跳转至

V1·DATA  V2·MODEL  V3·LLM  V4·SUPPLY  V5·PIPELINE  V6·INFRA  V7·GOV

Security testing for the
machine-learning attack surface

MLASTG is an open framework for verifying the security of ML and LLM systems — 168 testable controls mapped to MITRE ATLAS, NIST AI RMF, and the OWASP AI guidance, with step-by-step test cases and executable harnesses.

168 controls 7 categories 13 weakness classes 7 frameworks aligned
0 Verifiable controls
0 L1 — Standard
0 L2 — Defense-in-Depth
0 Weakness classes

The model

Three layers, one assessment

A standard to verify against, a guide to test with, and a shared vocabulary for what goes wrong.

Why ML is different

A new attack surface app-security can't cover

The same risk classes, expressed in a way traditional testing was never built to reach.

Risk classTraditional softwareML systems
Input manipulationSQL injection, XSSAdversarial perturbations, prompt injection
Data corruptionConfig tamperingTraining-data poisoning, backdoors
IP theftSource exfiltrationModel extraction & inversion
Supply chainVulnerable librariesCompromised base models, poisoned datasets
Logic exploitationBusiness-logic flawsBias exploitation, adversarial triggers

Coverage

Seven control categories

91 baseline controls and 77 defense-in-depth controls, each mapped to MITRE ATLAS.

Alignment

Cross-referenced with the frameworks you already report to

Start your ML security assessment

Pick your applicable controls, follow the methodology, and track progress against all 168 controls.