Skip to content

A — ATLAS Tactics Quick Reference

Jump to bottom
Dean Bushmiller edited this page Jun 9, 2026 · 8 revisions

Tactic - What the adversary is trying to do
Reconnaissance Gather information about the AI system, its data, its architecture
Resource Development Build or acquire the tools, infrastructure, datasets, or proxy models needed
Initial Access Gain a foothold — via supply chain, prompt injection, exploit, or valid account
Ai Model Access Reach the model directly (API, on-device, physical environment)
Execution Run adversary-controlled code or instructions on the system
Persistence Maintain access across sessions, restarts, or model retrainings
Privilege Escalation Gain higher privileges within the AI system or its host
Defense Evasion Avoid detection by guardrails, classifiers, or human reviewers
Credential Access Steal credentials usable against the AI system or its surrounding infrastructure
Discovery Learn about the AI system from inside (model family, ontology, system prompt)
Collection Gather data of interest — training data, system prompts, conversation history
Ai Attack Staging Prepare the adversarial payload (craft adversarial examples, train poisoned models)
Command and Control (For agentic systems) Direct ongoing behavior of compromised AI agents
Exfiltration Steal data out — through the inference API, side channels, or stolen artifacts
Impact The end goal — integrity erosion, IP theft, denial of service, fraud, harm

How to use this reference

When mapping a known AI incident to the matrix:

  1. Read the incident summary and walk through the adversary's actions in approximate chronological order.
  2. For each action, pick the closest tactic above.
  3. Drill into techniques under that tactic to find the specific AML.TXXXX ID.
  4. Capture the end state under Impact — that's the answer to "what did they actually get".

The same matrix is used in reverse for defensive coverage analysis. Walk the tactics, list current controls under each, and the gaps are where the next investment goes.

Section 2 Assignment

Just read your case study based upon your team

1 Clearview Ai Compromise
2 AI ClickFix
3 ChatGPT Plugin Privacy Leak
4 PoisonGPT
5 Tay Poisoning

Extra Advanced Grok Morse Code Crypto Heist

Clone this wiki locally