Skip to content

Community detection rules integration — ATR (108 rules, shipped in Cisco AI Defense) #901

Open
#908
Open
Community detection rules integration — ATR (108 rules, shipped in Cisco AI Defense)#901
#908
Labels
enhancementNew feature or request
@eeee2345

Description

@eeee2345
eeee2345
opened on Apr 8, 2026

Hi team,

ATR (Agent Threat Rules) maintains 108 open-source detection rules for AI agent threats — same rules that Cisco AI Defense ships in production (cisco-ai-defense/skill-scanner#79). We'd like to contribute these to Agent Governance Toolkit.

We noticed mcp-security.yaml has 51 detection patterns across 7 categories. ATR covers 9 categories with 87 high-confidence patterns tested on 53,577 real-world MCP skills (0% FP on clean content).

What ATR covers:

  • Prompt injection (10 patterns)
  • Tool poisoning (10 patterns)
  • Credential exfiltration (10 patterns)
  • Skill supply chain (10 patterns)
  • Agent manipulation (10 patterns)
  • Privilege escalation (10 patterns)
  • Excessive autonomy (10 patterns)
  • Data poisoning (10 patterns)
  • Model abuse (7 patterns)

Questions before we submit a PR:

  1. Would you prefer we enhance mcp-security.yaml or add a separate policy file?
  2. Any format requirements beyond the existing detection_patterns schema?
  3. We'd love to discuss ongoing community rule maintenance — would you be open to ATR as an upstream source for detection patterns?

Happy to adjust to whatever approach works best for your architecture.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions