Lattice
Workspace
ATLAS · Adversarial threat matrix

The threats that target AI itself.

MITRE ATLAS catalogs adversary tactics and techniques used against machine-learning systems. Lattice indexes a curated, version-pinned slice and links each technique to candidate mitigations and to the risk-management functions that should respond.

8 tactics13 techniques12 mitigationsPinned Pinned 2026.Q1

Scope and editorial policy

ATLAS is a security-scoped reference, not an ethics or rights framework. Lattice version-pins ATLAS content; new techniques are promoted only after editorial review. Mitigations listed are candidates, not prescriptions.

SourceMITRE
Version: Pinned 2026.Q1Last reviewed: 2026-05-02
AML.TA0002
Reconnaissance
AML.TA0003
Resource Development
AML.TA0004
ML Model Access
AML.TA0005
Execution
AML.TA0006
Persistence
AML.TA0007
Defense Evasion
AML.TA0010
Exfiltration
AML.TA0011
Impact

Mitigation catalog

Candidate mitigations published in the pinned ATLAS release. Pair with NIST AI RMF MANAGE for selection and resourcing.

  • Adversarial training
    AML.M0014

    Train models on adversarial examples or with robust optimization to reduce sensitivity to crafted inputs.

    model
  • Input restriction & validation
    AML.M0015

    Restrict the format, length, and content of inputs; validate against schemas; reject anomalous inputs.

    deployment
  • Restrict number of model queries
    AML.M0004

    Apply per-user or per-key rate limits and monitor for query-volume anomalies indicative of probing.

    deployment
  • Output perturbation
    AML.M0006

    Add noise or rounding to outputs (probabilities, scores) to reduce information leak.

    deployment
  • Differential privacy training
    AML.M0010

    Train with formal differential privacy guarantees to bound the influence of any single training record.

    model
  • Validate training data
    AML.M0007

    Inspect training data for poisoning indicators; quarantine untrusted sources; statistical outlier checks.

    data
  • Model and data provenance
    AML.M0008

    Cryptographically sign and verify training data, model weights, and updates across the supply chain.

    datamodeldeployment
  • Model scanning for backdoors
    AML.M0011

    Run trigger-detection and behavior-analysis tools on models before deployment, especially for third-party models.

    model
  • Prompt and content isolation
    AML.M0017

    Separate untrusted retrieved content from instruction context; enforce structured tool-call boundaries.

    deployment
  • Content filtering
    AML.M0018

    Apply input and output filters for known unsafe categories, with monitoring of bypass attempts.

    deploymentmonitoring
  • Tool-use allowlisting
    AML.M0019

    Constrain agent tool calls to a vetted allowlist; require human approval for high-impact actions.

    deployment
  • Disclosure discipline
    AML.M0020

    Limit publication of model architecture details, training data sources, and operational specifics that aid reconnaissance.

    framingdeployment

Command palette

Search frameworks, systems, glossary, and pages