@blamejs/exceptd-skills 0.12.38 → 0.12.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +62 -0
- package/bin/exceptd.js +6 -1
- package/data/_indexes/_meta.json +3 -3
- package/data/_indexes/chains.json +2794 -800
- package/data/framework-control-gaps.json +92 -189
- package/lib/framework-gap.js +13 -3
- package/manifest-snapshot.json +1 -1
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +44 -44
- package/orchestrator/index.js +6 -1
- package/package.json +1 -1
- package/sbom.cdx.json +17 -17
- package/scripts/refresh-reverse-refs.js +29 -3
|
@@ -63,9 +63,7 @@
|
|
|
63
63
|
"real_requirement": "MCP trust controls: signed server manifests, explicit tool allowlists, bearer authentication, sandboxed server processes, organizational approved-registry for MCP servers.",
|
|
64
64
|
"status": "open",
|
|
65
65
|
"opened_date": "2026-04-01",
|
|
66
|
-
"evidence_cves": [
|
|
67
|
-
"CVE-2026-30615"
|
|
68
|
-
],
|
|
66
|
+
"evidence_cves": [],
|
|
69
67
|
"atlas_refs": [
|
|
70
68
|
"AML.T0010"
|
|
71
69
|
],
|
|
@@ -96,9 +94,7 @@
|
|
|
96
94
|
"real_requirement": "Prompt-level access control: each model invocation is constrained to an authorized action scope. Actions outside that scope require explicit user re-authorization. System prompt establishes authority hierarchy.",
|
|
97
95
|
"status": "open",
|
|
98
96
|
"opened_date": "2026-01-01",
|
|
99
|
-
"evidence_cves": [
|
|
100
|
-
"CVE-2025-53773"
|
|
101
|
-
],
|
|
97
|
+
"evidence_cves": [],
|
|
102
98
|
"atlas_refs": [
|
|
103
99
|
"AML.T0051",
|
|
104
100
|
"AML.T0054"
|
|
@@ -130,10 +126,7 @@
|
|
|
130
126
|
"real_requirement": "User-application hardening enumerates AI assistants and MCP servers in scope; sets default-deny on tool grants with explicit per-tool acknowledgement; pins MCP server versions with signature verification; treats AI-tool config files (.claude/settings.json, .cursor/mcp.json, .vscode/settings.json's chat.tools.autoApprove) as integrity-monitored configuration with the same protection profile as security-sensitive files.",
|
|
131
127
|
"status": "open",
|
|
132
128
|
"opened_date": "2026-05-13",
|
|
133
|
-
"evidence_cves": [
|
|
134
|
-
"CVE-2025-53773",
|
|
135
|
-
"CVE-2026-30615"
|
|
136
|
-
],
|
|
129
|
+
"evidence_cves": [],
|
|
137
130
|
"atlas_refs": [
|
|
138
131
|
"AML.T0010",
|
|
139
132
|
"AML.T0051"
|
|
@@ -166,9 +159,7 @@
|
|
|
166
159
|
"real_requirement": "Backups cover AI-system artefacts (model weights, RAG corpora, plugin registries, AI-tool configuration files) with off-network retention; backup-integrity verification includes per-document hash comparison for RAG corpora to detect corpus poisoning; documented 'AI-system restore to last-known-good' workflow that maps to detected AI-incident classes.",
|
|
167
160
|
"status": "open",
|
|
168
161
|
"opened_date": "2026-05-13",
|
|
169
|
-
"evidence_cves": [
|
|
170
|
-
"CVE-2026-45321"
|
|
171
|
-
],
|
|
162
|
+
"evidence_cves": [],
|
|
172
163
|
"atlas_refs": [
|
|
173
164
|
"AML.T0010",
|
|
174
165
|
"AML.T0020",
|
|
@@ -231,11 +222,7 @@
|
|
|
231
222
|
"real_requirement": "Patch operating systems with KEV-anchored SLA (≤48h for critical with public PoC, live-patching mandatory on hosts that can't accept a reboot within window); kernel patching pipeline distinct from userspace patch pipeline; third-party kernel module patches tracked alongside vendor patches; SLA metric is 'time from KEV listing to deployed', not 'time from advisory publication'.",
|
|
232
223
|
"status": "open",
|
|
233
224
|
"opened_date": "2026-05-13",
|
|
234
|
-
"evidence_cves": [
|
|
235
|
-
"CVE-2026-31431",
|
|
236
|
-
"CVE-2026-43284",
|
|
237
|
-
"CVE-2026-43500"
|
|
238
|
-
],
|
|
225
|
+
"evidence_cves": [],
|
|
239
226
|
"atlas_refs": [],
|
|
240
227
|
"attack_refs": [
|
|
241
228
|
"T1068"
|
|
@@ -298,10 +285,7 @@
|
|
|
298
285
|
"real_requirement": "CMMC 2.0 Level 2 must require: (1) inventory of AI assistants and MCP servers with CUI-adjacent access (3.4.1 extension), (2) AI-API egress monitoring as a CUI protection control (3.13 extension), (3) prompt-injection RCE in developer tooling as a 3.14 threat class with patching SLA, (4) explicit cross-walk to UK DEF STAN 05-138 and AU DISP for joint-programme AI policy parity.",
|
|
299
286
|
"status": "open",
|
|
300
287
|
"opened_date": "2026-05-11",
|
|
301
|
-
"evidence_cves": [
|
|
302
|
-
"CVE-2025-53773",
|
|
303
|
-
"CVE-2026-30615"
|
|
304
|
-
],
|
|
288
|
+
"evidence_cves": [],
|
|
305
289
|
"atlas_refs": [
|
|
306
290
|
"AML.T0010",
|
|
307
291
|
"AML.T0051",
|
|
@@ -337,9 +321,7 @@
|
|
|
337
321
|
"real_requirement": "Programmes that claim 'Top 25 addressed' as compliance evidence must additionally: (1) enumerate AI-relevant CWEs outside the Top 25 (CWE-1426 Improper Output Validation, CWE-1039 Inadequate Detection of Adversarial Input, CWE-1230 Exposure of Sensitive Info Through Metadata) with explicit treatment, (2) cross-walk to ATLAS v5.1.0 TTPs for adversarial coverage, (3) re-baseline against the next-published Top 25 with delta analysis. Aligns with EU CRA Annex I, UK NCSC, AU ISM, ISO 27001 A.8.28.",
|
|
338
322
|
"status": "open",
|
|
339
323
|
"opened_date": "2026-05-11",
|
|
340
|
-
"evidence_cves": [
|
|
341
|
-
"CVE-2025-53773"
|
|
342
|
-
],
|
|
324
|
+
"evidence_cves": [],
|
|
343
325
|
"atlas_refs": [
|
|
344
326
|
"AML.T0043",
|
|
345
327
|
"AML.T0051",
|
|
@@ -373,9 +355,7 @@
|
|
|
373
355
|
"real_requirement": "CycloneDX 1.6 deployment must require: (1) ML-BOM completeness checks (model + adapters + tokenizer + training data manifest where licensable), (2) MCP server inventory as part of the application SBOM, (3) populated provenance fields (signature, training data source, supplier) — empty fields treated as a defect, (4) SPDX 3.0 AI cross-walk evidence to satisfy EU CRA Annex I parity.",
|
|
374
356
|
"status": "open",
|
|
375
357
|
"opened_date": "2026-05-11",
|
|
376
|
-
"evidence_cves": [
|
|
377
|
-
"CVE-2026-30615"
|
|
378
|
-
],
|
|
358
|
+
"evidence_cves": [],
|
|
379
359
|
"atlas_refs": [
|
|
380
360
|
"AML.T0010",
|
|
381
361
|
"AML.T0018",
|
|
@@ -443,9 +423,7 @@
|
|
|
443
423
|
"real_requirement": "RTS subcontracting register must add: (1) AI sub-processor enumeration (model provider, embedding provider, vector store, RAG corpus host) per ICT service line, (2) MCP server inventory treated as a subcontractor class, (3) foundation-model concentration analysis alongside cloud-provider concentration, (4) per-call inference-routing residency for AI services, (5) explicit cross-walk to UK PRA SS2/21 + AU CPS 230 for cross-border AI sub-processor disclosure.",
|
|
444
424
|
"status": "open",
|
|
445
425
|
"opened_date": "2026-05-15",
|
|
446
|
-
"evidence_cves": [
|
|
447
|
-
"CVE-2026-30615"
|
|
448
|
-
],
|
|
426
|
+
"evidence_cves": [],
|
|
449
427
|
"atlas_refs": [
|
|
450
428
|
"AML.T0010"
|
|
451
429
|
],
|
|
@@ -478,10 +456,7 @@
|
|
|
478
456
|
"real_requirement": "ITS-TLPT must add: (1) AI/MCP asset enumeration in the scoping template, (2) AI-augmented threat intelligence inputs (ATLAS TTPs, AI-discovered CVE classes), (3) standard authorisation clauses for adversarial testing against third-party AI providers, (4) AI/MCP competency requirements for TLPT-tester certifications, (5) cross-walk to TIBER-EU + UK CBEST + AU CORIE updated scope language.",
|
|
479
457
|
"status": "open",
|
|
480
458
|
"opened_date": "2026-05-15",
|
|
481
|
-
"evidence_cves": [
|
|
482
|
-
"CVE-2025-53773",
|
|
483
|
-
"CVE-2026-30615"
|
|
484
|
-
],
|
|
459
|
+
"evidence_cves": [],
|
|
485
460
|
"atlas_refs": [
|
|
486
461
|
"AML.T0010",
|
|
487
462
|
"AML.T0051",
|
|
@@ -516,9 +491,7 @@
|
|
|
516
491
|
"real_requirement": "RTS classification must add: (1) AI-incident class enumeration in the qualitative criteria, (2) AI-specific quantitative measures (model invocations affected, agent actions taken on injected intent, RAG corpus integrity loss), (3) ATLAS-class adversary indicators as significant-cyber-threat triggers, (4) cross-walk to NIS2 Art. 23 + UK FCA SUP 15.3 + AU CPS 234 with AI-class fields.",
|
|
517
492
|
"status": "open",
|
|
518
493
|
"opened_date": "2026-05-15",
|
|
519
|
-
"evidence_cves": [
|
|
520
|
-
"CVE-2025-53773"
|
|
521
|
-
],
|
|
494
|
+
"evidence_cves": [],
|
|
522
495
|
"atlas_refs": [
|
|
523
496
|
"AML.T0051",
|
|
524
497
|
"AML.T0054",
|
|
@@ -586,9 +559,8 @@
|
|
|
586
559
|
"status": "open",
|
|
587
560
|
"opened_date": "2026-05-13",
|
|
588
561
|
"evidence_cves": [
|
|
589
|
-
"CVE-
|
|
590
|
-
"CVE-2026-
|
|
591
|
-
"CVE-2026-39987"
|
|
562
|
+
"CVE-2026-39987",
|
|
563
|
+
"CVE-2026-42208"
|
|
592
564
|
],
|
|
593
565
|
"atlas_refs": [
|
|
594
566
|
"AML.T0010",
|
|
@@ -654,10 +626,7 @@
|
|
|
654
626
|
"real_requirement": "Art. 55 operationalisation must add: (1) prescribed adversarial-evaluation methodology covering OWASP LLM Top 10 + ATLAS TTPs + MCP-trust scenarios, (2) standardised energy reporting (kWh per million tokens, training compute under ISO/IEC TR 24028), (3) reconciled incident-reporting clocks with DORA Art. 19 + NIS2 Art. 23, (4) explicit control catalogue for model-layer cybersecurity (weights provenance, system-prompt integrity, fine-tune access control).",
|
|
655
627
|
"status": "open",
|
|
656
628
|
"opened_date": "2026-05-15",
|
|
657
|
-
"evidence_cves": [
|
|
658
|
-
"CVE-2025-53773",
|
|
659
|
-
"CVE-2026-30615"
|
|
660
|
-
],
|
|
629
|
+
"evidence_cves": [],
|
|
661
630
|
"atlas_refs": [
|
|
662
631
|
"AML.T0010",
|
|
663
632
|
"AML.T0018",
|
|
@@ -756,9 +725,10 @@
|
|
|
756
725
|
"status": "open",
|
|
757
726
|
"opened_date": "2026-05-13",
|
|
758
727
|
"evidence_cves": [
|
|
728
|
+
"CVE-2026-42897",
|
|
729
|
+
"CVE-2026-45321",
|
|
759
730
|
"MAL-2026-3083",
|
|
760
|
-
"
|
|
761
|
-
"CVE-2026-42897"
|
|
731
|
+
"MAL-2026-NODE-IPC-STEALER"
|
|
762
732
|
],
|
|
763
733
|
"atlas_refs": [
|
|
764
734
|
"AML.T0010",
|
|
@@ -793,10 +763,7 @@
|
|
|
793
763
|
"real_requirement": "FedRAMP Rev 5 Moderate must publish: (1) an AI provider attestation path (StateRAMP-equivalent or FedRAMP Tailored for AI services), (2) explicit shared-responsibility matrix for AI APIs covering prompt data, output data, training opt-out, and retention, (3) SSP template language for documenting AI API usage in authorised systems, (4) cross-walk to EU EUCS Substantial and AU IRAP PROTECTED for joint operations.",
|
|
794
764
|
"status": "open",
|
|
795
765
|
"opened_date": "2026-05-11",
|
|
796
|
-
"evidence_cves": [
|
|
797
|
-
"CVE-2025-53773",
|
|
798
|
-
"CVE-2026-30615"
|
|
799
|
-
],
|
|
766
|
+
"evidence_cves": [],
|
|
800
767
|
"atlas_refs": [
|
|
801
768
|
"AML.T0051",
|
|
802
769
|
"AML.T0096"
|
|
@@ -830,9 +797,7 @@
|
|
|
830
797
|
"real_requirement": "164.312(a)(1) implementation must add: (1) BAA-level coverage for AI providers including prompt retention, training opt-out, and breach notification within HIPAA timelines, (2) per-prompt PHI minimisation (DLP), (3) AI agent session controls treated separately from human user controls, (4) cross-walk with GDPR Art. 35 / UK NHS DSPT / AU APP 11 for cross-border health data in AI workflows.",
|
|
831
798
|
"status": "open",
|
|
832
799
|
"opened_date": "2026-05-11",
|
|
833
|
-
"evidence_cves": [
|
|
834
|
-
"CVE-2025-53773"
|
|
835
|
-
],
|
|
800
|
+
"evidence_cves": [],
|
|
836
801
|
"atlas_refs": [
|
|
837
802
|
"AML.T0054",
|
|
838
803
|
"AML.T0096"
|
|
@@ -866,9 +831,7 @@
|
|
|
866
831
|
"real_requirement": "164.308 NPRM implementation must add: (1) AI assistants + model-API providers as enumerated technology-asset categories, (2) network-map requirement extended to AI-API egress including BAA / training-opt-out attestation per route, (3) tabletop-exercise catalogue covering AI-specific PHI loss scenarios, (4) workforce training module specific to AI handling of PHI. Note: final rule still pending — track HHS-OCR publication date Q3 2026.",
|
|
867
832
|
"status": "open",
|
|
868
833
|
"opened_date": "2026-05-15",
|
|
869
|
-
"evidence_cves": [
|
|
870
|
-
"CVE-2025-53773"
|
|
871
|
-
],
|
|
834
|
+
"evidence_cves": [],
|
|
872
835
|
"atlas_refs": [
|
|
873
836
|
"AML.T0054",
|
|
874
837
|
"AML.T0096"
|
|
@@ -902,9 +865,7 @@
|
|
|
902
865
|
"real_requirement": "164.310 NPRM implementation must add: (1) AI-API session logging treated as in-scope under the network-access-logging mandate, (2) developer-endpoint workstation security extended to AI assistants with PHI exposure, (3) media-disposal verification extended to AI training-data opt-out attestation, (4) MCP-server enumeration in the deployed-asset inventory. Final rule pending.",
|
|
903
866
|
"status": "open",
|
|
904
867
|
"opened_date": "2026-05-15",
|
|
905
|
-
"evidence_cves": [
|
|
906
|
-
"CVE-2026-30615"
|
|
907
|
-
],
|
|
868
|
+
"evidence_cves": [],
|
|
908
869
|
"atlas_refs": [
|
|
909
870
|
"AML.T0010",
|
|
910
871
|
"AML.T0054"
|
|
@@ -937,11 +898,7 @@
|
|
|
937
898
|
"real_requirement": "164.312 NPRM implementation must add: (1) per-action MFA-equivalent for AI-agent PHI access (delegated-authority attestation), (2) encryption-at-rest extended to AI-provider artifacts (conversation history, embeddings, fine-tune sets), (3) prompt-injection + RAG-poisoning detection as anti-malware-equivalent for AI-augmented systems, (4) CISA-KEV-class patch tier (< 72h) layered over the 6-month scan cadence. Final rule pending.",
|
|
938
899
|
"status": "open",
|
|
939
900
|
"opened_date": "2026-05-15",
|
|
940
|
-
"evidence_cves": [
|
|
941
|
-
"CVE-2025-53773",
|
|
942
|
-
"CVE-2026-30615",
|
|
943
|
-
"CVE-2026-31431"
|
|
944
|
-
],
|
|
901
|
+
"evidence_cves": [],
|
|
945
902
|
"atlas_refs": [
|
|
946
903
|
"AML.T0010",
|
|
947
904
|
"AML.T0051",
|
|
@@ -977,9 +934,7 @@
|
|
|
977
934
|
"real_requirement": "164.314 NPRM implementation must add: (1) AI-sub-processor explicit flow-down template, (2) AI-specific BAA clauses (prompt retention, training opt-out, model version pinning, AI-incident reporting timeline), (3) AI-handling training requirement for business-associate workforce, (4) accelerated notification clock for AI-mediated PHI loss class. Final rule pending.",
|
|
978
935
|
"status": "open",
|
|
979
936
|
"opened_date": "2026-05-15",
|
|
980
|
-
"evidence_cves": [
|
|
981
|
-
"CVE-2025-53773"
|
|
982
|
-
],
|
|
937
|
+
"evidence_cves": [],
|
|
983
938
|
"atlas_refs": [
|
|
984
939
|
"AML.T0010",
|
|
985
940
|
"AML.T0054"
|
|
@@ -1012,10 +967,7 @@
|
|
|
1012
967
|
"real_requirement": "09.l must require: (1) AI vendor inventory separate from general SaaS inventory, (2) AI-specific contractual clauses (prompt retention, training opt-out, residency, version pinning, prompt-breach notification timeline), (3) self-signup AI usage prohibited for in-scope data, (4) cross-walk to EU AI Act Art. 25, UK ICO AI guidance, AU Privacy Act third-party obligations.",
|
|
1013
968
|
"status": "open",
|
|
1014
969
|
"opened_date": "2026-05-11",
|
|
1015
|
-
"evidence_cves": [
|
|
1016
|
-
"CVE-2025-53773",
|
|
1017
|
-
"CVE-2026-30615"
|
|
1018
|
-
],
|
|
970
|
+
"evidence_cves": [],
|
|
1019
971
|
"atlas_refs": [
|
|
1020
972
|
"AML.T0010",
|
|
1021
973
|
"AML.T0054"
|
|
@@ -1048,9 +1000,7 @@
|
|
|
1048
1000
|
"real_requirement": "62443-3-3 must add AI-in-OT requirements: SL2+ environments must prohibit or strictly gate LLM HMI overlays; FR1 must distinguish 'human operator action' from 'AI-mediated action initiated by operator' as separate identity claims; conduits-and-zones diagrams must enumerate AI-API egress as a named conduit subject to FR5 (Restricted Data Flow) and monitored under FR6.",
|
|
1049
1001
|
"status": "open",
|
|
1050
1002
|
"opened_date": "2026-05-11",
|
|
1051
|
-
"evidence_cves": [
|
|
1052
|
-
"CVE-2025-53773"
|
|
1053
|
-
],
|
|
1003
|
+
"evidence_cves": [],
|
|
1054
1004
|
"atlas_refs": [
|
|
1055
1005
|
"AML.T0051",
|
|
1056
1006
|
"AML.T0054",
|
|
@@ -1118,9 +1068,7 @@
|
|
|
1118
1068
|
"real_requirement": "Separate AI system security controls are needed: prompt injection testing, model integrity verification, training pipeline security, RAG pipeline security. A.8.28 is not the right control family for AI system security.",
|
|
1119
1069
|
"status": "open",
|
|
1120
1070
|
"opened_date": "2026-01-01",
|
|
1121
|
-
"evidence_cves": [
|
|
1122
|
-
"CVE-2025-53773"
|
|
1123
|
-
],
|
|
1071
|
+
"evidence_cves": [],
|
|
1124
1072
|
"atlas_refs": [
|
|
1125
1073
|
"AML.T0051",
|
|
1126
1074
|
"AML.T0054"
|
|
@@ -1186,8 +1134,9 @@
|
|
|
1186
1134
|
"status": "open",
|
|
1187
1135
|
"opened_date": "2026-03-15",
|
|
1188
1136
|
"evidence_cves": [
|
|
1137
|
+
"CVE-2026-0300",
|
|
1189
1138
|
"CVE-2026-31431",
|
|
1190
|
-
"CVE-2026-
|
|
1139
|
+
"CVE-2026-46300"
|
|
1191
1140
|
],
|
|
1192
1141
|
"atlas_refs": [],
|
|
1193
1142
|
"attack_refs": [
|
|
@@ -1218,9 +1167,7 @@
|
|
|
1218
1167
|
"real_requirement": "Clause 7 implementations must add a runtime adversarial-evaluation control: standing red-team prompt suite, success-rate baseline, alerting on regression after model/system-prompt change, evidence retention for incident reconstruction. Drift monitoring must include adversarial robustness, not only statistical accuracy.",
|
|
1219
1168
|
"status": "open",
|
|
1220
1169
|
"opened_date": "2026-05-11",
|
|
1221
|
-
"evidence_cves": [
|
|
1222
|
-
"CVE-2025-53773"
|
|
1223
|
-
],
|
|
1170
|
+
"evidence_cves": [],
|
|
1224
1171
|
"atlas_refs": [
|
|
1225
1172
|
"AML.T0043",
|
|
1226
1173
|
"AML.T0051",
|
|
@@ -1254,10 +1201,7 @@
|
|
|
1254
1201
|
"real_requirement": "Clause 6.1.2 risk registers must (1) ingest ATLAS v5.1.0 TTPs as enumerated AI-specific threat sources, (2) cross-reference jurisdictional obligations (EU AI Act Annex III, NIS2 Art. 21, DORA Art. 28, UK CAF B4, AU ISM AI annex, ISO 27001:2022 A.5.7), (3) include AI-API-as-C2 and prompt-injection-as-RCE as named scenarios, (4) be re-run on threat-intel triggers, not only on calendar cycles.",
|
|
1255
1202
|
"status": "open",
|
|
1256
1203
|
"opened_date": "2026-05-11",
|
|
1257
|
-
"evidence_cves": [
|
|
1258
|
-
"CVE-2025-53773",
|
|
1259
|
-
"CVE-2026-30615"
|
|
1260
|
-
],
|
|
1204
|
+
"evidence_cves": [],
|
|
1261
1205
|
"atlas_refs": [
|
|
1262
1206
|
"AML.T0051",
|
|
1263
1207
|
"AML.T0054",
|
|
@@ -1292,9 +1236,7 @@
|
|
|
1292
1236
|
"real_requirement": "CIP-007-6 R4 must enumerate: (1) AI operator assistants as monitored event sources with explicit alerting on assistant-initiated operator commands, (2) AI-API egress events at the corporate-to-OT boundary, (3) prompt-injection indicators as a distinct event class, (4) alignment of R4 monitoring outputs with NIS2 24h/72h reporting obligations for multinational operators.",
|
|
1293
1237
|
"status": "open",
|
|
1294
1238
|
"opened_date": "2026-05-11",
|
|
1295
|
-
"evidence_cves": [
|
|
1296
|
-
"CVE-2025-53773"
|
|
1297
|
-
],
|
|
1239
|
+
"evidence_cves": [],
|
|
1298
1240
|
"atlas_refs": [
|
|
1299
1241
|
"AML.T0051",
|
|
1300
1242
|
"AML.T0054",
|
|
@@ -1331,10 +1273,8 @@
|
|
|
1331
1273
|
"status": "open",
|
|
1332
1274
|
"opened_date": "2026-05-13",
|
|
1333
1275
|
"evidence_cves": [
|
|
1334
|
-
"CVE-2025-53773",
|
|
1335
|
-
"CVE-2026-30615",
|
|
1336
|
-
"CVE-2026-45321",
|
|
1337
1276
|
"CVE-2026-39987",
|
|
1277
|
+
"CVE-2026-42208",
|
|
1338
1278
|
"CVE-2026-42897"
|
|
1339
1279
|
],
|
|
1340
1280
|
"atlas_refs": [
|
|
@@ -1371,7 +1311,11 @@
|
|
|
1371
1311
|
"status": "open",
|
|
1372
1312
|
"opened_date": "2026-03-15",
|
|
1373
1313
|
"evidence_cves": [
|
|
1374
|
-
"CVE-2026-31431"
|
|
1314
|
+
"CVE-2026-31431",
|
|
1315
|
+
"CVE-2026-39884",
|
|
1316
|
+
"CVE-2026-45321",
|
|
1317
|
+
"CVE-2026-46300",
|
|
1318
|
+
"MAL-2026-3083"
|
|
1375
1319
|
],
|
|
1376
1320
|
"atlas_refs": [],
|
|
1377
1321
|
"attack_refs": [
|
|
@@ -1402,10 +1346,7 @@
|
|
|
1402
1346
|
"real_requirement": "800-115 must add: (1) AI-API testing chapter with techniques for prompt injection, jailbreak, model-DoS, embedding inversion, AI-API-as-C2, (2) prompt-fuzzing methodology with evidence retention guidance, (3) MCP server test class, (4) explicit compliance cross-walk: under what regimes (PCI 11.4, DORA Art. 24, EU AI Act Art. 15, UK CHECK, AU IRAP) is which test class required.",
|
|
1403
1347
|
"status": "open",
|
|
1404
1348
|
"opened_date": "2026-05-11",
|
|
1405
|
-
"evidence_cves": [
|
|
1406
|
-
"CVE-2025-53773",
|
|
1407
|
-
"CVE-2026-30615"
|
|
1408
|
-
],
|
|
1349
|
+
"evidence_cves": [],
|
|
1409
1350
|
"atlas_refs": [
|
|
1410
1351
|
"AML.T0010",
|
|
1411
1352
|
"AML.T0043",
|
|
@@ -1444,8 +1385,9 @@
|
|
|
1444
1385
|
"status": "open",
|
|
1445
1386
|
"opened_date": "2026-05-11",
|
|
1446
1387
|
"evidence_cves": [
|
|
1447
|
-
"CVE-
|
|
1448
|
-
"
|
|
1388
|
+
"CVE-2026-45321",
|
|
1389
|
+
"MAL-2026-3083",
|
|
1390
|
+
"MAL-2026-NODE-IPC-STEALER"
|
|
1449
1391
|
],
|
|
1450
1392
|
"atlas_refs": [
|
|
1451
1393
|
"AML.T0010",
|
|
@@ -1516,6 +1458,7 @@
|
|
|
1516
1458
|
"status": "open",
|
|
1517
1459
|
"opened_date": "2026-04-01",
|
|
1518
1460
|
"evidence_cves": [
|
|
1461
|
+
"CVE-2025-53773",
|
|
1519
1462
|
"CVE-2026-30615"
|
|
1520
1463
|
],
|
|
1521
1464
|
"atlas_refs": [
|
|
@@ -1550,7 +1493,9 @@
|
|
|
1550
1493
|
"status": "open",
|
|
1551
1494
|
"opened_date": "2026-04-01",
|
|
1552
1495
|
"evidence_cves": [
|
|
1553
|
-
"CVE-2026-30615"
|
|
1496
|
+
"CVE-2026-30615",
|
|
1497
|
+
"CVE-2026-45321",
|
|
1498
|
+
"MAL-2026-3083"
|
|
1554
1499
|
],
|
|
1555
1500
|
"atlas_refs": [
|
|
1556
1501
|
"AML.T0010"
|
|
@@ -1583,8 +1528,7 @@
|
|
|
1583
1528
|
"status": "open",
|
|
1584
1529
|
"opened_date": "2026-04-01",
|
|
1585
1530
|
"evidence_cves": [
|
|
1586
|
-
"CVE-2026-43284"
|
|
1587
|
-
"CVE-2026-43500"
|
|
1531
|
+
"CVE-2026-43284"
|
|
1588
1532
|
],
|
|
1589
1533
|
"atlas_refs": [],
|
|
1590
1534
|
"attack_refs": [
|
|
@@ -1615,7 +1559,9 @@
|
|
|
1615
1559
|
"real_requirement": "SC-7 implementations that operate in environments using AI APIs MUST add an AI-egress-layer control: SDK-level prompt logging with identity binding, anomaly detection on prompt-shape / token-volume / off-business-hours patterns, and an allowlist of AI provider domains that explicitly enumerates the sanctioned business reason for each. Boundary-only SC-7 evidence is incomplete for any org with AI API access in production.",
|
|
1616
1560
|
"status": "open",
|
|
1617
1561
|
"opened_date": "2026-05-01",
|
|
1618
|
-
"evidence_cves": [
|
|
1562
|
+
"evidence_cves": [
|
|
1563
|
+
"CVE-2026-42897"
|
|
1564
|
+
],
|
|
1619
1565
|
"atlas_refs": [
|
|
1620
1566
|
"AML.T0096",
|
|
1621
1567
|
"AML.T0017"
|
|
@@ -1649,8 +1595,7 @@
|
|
|
1649
1595
|
"status": "open",
|
|
1650
1596
|
"opened_date": "2026-04-01",
|
|
1651
1597
|
"evidence_cves": [
|
|
1652
|
-
"CVE-2026-43284"
|
|
1653
|
-
"CVE-2026-43500"
|
|
1598
|
+
"CVE-2026-43284"
|
|
1654
1599
|
],
|
|
1655
1600
|
"atlas_refs": [],
|
|
1656
1601
|
"attack_refs": [
|
|
@@ -1682,8 +1627,8 @@
|
|
|
1682
1627
|
"status": "open",
|
|
1683
1628
|
"opened_date": "2026-05-13",
|
|
1684
1629
|
"evidence_cves": [
|
|
1685
|
-
"CVE-2026-
|
|
1686
|
-
"CVE-2026-
|
|
1630
|
+
"CVE-2026-39884",
|
|
1631
|
+
"CVE-2026-42208"
|
|
1687
1632
|
],
|
|
1688
1633
|
"atlas_refs": [
|
|
1689
1634
|
"AML.T0053"
|
|
@@ -1717,9 +1662,7 @@
|
|
|
1717
1662
|
"real_requirement": "SI-12 must be extended to include AI system data: prompt logs (security-relevant AI actions must be retained for incident investigation), model version history, inference output logs for security-sensitive decisions, training data provenance records.",
|
|
1718
1663
|
"status": "open",
|
|
1719
1664
|
"opened_date": "2026-03-01",
|
|
1720
|
-
"evidence_cves": [
|
|
1721
|
-
"CVE-2025-53773"
|
|
1722
|
-
],
|
|
1665
|
+
"evidence_cves": [],
|
|
1723
1666
|
"atlas_refs": [
|
|
1724
1667
|
"AML.T0054"
|
|
1725
1668
|
],
|
|
@@ -1752,13 +1695,15 @@
|
|
|
1752
1695
|
"status": "open",
|
|
1753
1696
|
"opened_date": "2026-03-15",
|
|
1754
1697
|
"evidence_cves": [
|
|
1755
|
-
"CVE-2026-31431",
|
|
1756
|
-
"CVE-2026-43284",
|
|
1757
1698
|
"CVE-2026-0300",
|
|
1758
|
-
"CVE-2026-
|
|
1759
|
-
"CVE-2026-42897",
|
|
1699
|
+
"CVE-2026-31431",
|
|
1760
1700
|
"CVE-2026-32202",
|
|
1761
|
-
"CVE-2026-33825"
|
|
1701
|
+
"CVE-2026-33825",
|
|
1702
|
+
"CVE-2026-42897",
|
|
1703
|
+
"CVE-2026-43284",
|
|
1704
|
+
"CVE-2026-43500",
|
|
1705
|
+
"CVE-2026-46300",
|
|
1706
|
+
"CVE-2026-6973"
|
|
1762
1707
|
],
|
|
1763
1708
|
"atlas_refs": [],
|
|
1764
1709
|
"attack_refs": [
|
|
@@ -1823,9 +1768,7 @@
|
|
|
1823
1768
|
"real_requirement": "800-63B Rev 4 must add an AAL-A (agent assurance level) construct: per-invocation authenticator binding, capability-scoped tokens (what this agent is permitted to do this run), agent-to-agent delegation chains with non-repudiation, and explicit cross-walk to eIDAS 2.0 attestations, UK GPG 45, AU TDIF, and ISO 29115 for cross-border agent identity.",
|
|
1824
1769
|
"status": "open",
|
|
1825
1770
|
"opened_date": "2026-05-11",
|
|
1826
|
-
"evidence_cves": [
|
|
1827
|
-
"CVE-2025-53773"
|
|
1828
|
-
],
|
|
1771
|
+
"evidence_cves": [],
|
|
1829
1772
|
"atlas_refs": [
|
|
1830
1773
|
"AML.T0051",
|
|
1831
1774
|
"AML.T0054"
|
|
@@ -1859,9 +1802,7 @@
|
|
|
1859
1802
|
"real_requirement": "800-82r3 must add an AI-in-OT control class: (1) explicit prohibition or strict gating of LLM operator assistants in safety-critical zones, (2) prompt-injection threat-model entries for any natural-language operator interface, (3) treat AI-API egress from OT as a conduit requiring named approval and monitoring (NIS2 essential-entity reportable), (4) cross-walk to IEC 62443-3-3 SR 5.1 (network segmentation) for AI-API traffic.",
|
|
1860
1803
|
"status": "open",
|
|
1861
1804
|
"opened_date": "2026-05-11",
|
|
1862
|
-
"evidence_cves": [
|
|
1863
|
-
"CVE-2025-53773"
|
|
1864
|
-
],
|
|
1805
|
+
"evidence_cves": [],
|
|
1865
1806
|
"atlas_refs": [
|
|
1866
1807
|
"AML.T0051",
|
|
1867
1808
|
"AML.T0054",
|
|
@@ -1897,9 +1838,7 @@
|
|
|
1897
1838
|
"real_requirement": "MEASURE 2.5 must include adversarial evaluation: red-team testing for prompt injection, measurement of action boundary compliance (does the AI stay within authorized scope?), and behavioral regression testing after model updates.",
|
|
1898
1839
|
"status": "open",
|
|
1899
1840
|
"opened_date": "2026-01-01",
|
|
1900
|
-
"evidence_cves": [
|
|
1901
|
-
"CVE-2025-53773"
|
|
1902
|
-
],
|
|
1841
|
+
"evidence_cves": [],
|
|
1903
1842
|
"atlas_refs": [
|
|
1904
1843
|
"AML.T0051",
|
|
1905
1844
|
"AML.T0054"
|
|
@@ -1932,9 +1871,7 @@
|
|
|
1932
1871
|
"real_requirement": "V14 must add an AI configuration class: model + provider + system prompt + safety setting + data-retention setting under version control and review; MCP server registry source and signature policy verified; AI client tool allowlist treated as a security-relevant configuration object subject to change control and audit.",
|
|
1933
1872
|
"status": "open",
|
|
1934
1873
|
"opened_date": "2026-05-11",
|
|
1935
|
-
"evidence_cves": [
|
|
1936
|
-
"CVE-2026-30615"
|
|
1937
|
-
],
|
|
1874
|
+
"evidence_cves": [],
|
|
1938
1875
|
"atlas_refs": [
|
|
1939
1876
|
"AML.T0010",
|
|
1940
1877
|
"AML.T0016"
|
|
@@ -1968,7 +1905,8 @@
|
|
|
1968
1905
|
"status": "open",
|
|
1969
1906
|
"opened_date": "2026-05-11",
|
|
1970
1907
|
"evidence_cves": [
|
|
1971
|
-
"CVE-
|
|
1908
|
+
"CVE-2026-39884",
|
|
1909
|
+
"CVE-2026-42208"
|
|
1972
1910
|
],
|
|
1973
1911
|
"atlas_refs": [
|
|
1974
1912
|
"AML.T0051",
|
|
@@ -2004,9 +1942,7 @@
|
|
|
2004
1942
|
"real_requirement": "LLM02 must require: prompt-level data minimisation (DLP before send), DPIA-equivalent assessment when sensitive categories enter prompts (GDPR / UK ICO / AU Privacy Act / HIPAA), explicit provider data-retention contractual terms, and chained-scenario testing combining LLM01 + LLM02 (injection-driven exfiltration).",
|
|
2005
1943
|
"status": "open",
|
|
2006
1944
|
"opened_date": "2026-05-11",
|
|
2007
|
-
"evidence_cves": [
|
|
2008
|
-
"CVE-2025-53773"
|
|
2009
|
-
],
|
|
1945
|
+
"evidence_cves": [],
|
|
2010
1946
|
"atlas_refs": [
|
|
2011
1947
|
"AML.T0054"
|
|
2012
1948
|
],
|
|
@@ -2039,10 +1975,7 @@
|
|
|
2039
1975
|
"real_requirement": "LLM06 must require: signed MCP server manifests, organisational tool allowlists enforced at the AI client, per-invocation authorisation scopes (not per-account), and supply-chain governance for AI tool plugins equivalent to critical third-party software (ISO A.8.30 / SOC 2 CC9 / NIST SA-12 extended).",
|
|
2040
1976
|
"status": "open",
|
|
2041
1977
|
"opened_date": "2026-05-11",
|
|
2042
|
-
"evidence_cves": [
|
|
2043
|
-
"CVE-2026-30615",
|
|
2044
|
-
"CVE-2025-53773"
|
|
2045
|
-
],
|
|
1978
|
+
"evidence_cves": [],
|
|
2046
1979
|
"atlas_refs": [
|
|
2047
1980
|
"AML.T0010",
|
|
2048
1981
|
"AML.T0016",
|
|
@@ -2113,10 +2046,7 @@
|
|
|
2113
2046
|
"real_requirement": "WSTG v5 must add: (1) AI-API test class (prompt injection, jailbreak, model-DoS, embedding inversion, AI-API-as-C2 indicators), (2) MCP server test class (supply chain, tool-response injection, signature verification, allowlist bypass), (3) indirect prompt injection test methodology with named corpora (PR descriptions, web pages, ingest pipelines), (4) cross-walk to PTES, NIST 800-115, EU DORA TLPT, UK CHECK/CREST, AU IRAP.",
|
|
2114
2047
|
"status": "open",
|
|
2115
2048
|
"opened_date": "2026-05-11",
|
|
2116
|
-
"evidence_cves": [
|
|
2117
|
-
"CVE-2025-53773",
|
|
2118
|
-
"CVE-2026-30615"
|
|
2119
|
-
],
|
|
2049
|
+
"evidence_cves": [],
|
|
2120
2050
|
"atlas_refs": [
|
|
2121
2051
|
"AML.T0010",
|
|
2122
2052
|
"AML.T0043",
|
|
@@ -2186,9 +2116,7 @@
|
|
|
2186
2116
|
"real_requirement": "6.4.3 operationalisation must add: (1) dynamic-content integrity (CSP report-uri + runtime DOM-equivalent hashes for AI-generated payment widgets), (2) agent-mediated checkout treated as in-scope with delegated-authority attestation, (3) MCP-server allowlisting on developer endpoints that touch payment-page test environments, (4) integrated reporting with PSD2 SCA-RTS Art. 18 + UK FCA SCA-RTS.",
|
|
2187
2117
|
"status": "open",
|
|
2188
2118
|
"opened_date": "2026-05-15",
|
|
2189
|
-
"evidence_cves": [
|
|
2190
|
-
"CVE-2025-53773"
|
|
2191
|
-
],
|
|
2119
|
+
"evidence_cves": [],
|
|
2192
2120
|
"atlas_refs": [
|
|
2193
2121
|
"AML.T0010",
|
|
2194
2122
|
"AML.T0051"
|
|
@@ -2282,9 +2210,7 @@
|
|
|
2282
2210
|
"real_requirement": "12.10.7 implementation must add: (1) AI-mediated PAN-exposure scenarios in the response-procedure template, (2) notification-clock harmonisation table covering card-brand + PSD2 + NIS2 + DORA + UK FCA + AU CPS 234, (3) AI-incident sub-classification in escalation routing, (4) customer-notification language addressing third-party-AI-provider exposure distinct from adversary exfiltration.",
|
|
2283
2211
|
"status": "open",
|
|
2284
2212
|
"opened_date": "2026-05-15",
|
|
2285
|
-
"evidence_cves": [
|
|
2286
|
-
"CVE-2025-53773"
|
|
2287
|
-
],
|
|
2213
|
+
"evidence_cves": [],
|
|
2288
2214
|
"atlas_refs": [
|
|
2289
2215
|
"AML.T0054",
|
|
2290
2216
|
"AML.T0096"
|
|
@@ -2318,9 +2244,7 @@
|
|
|
2318
2244
|
"real_requirement": "RTS-SCA (and UK FCA SCA-RTS, AU CDR) must define an agent-initiation construct: explicit delegated-authority attestation per agent transaction class, scope-limited authority tokens (amount, counterparty, frequency), and a distinct audit indicator for AI-mediated transactions so injected intent can be detected post-hoc. Aligns with eIDAS 2.0 electronic attestations.",
|
|
2319
2245
|
"status": "open",
|
|
2320
2246
|
"opened_date": "2026-05-11",
|
|
2321
|
-
"evidence_cves": [
|
|
2322
|
-
"CVE-2025-53773"
|
|
2323
|
-
],
|
|
2247
|
+
"evidence_cves": [],
|
|
2324
2248
|
"atlas_refs": [
|
|
2325
2249
|
"AML.T0051",
|
|
2326
2250
|
"AML.T0054"
|
|
@@ -2354,10 +2278,7 @@
|
|
|
2354
2278
|
"real_requirement": "PTES Pre-engagement must add: (1) named AI/MCP asset classes in the standard scoping checklist, (2) provider-side authorisation guidance and contractual carve-outs for prompt-injection testing, (3) rules-of-engagement language addressing AI-API egress as a potential exfiltration channel during the test, (4) cross-walk to TIBER-EU / DORA Art. 24 / UK CBEST / AU CORIE scoping for AI-augmented financial services TLPT.",
|
|
2355
2279
|
"status": "open",
|
|
2356
2280
|
"opened_date": "2026-05-11",
|
|
2357
|
-
"evidence_cves": [
|
|
2358
|
-
"CVE-2025-53773",
|
|
2359
|
-
"CVE-2026-30615"
|
|
2360
|
-
],
|
|
2281
|
+
"evidence_cves": [],
|
|
2361
2282
|
"atlas_refs": [
|
|
2362
2283
|
"AML.T0010",
|
|
2363
2284
|
"AML.T0051",
|
|
@@ -2393,8 +2314,9 @@
|
|
|
2393
2314
|
"status": "open",
|
|
2394
2315
|
"opened_date": "2026-05-11",
|
|
2395
2316
|
"evidence_cves": [
|
|
2396
|
-
"CVE-
|
|
2397
|
-
"
|
|
2317
|
+
"CVE-2026-45321",
|
|
2318
|
+
"MAL-2026-3083",
|
|
2319
|
+
"MAL-2026-NODE-IPC-STEALER"
|
|
2398
2320
|
],
|
|
2399
2321
|
"atlas_refs": [
|
|
2400
2322
|
"AML.T0010",
|
|
@@ -2529,9 +2451,7 @@
|
|
|
2529
2451
|
"real_requirement": "SPDX 3.0 deployment must require: (1) AI Profile + Dataset Profile completeness checks, (2) explicit declaration when training dataset provenance is unavailable (opacity flag), (3) MCP server inventory as a named SPDX element type, (4) CycloneDX ML-BOM cross-walk evidence — maintained as a cross-walk peer rather than a substitute. Aligns with EU CRA Annex I and ISO/IEC 5962.",
|
|
2530
2452
|
"status": "open",
|
|
2531
2453
|
"opened_date": "2026-05-11",
|
|
2532
|
-
"evidence_cves": [
|
|
2533
|
-
"CVE-2026-30615"
|
|
2534
|
-
],
|
|
2454
|
+
"evidence_cves": [],
|
|
2535
2455
|
"atlas_refs": [
|
|
2536
2456
|
"AML.T0010",
|
|
2537
2457
|
"AML.T0018",
|
|
@@ -2565,9 +2485,7 @@
|
|
|
2565
2485
|
"real_requirement": "CSCF v2026 1.1 must add: (1) explicit prohibition or strict gating of LLM assistants inside the SWIFT secure zone, (2) named-conduit treatment for AI-API egress from administrative jump zones with monitoring, (3) AI-generated message drafts flagged as a distinct review class before release, (4) alignment with DORA Art. 28 register of AI ICT third-party providers supporting critical functions, plus UK PRA SS1/21 and AU APRA CPS 234.",
|
|
2566
2486
|
"status": "open",
|
|
2567
2487
|
"opened_date": "2026-05-11",
|
|
2568
|
-
"evidence_cves": [
|
|
2569
|
-
"CVE-2025-53773"
|
|
2570
|
-
],
|
|
2488
|
+
"evidence_cves": [],
|
|
2571
2489
|
"atlas_refs": [
|
|
2572
2490
|
"AML.T0051",
|
|
2573
2491
|
"AML.T0054",
|
|
@@ -2601,9 +2519,7 @@
|
|
|
2601
2519
|
"real_requirement": "Board-level governance includes an AI-systems-in-use inventory, an MCP/plugin trust register with provenance attestation, and a documented assignment of accountability for AI security outcomes that maps to the NIS2/CCRA scope.",
|
|
2602
2520
|
"status": "open",
|
|
2603
2521
|
"opened_date": "2026-05-13",
|
|
2604
|
-
"evidence_cves": [
|
|
2605
|
-
"CVE-2026-30615"
|
|
2606
|
-
],
|
|
2522
|
+
"evidence_cves": [],
|
|
2607
2523
|
"atlas_refs": [
|
|
2608
2524
|
"AML.T0010"
|
|
2609
2525
|
],
|
|
@@ -2632,10 +2548,7 @@
|
|
|
2632
2548
|
"real_requirement": "Identity controls treat AI agents as distinct principals where they execute tools; MCP plugin invocations log model decision + tool name + arguments + user identity; AI-provider service credentials are short-lived, rotated, and excluded from cleartext storage policy exceptions; passkeys/WebAuthn for human-operator-to-AI authentication where supported.",
|
|
2633
2549
|
"status": "open",
|
|
2634
2550
|
"opened_date": "2026-05-13",
|
|
2635
|
-
"evidence_cves": [
|
|
2636
|
-
"CVE-2025-53773",
|
|
2637
|
-
"CVE-2026-30615"
|
|
2638
|
-
],
|
|
2551
|
+
"evidence_cves": [],
|
|
2639
2552
|
"atlas_refs": [
|
|
2640
2553
|
"AML.T0010",
|
|
2641
2554
|
"AML.T0051"
|
|
@@ -2667,10 +2580,7 @@
|
|
|
2667
2580
|
"real_requirement": "Security monitoring includes prompt/response content classification on egress to AI providers, MCP tool-call audit trail (model decision + tool name + arguments + result), AI-API traffic baselines per service identity with anomaly alerts, and unified retention covering AI events alongside classical telemetry.",
|
|
2668
2581
|
"status": "open",
|
|
2669
2582
|
"opened_date": "2026-05-13",
|
|
2670
|
-
"evidence_cves": [
|
|
2671
|
-
"CVE-2025-53773",
|
|
2672
|
-
"CVE-2026-30615"
|
|
2673
|
-
],
|
|
2583
|
+
"evidence_cves": [],
|
|
2674
2584
|
"atlas_refs": [
|
|
2675
2585
|
"AML.T0096",
|
|
2676
2586
|
"AML.T0024",
|
|
@@ -2703,11 +2613,7 @@
|
|
|
2703
2613
|
"real_requirement": "Response plans include live kernel patching as a documented capability with operator drill cadence; AI-incident playbooks cover model rollback, prompt classifier updates, MCP allowlist tightening; backups validate AI-system artefacts; recovery clocks align to NIS2 24h + DORA 4h + GDPR 72h notification matrix.",
|
|
2704
2614
|
"status": "open",
|
|
2705
2615
|
"opened_date": "2026-05-13",
|
|
2706
|
-
"evidence_cves": [
|
|
2707
|
-
"CVE-2026-31431",
|
|
2708
|
-
"CVE-2026-43284",
|
|
2709
|
-
"CVE-2026-43500"
|
|
2710
|
-
],
|
|
2616
|
+
"evidence_cves": [],
|
|
2711
2617
|
"atlas_refs": [],
|
|
2712
2618
|
"attack_refs": [
|
|
2713
2619
|
"T1068"
|
|
@@ -2737,10 +2643,7 @@
|
|
|
2737
2643
|
"real_requirement": "CSAF 2.1 (or a successor profile) must add: (1) an AI-component identifier scheme (model + version + adapters + tokenizer), (2) AI-specific vulnerability classes (jailbreak class, prompt-injection vector, embedding inversion class) with VEX statements, (3) explicit chaining of base-model to derived-model VEX statements, (4) alignment with EU AI Act Art. 15 disclosure obligations, UK NCSC AI vulnerability disclosure, AU ISM AI annex.",
|
|
2738
2644
|
"status": "open",
|
|
2739
2645
|
"opened_date": "2026-05-11",
|
|
2740
|
-
"evidence_cves": [
|
|
2741
|
-
"CVE-2025-53773",
|
|
2742
|
-
"CVE-2026-30615"
|
|
2743
|
-
],
|
|
2646
|
+
"evidence_cves": [],
|
|
2744
2647
|
"atlas_refs": [
|
|
2745
2648
|
"AML.T0010",
|
|
2746
2649
|
"AML.T0018"
|
|
@@ -3053,7 +2956,9 @@
|
|
|
3053
2956
|
"real_requirement": "Extend IA-5 to the IdP control plane: continuous attestation of token-signing certificate fingerprints + claim-transformation rule baseline + per-modification change-control attestation + management-API-token inventory with TTL + scope + source-IP enforcement.",
|
|
3054
2957
|
"status": "open",
|
|
3055
2958
|
"opened_date": "2026-05-15",
|
|
3056
|
-
"evidence_cves": [
|
|
2959
|
+
"evidence_cves": [
|
|
2960
|
+
"MAL-2026-NODE-IPC-STEALER"
|
|
2961
|
+
],
|
|
3057
2962
|
"atlas_refs": [],
|
|
3058
2963
|
"attack_refs": [
|
|
3059
2964
|
"T1556.007",
|
|
@@ -3746,8 +3651,7 @@
|
|
|
3746
3651
|
"status": "open",
|
|
3747
3652
|
"opened_date": "2026-05-15",
|
|
3748
3653
|
"evidence_cves": [
|
|
3749
|
-
"CVE-2026-0300"
|
|
3750
|
-
"CVE-2026-42897"
|
|
3654
|
+
"CVE-2026-0300"
|
|
3751
3655
|
],
|
|
3752
3656
|
"atlas_refs": [],
|
|
3753
3657
|
"attack_refs": [
|
|
@@ -3887,8 +3791,8 @@
|
|
|
3887
3791
|
"status": "open",
|
|
3888
3792
|
"opened_date": "2026-05-15",
|
|
3889
3793
|
"evidence_cves": [
|
|
3890
|
-
"CVE-2026-
|
|
3891
|
-
"CVE-2026-
|
|
3794
|
+
"CVE-2026-33825",
|
|
3795
|
+
"CVE-2026-6973"
|
|
3892
3796
|
],
|
|
3893
3797
|
"atlas_refs": [],
|
|
3894
3798
|
"attack_refs": [
|
|
@@ -3954,9 +3858,9 @@
|
|
|
3954
3858
|
"status": "open",
|
|
3955
3859
|
"opened_date": "2026-05-15",
|
|
3956
3860
|
"evidence_cves": [
|
|
3957
|
-
"CVE-2026-6973",
|
|
3958
3861
|
"CVE-2026-32202",
|
|
3959
|
-
"CVE-2026-33825"
|
|
3862
|
+
"CVE-2026-33825",
|
|
3863
|
+
"CVE-2026-6973"
|
|
3960
3864
|
],
|
|
3961
3865
|
"atlas_refs": [],
|
|
3962
3866
|
"attack_refs": [
|
|
@@ -3989,8 +3893,7 @@
|
|
|
3989
3893
|
"status": "open",
|
|
3990
3894
|
"opened_date": "2026-05-15",
|
|
3991
3895
|
"evidence_cves": [
|
|
3992
|
-
"CVE-2026-32202"
|
|
3993
|
-
"CVE-2026-33825"
|
|
3896
|
+
"CVE-2026-32202"
|
|
3994
3897
|
],
|
|
3995
3898
|
"atlas_refs": [],
|
|
3996
3899
|
"attack_refs": [
|