AVE v1.0.0 — Release notes
Date: 2026-06-18
Tag: v1.0.0
Schema: ave-record-1.0.0.schema.json
Registry: https://ave.bawbel.io
Repo: https://github.com/bawbel/ave
The first stable release of the AVE standard
AVE (Agentic Vulnerability Enumeration) is an open behavioral vulnerability standard for agentic AI components — skill files, MCP servers, plugins, and agent tools. v1.0.0 is the first production-ready release: canonical schema, 48 published records, a public registry, crosswalks to the tools the field already uses, and a complete governance structure for the open-source community.
Records
48 records published. The full record set covers attack classes from prompt injection and credential exfiltration through rug-pull, cross-app escalation, MCP tool hook hijacking, and unsafe agent delegation chains.
| Severity | Count |
|---|---|
| CRITICAL | 1 |
| HIGH | 6 |
| MEDIUM | 39 |
| LOW | 2 |
GitHub templates updated:
- Pull request template — v1.0.0 schema, fixture requirement, no stale SPEC.md refs
ave_submissionissue template — issue-first workflow, variant vs new class checkave_false_positive,ave_schema_change,ave_bug_reportissue templates
Fixture and test infrastructure
tests/fixtures/ and rules/ are the intended locations for detection
rules and positive/negative test fixtures per record. The test runner design
is documented in the codebase (tests/test_fixtures.py pattern using pytest
parametrize over fixture pairs). Fixtures for the 48 records will be added
in v1.1 alongside the schema migration.
What does not change between releases
- Published
ave_idvalues are permanent - The
$idURL for schema v1.0.0 is permanent:https://ave.bawbel.io/schema/ave-record-1.0.0.schema.json spec_version: "0.8"in the AIVSS object (a constant, not versioned by AVE)