Extending STRIDE and MITRE ATLAS for AI-Specific Threat Landscapes

Abstract

These risks to AI systems include adversarial attacks, data poisoning, and generative misuse which have not been well represented by existing frameworks like STRIDE and MITRE ATLAS. Available solutions such as OWASP MAESTRO are advantageous as they include AI-specific risk catalogs, but are not asset-based, they are not ethically-accountable, and they are not sector-flexible. To fill this gap, we specify two framework extensions, namely STRIDE-AI + and ATLAS-AI +, which are aimed at a systematic integration of adversarial machine learning courses of action, model inversion, data exfiltration, and explainability-related vulnerabilities into existing threat modeling techniques. The RIDE-AI+ extends core TTPs like spoofing, tampering and repudiation to those specific to AI, whereas the ATLAS-AI+ extends adversarial TTPs with two social-technical dimensions and a sector-specific one. A comparative analysis shows that these extensions provide a wider range of exposure to the ethical, operational, and systems degree of threats than those provided by MAESTRO alone. These results show the need to address both technical resilience and governance objectives in an integrated manner, which would allow developing a defense-in-depth against attacks in key areas like energy, healthcare, and defense.