What is MITRE ATT&CK?

MITRE ATT&CK is a globally recognised knowledge base of adversary tactics and techniques based on real-world observations. It helps organisations understand how attackers operate, common attack paths, detection opportunities, security control gaps, and threat hunting methodologies.

The framework categorises attacks into Initial Access, Execution, Persistence, Privilege Escalation, Defence Evasion, Credential Access, Discovery, Lateral Movement, and Impact. Security teams use ATT&CK to improve SOC operations, SIEM detections, threat intelligence, purple teaming, and security architecture.

MITRE ATT&CK vs MITRE ATLAS — Threat-Informed Defence ATT&CK covers traditional cyber threats · ATLAS extends coverage to AI/ML system attacks MITRE ATT&CK Scope: Traditional cyber attack techniques Target: IT systems · Cloud · OT · Mobile 14 Tactics · 200+ Techniques · 400+ Sub-techniques Key tactics covered: Reconnaissance · Initial Access · Execution Privilege Escalation · Defence Evasion · C2 Lateral Movement · Exfiltration · Impact Used for: Red team planning · Detection engineering BAS scenario mapping · SIEM rule alignment Threat hunting · SOC coverage measurement BreachForge BAS maps all 10 scenarios to ATT&CK techniques — 154 atomics validated attack.mitre.org · Enterprise matrix MITRE ATLAS Scope: Adversarial attacks on AI/ML systems Target: ML models · Training pipelines · APIs 12 Tactics · 60+ Techniques · Growing repository Key tactics covered: ML Model Access · ML Attack Staging Reconnaissance · Initial Access (AI-specific) Exfiltration · Impact on AI systems Used for: AI red teaming · LLM security assessment Model risk classification · SABSA AI layer EU AI Act compliance · RAG pipeline security ATLAS complements ATT&CK — use both for organisations deploying AI/ML workloads atlas.mitre.org · AI threat library Use ATT&CK for your security operations baseline · Layer ATLAS on top for any AI/ML workload Both are living frameworks updated regularly · BAS validates ATT&CK coverage · saleemyousaf.co.uk
// MITRE ATT&CK vs MITRE ATLAS — threat-informed defence for traditional and AI/ML attack surfaces

What is MITRE ATLAS?

MITRE ATLAS extends the ATT&CK concept into AI-enabled systems and modern cloud environments. ATLAS maps adversarial AI techniques, data source visibility, detection telemetry, security mitigations, and control validation. It connects what attackers do with how defenders detect and stop it. This makes ATLAS highly valuable for cloud security, AI security, SaaS environments, identity-centric architectures, and modern enterprise platforms.

Why These Frameworks Matter

Modern attacks rarely target a single system. Attackers move across cloud environments, identity platforms, SaaS applications, APIs, endpoints, and AI models. By combining MITRE ATT&CK and MITRE ATLAS, organisations can map adversary behaviour to telemetry, improve visibility, prioritise detections, strengthen controls, reduce dwell time, and improve resilience.

Map SIEM telemetry to ATT&CK techniques and identify coverage gaps
Understand attacker progression and contain threats faster
Validate AWS, Azure, and SaaS monitoring capabilities
Build security architectures around real attack behaviour
Translate technical threats into executive risk visibility
Align detection engineering with real adversary techniques
MITRE ATT&CK and MITRE ATLAS provide a common language that aligns security operations, threat intelligence, cloud security, governance, detection engineering, and executive risk management.
Back to all articlesAI Security Assessment Blueprint