Add ATR (Agent Threat Rules) β open-source detection rules for MCP threats#87
Open
eeee2345 wants to merge 2 commits intoPuliczek:mainfrom
Open
Add ATR (Agent Threat Rules) β open-source detection rules for MCP threats#87eeee2345 wants to merge 2 commits intoPuliczek:mainfrom
eeee2345 wants to merge 2 commits intoPuliczek:mainfrom
Conversation
Author
|
Hi! Friendly follow-up on this PR. As a recent update, ATR detection rules have been merged into Cisco AI Defense (PR #79, cisco-ai-defense/skill-scanner), adding enterprise-level adoption as validation. Let me know if there's anything I should update in the PR. Thanks! |
Author
|
Updated since submission: ATR now at 108 rules (v1.1.1), 53K+ skills scanned, 0% FP. Cisco AI Defense ships 34 ATR rules in production. Ready for review. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update (April 2026)
ATR has grown significantly since this PR was first submitted:
npm install agent-threat-rules && npx atr scan .What is ATR?
Agent Threat Rules (ATR) is an open-source set of detection rules for AI agent security threats β like YARA/Sigma rules, but for MCP and LLM tool-calling attacks.
Key stats
Why it fits this list
ATR provides the detection layer that complements the MCP security tools already listed here. While other tools focus on runtime protection or auditing, ATR gives the community a shared set of threat patterns that any tool can import and use.
Ecosystem scan
We scanned 36,394 ClawHub skills using ATR β found 182 CRITICAL / 1,124 HIGH findings. Full report: https://panguard.ai/research/mcp-ecosystem-scan