Living Governance

Main View

AI Security Framework Coverage

Only 2 of 7 frameworks ready for AI threats • 5 lack adequate coverage

Expired - review required

#1OWASP GenAI Security Projectactive

100%

#2MITRE ATLASactive

75%

#3ISO/IEC 42001:2023 AI Management Systemsapplicable

35%

Published before agentic AI emergence

#4NIST AI Risk Management Frameworkapplicable

25%

No agentic AI content

#5CIS Controlsno guidance

25%

No AI or ML security coverage

#6ISO/IEC DIS 27090 (Draft)no guidance

Draft International Standard - voting closes July 2025

#7MITRE ATT&CKno guidance

Traditional IT focus only

Evaluated by @tsynode • Aug 10

Methodology View

AI Security Framework Coverage

Evaluation Methodology

OWASPATLASISO42kNISTCISATT&CKISO27k

Threat Identification

40 points

• Memory attacks✓✗✗✗✗✗?

• Tool/API abuse✓✓✗✗✗✗?

• Privilege escalation✓✓✗✗✗✗?

• Multi-agent threats✓✗✗✗✗✗?

• Temporal behaviors✓✗✗✗✗✗?

• Human manipulation✓✓✗✗✗✗?

• Communication poisoning✓✓✗✗✗✗?

• Identity/auth threats✓✓✗✗✗✗?

Subtotal (40 pts)40/4025/400/400/400/400/40Draft

Practical Guidance

30 points

• Clear patterns✓✓✓✓✓✗?

• Specific tools✓✗✗✗✗✗?

• Checklists✓✗✓✓✓✗?

• Architecture diagrams✓✓✗✗✗✗?

• Step-by-step instructions✓✗✓✓✓✗?

Subtotal (30 pts)30/3015/3020/3020/3020/300/30Draft

Evidence Quality

20 points

• Credible research✓✓✓✓✓✗?

• Real incidents✓✓✗✗✓✗?

• Attack patterns✓✓✗✗✗✗?

• Detection guidance✓✓✓✗✗✗?

Subtotal (20 pts)20/2020/2010/205/2010/200/20Draft

Completeness

10 points

• Detection methods✓✓✗✗✗✗?

• Response procedures✓✗✗✗✗✗?

Subtotal (10 pts)10/105/100/100/100/100/10Draft

Total Score (100 pts)100753525250?

Frameworks (ranked)OWASPATLASISO42kNISTCISATT&CKISO27k

✓ = Criteria met | ✗ = Criteria not met | ? = Unknown

Scores out of 100 points total. Ranked from highest to lowest coverage.

ISO27k (ISO/IEC 27090) is draft - content not available.

Navigate views using the icons at the bottom

AI Security Framework Coverage

Only 2 of 7 frameworks ready for AI threats • 5 lack adequate coverage

Expired - review required

#1OWASP GenAI Security Projectactive

100%

#2MITRE ATLASactive

75%

#3ISO/IEC 42001:2023 AI Management Systemsapplicable

35%

Published before agentic AI emergence

#4NIST AI Risk Management Frameworkapplicable

25%

No agentic AI content

#5CIS Controlsno guidance

25%

No AI or ML security coverage

#6ISO/IEC DIS 27090 (Draft)no guidance

Draft International Standard - voting closes July 2025

#7MITRE ATT&CKno guidance

Traditional IT focus only

Evaluated by @tsynode • Aug 10