AI Threat Alert

What is MITRE ATLAS?

MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) is a publicly available knowledge base of the tactics and techniques adversaries use against AI and machine-learning systems. Maintained by MITRE and modeled on MITRE ATT&CK, it gives security teams a shared framework for understanding, communicating, and defending against AI-specific attacks.

How is MITRE ATLAS structured?

ATLAS uses the same tactics-and-techniques model as MITRE ATT&CK. Tactics represent the adversary's goals — the columns of the matrix — and techniques are the specific methods used to achieve each goal. The matrix spans the full attack lifecycle:

  • Reconnaissance and Resource Development — gathering information and capabilities to target an AI system.
  • ML Model Access — an ATLAS-specific tactic covering how adversaries reach a model, from API access to full white-box access.
  • ML Attack Staging — another ATLAS-specific tactic for preparing attacks such as crafting adversarial inputs or proxy models.
  • Execution, Exfiltration, and Impact — carrying out the attack and achieving the adversary's objective.

Each technique carries an identifier (in the AML.Txxxx format) and links to documented case studies. The ATLAS landscape report shows how the AI/ML CVEs tracked on AI Threat Alert distribute across these techniques.

How does MITRE ATLAS differ from MITRE ATT&CK?

MITRE ATT&CK catalogues adversary behaviour against traditional enterprise IT. MITRE ATLAS extends that model to the machine-learning attack surface — covering threats that have no direct equivalent in ATT&CK, such as:

  • Model poisoning — corrupting training data or the model itself.
  • Evasion — crafting adversarial inputs that cause misclassification.
  • Model extraction — stealing a model's parameters or behaviour through queries.
  • Prompt injection — manipulating an LLM through crafted input.

The two frameworks are complementary: ATLAS reuses ATT&CK tactics where they apply and adds ML-specific tactics and techniques where they do not.

How does AI Threat Alert map CVEs to MITRE ATLAS?

A list of CVEs tells you what is broken; ATLAS tells you what an adversary can do with it. AI Threat Alert maps tracked AI/ML vulnerabilities to the ATLAS techniques they enable, so a security team can see which adversary behaviours their stack is exposed to — not just which packages have open advisories. Browse the live threat feed or the ATLAS landscape report to see the mappings in practice.

Frequently asked questions

What is MITRE ATLAS?

MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) is a publicly available knowledge base of adversary tactics and techniques targeting AI and machine-learning systems, maintained by MITRE. It is modeled on MITRE ATT&CK and documents how real attacks against ML systems are carried out, from reconnaissance through impact.

How is MITRE ATLAS structured?

ATLAS uses the same tactics-and-techniques model as MITRE ATT&CK. Tactics are the adversary’s goals (the columns of the matrix) and techniques are the specific methods used to achieve them. ATLAS adds tactics specific to machine learning, such as ML Model Access and ML Attack Staging, alongside familiar tactics like Reconnaissance, Execution, and Exfiltration.

How does MITRE ATLAS differ from MITRE ATT&CK?

ATT&CK catalogues adversary behaviour against traditional enterprise IT. ATLAS extends that model to the AI/ML attack surface — covering threats such as model poisoning, evasion, model extraction, and prompt injection that have no direct equivalent in ATT&CK. The two are complementary: ATLAS reuses ATT&CK tactics where they apply and adds ML-specific ones where they do not.

Who maintains MITRE ATLAS?

ATLAS is maintained by MITRE and developed with contributions from industry and academia. It is published openly at atlas.mitre.org, including a matrix of tactics and techniques and case studies of documented attacks against AI systems.

How can I use MITRE ATLAS for AI threat intelligence?

ATLAS gives security teams a shared vocabulary for AI threats and a checklist of adversary techniques to defend against. Mapping the vulnerabilities in your AI/ML stack to ATLAS techniques turns a list of CVEs into a view of which adversary behaviours your environment is exposed to.

Sources: MITRE ATLAS (atlas.mitre.org), MITRE ATT&CK.