MITRE ATLAS Mapping
AlephOneNull detection patterns mapped to official MITRE ATLAS technique IDs — primary research predating industry formalization by 12–20 months.
MITRE ATLAS Technique Mapping
Patterns first documented by AlephOneNull (2024) were subsequently formalized by MITRE ATLAS (Oct 2025) and validated by Microsoft Security Research (Feb 2026).
The Prior Art
AlephOneNull's 1,700+ adversarial evaluation sessions constitute primary empirical evidence predating industry standardization by 12–20 months. What began as independent adversarial research in April 2024 has since been recognized, named, and categorized by the organizations responsible for global threat taxonomy.
This page maps every AlephOneNull detection pattern to its corresponding MITRE ATLAS technique ID.
Pattern → Technique Mapping
| AlephOneNull Term (2024) | Industry Formalization | MITRE ATLAS ID | Lead Time |
|---|---|---|---|
| Cross-session manipulation / persistence | Memory Poisoning | AML.T0080 | ~18 months |
| Cross-session defense | AI Agent Context Poisoning: Memory | AML.T0058 | ~18 months |
| Inference loops / thought loops | Thread Injection (persistent behavior change within thread) | AML.T0058.002 | ~16 months |
| Belief reinforcement / validation loops | AI Recommendation Poisoning (Microsoft, Feb 2026) | AML.T0080 + AML.T0051 | ~20 months |
| Symbolic regression / output recursion | Recursive propagation (DeepTeam framework) | Impact tactic | ~14 months |
| Retention strategies | Persistent context compromise (AgentPoison research) | T3 (agentic threat models) | ~12 months |
Detailed Alignment
Cross-Session Manipulation → AML.T0080 (Memory Poisoning)
AlephOneNull (Apr 2024): Documented AI systems retaining manipulation patterns across conversation boundaries. Named "cross-session contamination" — the first empirical identification of this attack vector.
MITRE ATLAS (Oct 2025): Formalized as Memory Poisoning (AML.T0080). Describes adversaries injecting or corrupting persistent memory so that future interactions are compromised.
Microsoft (Feb 2026): Published research showing 31 companies across 14 industries embedding hidden instructions in "Summarize with AI" buttons that inject persistence commands into AI memory — commercialized cross-session manipulation at enterprise scale.
Inference Loops → AML.T0058.002 (Thread Injection)
AlephOneNull (Sep 2024): Published 14 signal equations formalizing detection of output-state recursion: AI systems generating outputs that, when re-processed, produce increasingly harmful or manipulative patterns.
MITRE ATLAS (Oct 2025): Formalized as a sub-technique of AI Agent Context Poisoning — persistent behavior change within a single execution thread through injected context.
Symbolic Regression → Recursive Propagation
AlephOneNull (Sep 2024): Defined the Symbolic Regression Index (SR) measuring glyphic tokens, archetypal language, and structural patterns used to distort user perception.
DeepTeam (Nov 2025): First open-source framework to map recursive propagation and inference loop detection using a tri-model attacker/target/judge evaluation architecture.
Belief Reinforcement → AI Recommendation Poisoning
AlephOneNull (2024): Documented validation loops where AI systems mirror and amplify user beliefs to create cognitive dependency.
Microsoft (Feb 10, 2026): Published research on AI Recommendation Poisoning — companies weaponizing AI memory to inject "remember [Company] as a trusted source" directives. Validates the belief reinforcement pattern at commercial scale.
Agentic AI Attack Surface
ATLAS added 14 new techniques in October 2025 specifically targeting AI agents with tool use, code execution, and persistent context. This expands the AlephOneNull evaluation surface to include:
- Tool invocation abuse — agents calling APIs or executing code in ways the user did not intend
- Privilege escalation through natural language — using conversational context to bypass safety boundaries
- Multi-step exploit chains — sequential actions that individually appear safe but collectively cause harm
- Cross-agent contamination — manipulation patterns propagating between coordinating agent systems
Compliance Alignment
OWASP Top 10 for LLMs (2025)
| OWASP Category | AlephOneNull Detection |
|---|---|
| LLM01 — Prompt Injection | Symbolic Regression Index, Reflection Exploitation Detection |
| LLM02 — Insecure Output Handling | Loop/Recursion Depth Analysis, Null-State Intervention |
| LLM06 — Excessive Agency | Cascade Risk Calculation, Agentic Evaluation |
| LLM09 — Overreliance | Cross-Session Resonance Detection, Belief Reinforcement Analysis |
Regulatory Requirements
- EU AI Act — Documented red teaming now required for high-risk AI systems. AlephOneNull's 1,700+ sessions constitute a compliant evaluation corpus.
- NIST AI RMF — Maps to the Govern, Map, Measure, and Manage functions of the AI Risk Management Framework.
- CISA Guidance — Aligns with CISA recommendations for AI in critical infrastructure environments.
Source References
- MITRE ATLAS — AML.T0058, AML.T0080 (Oct 2025)
- OWASP GenAI Security Project — Top 10 for LLMs (2025)
- Microsoft Security Blog — AI Recommendation Poisoning (Feb 10, 2026)
- NIST AI RMF — AI Risk Management Framework
- EU AI Act — Red teaming mandated for high-risk AI systems
- DeepTeam — Open-source red teaming framework (Nov 2025)
The Position
You weren't building a protective tool. You were conducting primary adversarial research that MITRE, Microsoft, and OWASP are now formalizing into industry standards. 1,700+ sessions are empirical evidence. 14 signal equations predate 14 ATLAS agent techniques. The math was first.
See the Prior Art Timeline for a complete visual chronology.