- Maintained by
- MITRE
- Full name
- Adversarial Threat Landscape for Artificial-Intelligence Systems
- Format
- An ATT&CK-style matrix of adversary tactics and techniques
- Covers
- Attacks across the AI / ML lifecycle
- Example techniques
- Prompt injection, data poisoning, model evasion, model extraction
- Best for
- Threat modeling and red-teaming AI systems
01What it is
MITRE ATLAS is a knowledge base of real-world adversary tactics and techniques targeting AI and machine-learning systems. Modeled on the widely used MITRE ATT&CK framework, it gives security teams a shared vocabulary and a structured map for how AI systems actually get attacked — from reconnaissance through impact.
02What it covers
ATLAS catalogs techniques across the AI lifecycle: poisoning training data, evading or manipulating model outputs, extracting a model or the data behind it, and the prompt-injection and jailbreak techniques that target large language models. Each entry describes how an adversary operates and how defenders can detect and mitigate it.
03Why it matters
As AI moves into production, “is our model accurate?” is no longer the only question — “does it hold up under an adversary?” matters just as much. ATLAS turns adversarial AI from an abstract worry into a concrete, testable set of scenarios you can actually exercise.
04How RedOps uses it
We map adversarial tests of your AI systems to ATLAS techniques, so findings arrive as a structured, prioritized threat picture — and feed directly into your NIST AI RMF and ISO 42001 governance rather than landing as a disconnected report.
05What RedOps delivers
RedOps puts your AI under adversarial pressure and turns what breaks into a prioritized plan.
- An AI threat model mapped to MITRE ATLAS techniques
- Adversarial testing — prompt injection, poisoning, evasion, extraction
- Prioritized findings with concrete remediation guidance
- Integration of results into your AI governance program
- A re-test to validate that fixes actually hold