Compliance / MITRE ATLAS

MITRE ATLAS Compliance Mapping

MITRE ATLAS is the adversarial threat landscape for AI systems, structured similarly to MITRE ATT&CK with tactics and techniques specific to ML.

Last reviewed June 2026

Problem

Why MITRE ATLAS evidence is hard

Auditors arrive with the framework control list. Security teams arrive with a finding list. Without a pre-computed mapping, every finding requires manual translation.

How Penaxtra approaches it

How Penaxtra maps to MITRE ATLAS

Penaxtra probe families map to ATLAS techniques across AML.TA0001 (reconnaissance) through AML.TA0011 (collection), with concentration on AML.T0051 (LLM prompt injection variants).

Technical capabilities

MITRE ATLAS capabilities

Every finding carries the ATLAS technique identifier and the supporting sub-technique where applicable

.

Audit-ready PDF export with control IDs attached

JSON export for GRC ticketing systems

Configurable audit retention from 1 day to 10 years

Cross-framework overlaps reduce duplicate evidence collection

Compliance mapping

MITRE ATLAS control coverage

A jailbreak probe that bypasses model guardrails via persona-shift is tagged AML.T0054 (LLM jailbreak) and the underlying CWE for insufficient guardrail evaluation.

Controls

Controls in this framework

Each control has a dedicated page: what it covers and how Penaxtra tests and evidences it.

AML.T0024 Exfiltration via LLM Inference AML.T0034 Cost Harvesting AML.T0040 ML Model Inference API Access AML.T0043 Craft Adversarial Data AML.T0046 Spamming ML System with Chaff Data AML.T0048 Backdoor ML Model AML.T0051 LLM Prompt Injection AML.T0053 LLM Plugin Compromise AML.T0054 LLM Jailbreak AML.T0055 Unsecured Credentials
Related

Explore further

Compliance overview Audit Evidence Export

Request a demo

Scoped walkthrough of the Compliance / MITRE ATLAS surface against your environment. No credit card.

Request a demo Explore AI-SPM platform