Living Governance

Main View

AI Security Framework Coverage

Only 2 of 7 frameworks ready for AI threats • 5 lack adequate coverage

Fresh - high confidence

#1OWASP GenAI Security Projectactive

100%

#2MITRE ATLASactive

90%

#3ISO/IEC 42001:2023 AI Management Systemsapplicable

35%

Published before agentic AI emergence

#4NIST AI Risk Management Frameworkapplicable

30%

Core AI RMF still lacks agentic AI content

#5CIS Controlsno guidance

25%

No AI or ML security coverage

#6ISO/IEC DIS 27090 (Draft)no guidance

DIS stage - publication expected May 2026

#7MITRE ATT&CKno guidance

Only T1588.007 (Obtain Capabilities: AI) — no agentic AI coverage

Evaluated by @tsynode • Feb 20 • Review in 89 days

Methodology View

AI Security Framework Coverage

Evaluation Methodology

OWASPATLASISO42kNISTCISATT&CKISO27k

Threat Identification

40 points

• Memory attacks✓✓✗✗✗✗?

• Tool/API abuse✓✓✗✗✗✗?

• Privilege escalation✓✓✗✗✗✗?

• Multi-agent threats✓✓✗✗✗✗?

• Temporal behaviors✓✗✗✗✗✗?

• Human manipulation✓✓✗✗✗✗?

• Communication poisoning✓✓✗✗✗✗?

• Identity/auth threats✓✓✗✗✗✗?

Subtotal (40 pts)40/4035/400/400/400/400/40Draft

Practical Guidance

30 points

• Clear patterns✓✓✓✓✓✗?

• Specific tools✓✓✗✗✗✗?

• Checklists✓✗✓✓✓✗?

• Architecture diagrams✓✓✗✗✗✗?

• Step-by-step instructions✓✓✓✓✓✗?

Subtotal (30 pts)30/3025/3020/3020/3020/300/30Draft

Evidence Quality

20 points

• Credible research✓✓✓✓✓✗?

• Real incidents✓✓✗✗✓✗?

• Attack patterns✓✓✗✗✗✗?

• Detection guidance✓✓✓✓✗✗?

Subtotal (20 pts)20/2020/2010/2010/2010/200/20Draft

Completeness

10 points

• Detection methods✓✓✗✗✗✗?

• Response procedures✓✓✗✗✗✗?

Subtotal (10 pts)10/1010/100/100/100/100/10Draft

Total Score (100 pts)100903530250?

Frameworks (ranked)OWASPATLASISO42kNISTCISATT&CKISO27k

✓ = Criteria met | ✗ = Criteria not met | ? = Unknown

Scores out of 100 points total. Ranked from highest to lowest coverage.

ISO27k (ISO/IEC 27090) is draft - content not available.

Navigate views using the icons at the bottom

AI Security Framework Coverage

Only 2 of 7 frameworks ready for AI threats • 5 lack adequate coverage

Fresh - high confidence

#1OWASP GenAI Security Projectactive

100%

#2MITRE ATLASactive

90%

#3ISO/IEC 42001:2023 AI Management Systemsapplicable

35%

Published before agentic AI emergence

#4NIST AI Risk Management Frameworkapplicable

30%

Core AI RMF still lacks agentic AI content

#5CIS Controlsno guidance

25%

No AI or ML security coverage

#6ISO/IEC DIS 27090 (Draft)no guidance

DIS stage - publication expected May 2026

#7MITRE ATT&CKno guidance

Only T1588.007 (Obtain Capabilities: AI) — no agentic AI coverage

Evaluated by @tsynode • Feb 20 • Review in 89 days