycle and category metadata.", "tone": "cyan" }, { "id": "case_study_references", "label": "Case studies with references", "value": "52/57", "detail": "Most case studies include at least one public reference link.", "tone": "slate" }, { "id": "navigator_layers", "label": "Navigator layers mirrored", "value": "59", "detail": "Matrix, frequency, and per-case-study layers are all mirrored.", "tone": "violet" }, { "id": "stix_bundles", "label": "STIX bundles mirrored", "value": "2", "detail": "The ATLAS-only and ATLAS + ATT&CK Enterprise bundles are available.", "tone": "cyan" }, { "id": "opencti_bundles", "label": "OpenCTI bundles mirrored", "value": "8", "detail": "Selected case-study bundles are mirrored for downstream tooling.", "tone": "amber" } ], "tactic_scorecards": [ { "id": "AML.TA0003", "name": "Resource Development", "technique_count": 13, "subtechnique_count": 0, "case_study_count": 43, "mitigation_linked_techniques": 4, "evidence_count": 56 }, { "id": "AML.TA0011", "name": "Impact", "technique_count": 9, "subtechnique_count": 0, "case_study_count": 41, "mitigation_linked_techniques": 7, "evidence_count": 50 }, { "id": "AML.TA0004", "name": "Initial Access", "technique_count": 7, "subtechnique_count": 0, "case_study_count": 42, "mitigation_linked_techniques": 3, "evidence_count": 49 }, { "id": "AML.TA0007", "name": "Defense Evasion", "technique_count": 15, "subtechnique_count": 0, "case_study_count": 25, "mitigation_linked_techniques": 2, "evidence_count": 40 }, { "id": "AML.TA0005", "name": "Execution", "technique_count": 6, "subtechnique_count": 0, "case_study_count": 30, "mitigation_linked_techniques": 3, "evidence_count": 36 }, { "id": "AML.TA0002", "name": "Reconnaissance", "technique_count": 8, "subtechnique_count": 0, "case_study_count": 22, "mitigation_linked_techniques": 3, "evidence_count": 30 }, { "id": "AML.TA0000", "name": "AI Model Access", "technique_count": 4, "subtechnique_count": 0, "case_study_count": 23, "mitigation_linked_techniques": 4, "evidence_count": 27 }, { "id": "AML.TA0001", "name": "AI Attack Staging", "technique_count": 6, "subtechnique_count": 0, "case_study_count": 20, "mitigation_linked_techniques": 5, "evidence_count": 26 }, { "id": "AML.TA0010", "name": "Exfiltration", "technique_count": 6, "subtechnique_count": 0, "case_study_count": 18, "mitigation_linked_techniques": 5, "evidence_count": 24 }, { "id": "AML.TA0008", "name": "Discovery", "technique_count": 9, "subtechnique_count": 0, "case_study_count": 13, "mitigation_linked_techniques": 5, "evidence_count": 22 }, { "id": "AML.TA0006", "name": "Persistence", "technique_count": 9, "subtechnique_count": 0, "case_study_count": 12, "mitigation_linked_techniques": 4, "evidence_count": 21 }, { "id": "AML.TA0013", "name": "Credential Access", "technique_count": 6, "subtechnique_count": 0, "case_study_count": 12, "mitigation_linked_techniques": 2, "evidence_count": 18 }, { "id": "AML.TA0012", "name": "Privilege Escalation", "technique_count": 4, "subtechnique_count": 0, "case_study_count": 11, "mitigation_linked_techniques": 2, "evidence_count": 15 }, { "id": "AML.TA0009", "name": "Collection", "technique_count": 4, "subtechnique_count": 0, "case_study_count": 10, "mitigation_linked_techniques": 2, "evidence_count": 14 }, { "id": "AML.TA0014", "name": "Command and Control", "technique_count": 3, "subtechnique_count": 0, "case_study_count": 5, "mitigation_linked_techniques": 0, "evidence_count": 8 }, { "id": "AML.TA0015", "name": "Lateral Movement", "technique_count": 2, "subtechnique_count": 0, "case_study_count": 2, "mitigation_linked_techniques": 1, "evidence_count": 4 } ], "top_techniques": [ { "id": "AML.T0053", "name": "AI Agent Tool Invocation", "maturity": "demonstrated", "kind": "technique", "tactic_ids": [ "AML.TA0005", "AML.TA0012" ], "mitigation_count": 11, "case_study_count": 14 }, { "id": "AML.T0015", "name": "Evade AI Model", "maturity": "realized", "kind": "technique", "tactic_ids": [ "AML.TA0004", "AML.TA0007", "AML.TA0011" ], "mitigation_count": 6, "case_study_count": 17 }, { "id": "AML.T0065", "name": "LLM Prompt Crafting", "maturity": "realized", "kind": "technique", "tactic_ids": [ "AML.TA0003" ], "mitigation_count": 0, "case_study_count": 18 }, { "id": "AML.T0051.001", "name": "Indirect", "maturity": "demonstrated", "kind": "subtechnique", "tactic_ids": [], "mitigation_count": 2, "case_study_count": 13 }, { "id": "AML.T0047", "name": "AI-Enabled Product or Service", "maturity": "realized", "kind": "technique", "tactic_ids": [ "AML.TA0000" ], "mitigation_count": 1, "case_study_count": 13 }, { "id": "AML.T0086", "name": "Exfiltration via AI Agent Tool Invocation", "maturity": "realized", "kind": "technique", "tactic_ids": [ "AML.TA0010" ], "mitigation_count": 8, "case_study_count": 5 }, { "id": "AML.T0048.003", "name": "User Harm", "maturity": "realized", "kind": "subtechnique", "tactic_ids": [], "mitigation_count": 0, "case_study_count": 12 }, { "id": "AML.T0051.000", "name": "Direct", "maturity": "realized", "kind": "subtechnique", "tactic_ids": [], "mitigation_count": 2, "case_study_count": 10 }, { "id": "AML.T0042", "name": "Verify Attack", "maturity": "demonstrated", "kind": "technique", "tactic_ids": [ "AML.TA0001" ], "mitigation_count": 4, "case_study_count": 7 }, { "id": "AML.T0048.000", "name": "Financial Harm", "maturity": "realized", "kind": "subtechnique", "tactic_ids": [], "mitigation_count": 0, "case_study_count": 10 }, { "id": "AML.T0017", "name": "Develop Capabilities", "maturity": "realized", "kind": "technique", "tactic_ids": [ "AML.TA0003" ], "mitigation_count": 0, "case_study_count": 9 }, { "id": "AML.T0000", "name": "Search Open Technical Databases", "maturity": "demonstrated", "kind": "technique", "tactic_ids": [ "AML.TA0002" ], "mitigation_count": 1, "case_study_count": 8 } ], "top_mitigations": [ { "id": "AML.M0024", "name": "AI Telemetry Logging", "category": [ "Technical - Cyber" ], "ml_lifecycle": [ "Deployment", "Monitoring and Maintenance" ], "technique_count": 17 }, { "id": "AML.M0004", "name": "Restrict Number of AI Model Queries", "category": [ "Technical - Cyber" ], "ml_lifecycle": [ "Business and Data Understanding", "Deployment", "Monitoring and Maintenance" ], "technique_count": 16 }, { "id": "AML.M0005", "name": "Control Access to AI Models and Data at Rest", "category": [ "Policy" ], "ml_lifecycle": [ "Business and Data Understanding", "Data Preparation", "ML Model Engineering", "ML Model Evaluation" ], "technique_count": 13 }, { "id": "AML.M0002", "name": "Passive AI Output Obfuscation", "category": [ "Technical - ML" ], "ml_lifecycle": [ "Deployment", "ML Model Evaluation" ], "technique_count": 11 }, { "id": "AML.M0006", "name": "Use Ensemble Methods", "category": [ "Technical - ML" ], "ml_lifecycle": [ "ML Model Engineering" ], "technique_count": 11 }, { "id": "AML.M0019", "name": "Control Access to AI Models and Data in Production", "category": [ "Policy" ], "ml_lifecycle": [ "Deployment", "Monitoring and Maintenance" ], "technique_count": 11 }, { "id": "AML.M0015", "name": "Adversarial Input Detection", "category": [ "Technical - ML" ], "ml_lifecycle": [ "Data Preparation", "Deployment", "ML Model Engineering", "ML Model Evaluation", "Monitoring and Maintenance" ], "technique_count": 9 }, { "id": "AML.M0003", "name": "Model Hardening", "category": [ "Technical - ML" ], "ml_lifecycle": [ "Data Preparation", "ML Model Engineering" ], "technique_count": 8 }, { "id": "AML.M0008", "name": "Validate AI Model", "category": [ "Technical - ML" ], "ml_lifecycle": [ "ML Model Evaluation", "Monitoring and Maintenance" ], "technique_count": 8 }, { "id": "AML.M0010", "name": "Input Restoration", "category": [ "Technical - ML" ], "ml_lifecycle": [ "Data Preparation", "Deployment", "ML Model Evaluation", "Monitoring and Maintenance" ], "technique_count": 8 }, { "id": "AML.M0013", "name": "Code Signing", "category": [ "Technical - Cyber" ], "ml_lifecycle": [ "Deployment" ], "technique_count": 8 }, { "id": "AML.M0020", "name": "Generative AI Guardrails", "category": [ "Technical - ML" ], "ml_lifecycle": [ "Deployment", "ML Model Engineering", "ML Model Evaluation" ], "technique_count": 8 } ], "top_case_studies": [ { "id": "AML.CS0017", "name": "Bypassing ID.me Identity Verification", "case_study_type": "incident", "tactic_count": 3, "technique_count": 3, "procedure_count": 3, "reference_count": 7 }, { "id": "AML.CS0047", "name": "Code to Deploy Destructive AI Agent Discovered in Amazon Q VS Code Extension", "case_study_type": "incident", "tactic_count": 5, "technique_count": 7, "procedure_count": 7, "reference_count": 5 }, { "id": "AML.CS0016", "name": "Achieving Code Execution in MathGPT via Prompt Injection", "case_study_type": "exercise", "tactic_count": 7, "technique_count": 9, "procedure_count": 9, "reference_count": 4 }, { "id": "AML.CS0028", "name": "AI Model Tampering via Supply Chain Attack", "case_study_type": "exercise", "tactic_count": 6, "technique_count": 9, "procedure_count": 9, "reference_count": 4 }, { "id": "AML.CS0023", "name": "ShadowRay", "case_study_type": "incident", "tactic_count": 6, "technique_count": 7, "procedure_count": 7, "reference_count": 4 }, { "id": "AML.CS0030", "name": "LLM Jacking", "case_study_type": "incident", "tactic_count": 6, "technique_count": 6, "procedure_count": 7, "reference_count": 4 }, { "id": "AML.CS0022", "name": "ChatGPT Package Hallucination", "case_study_type": "exercise", "tactic_count": 6, "technique_count": 6, "procedure_count": 6, "reference_count": 4 }, { "id": "AML.CS0008", "name": "ProofPoint Evasion", "case_study_type": "exercise", "tactic_count": 4, "technique_count": 5, "procedure_count": 5, "reference_count": 4 }, { "id": "AML.CS0009", "name": "Tay Poisoning", "case_study_type": "incident", "tactic_count": 4, "technique_count": 4, "procedure_count": 4, "reference_count": 4 }, { "id": "AML.CS0026", "name": "Financial Transaction Hijacking with M365 Copilot as an Insider", "case_study_type": "exercise", "tactic_count": 10, "technique_count": 14, "procedure_count": 14, "reference_count": 3 }, { "id": "AML.CS0005", "name": "Attack on Machine Translation Services", "case_study_type": "exercise", "tactic_count": 5, "technique_count": 9, "procedure_count": 9, "reference_count": 3 }, { "id": "AML.CS0034", "name": "ProKYC: Deepfake Tool for Account Fraud Attacks", "case_study_type": "incident", "tactic_count": 7, "technique_count": 8, "procedure_count": 9, "reference_count": 3 } ] }