V1·DATA V2·MODEL V3·LLM V4·SUPPLY V5·PIPELINE V6·INFRA V7·GOV
MLASTG is an open framework for verifying the security of ML and LLM systems — 168 testable controls mapped to MITRE ATLAS, NIST AI RMF, and the OWASP AI guidance, with step-by-step test cases and executable harnesses.
The model
A standard to verify against, a guide to test with, and a shared vocabulary for what goes wrong.
What to verify — 168 controls across 7 categories, at L1 (Standard) and L2 (Defense-in-Depth).
Read the standard → MLASTGHow to test — step-by-step procedures, tooling, and Python harnesses mapped to every control.
Open the methodology → MLASWEWhat goes wrong — 13 ML/LLM weakness classes for consistent classification of findings.
Browse weaknesses →Why ML is different
The same risk classes, expressed in a way traditional testing was never built to reach.
Coverage
91 baseline controls and 77 defense-in-depth controls, each mapped to MITRE ATLAS.
Provenance, sanitization, differential privacy, access control.
Adversarial robustness, extraction/inversion, backdoor detection.
Prompt injection, output handling, agency, context isolation.
ML-SBOM, base-model vetting, dependency scanning.
CI/CD, feature stores, model registries, artifact integrity.
Serving security, API security, monitoring, response.
Risk governance, bias/fairness, audit logging, regulation.
Full category breakdown with ATLAS mappings and assurance levels.
Alignment
Pick your applicable controls, follow the methodology, and track progress against all 168 controls.