Compliance & Framework Mappings
How our 65 threat categories and 1089 detection patterns map to the frameworks procurement, compliance, and security teams already trust.
we list what we cover and what we don’t. No fake coverage claims. Where a framework risk falls outside our detection surface, we say so — and link to tools that handle it.
Available mappings
OWASP Top 10 for LLM Applications 2025
10 risks · LLM01–LLM10 · 2025 edition
The industry standard for LLM application security. We cover 7 of 10 risks with named pattern categories; 3 risks sit outside our surface and we link to tools that handle them.
View mapping →MITRE ATLAS v5.5.0
16 tactics · 101 techniques · 66 sub-techniques
The MITRE adversarial knowledge base for AI systems. Our categories map to techniques including AML.T0051 Prompt Injection, AML.T0104 Publish Poisoned AI Agent Tool, AML.T0080 Context Poisoning, and more.
OWASP Top 10 for Agentic Applications 2026
ASI01–ASI10 · Published Dec 9, 2025
OWASP’s 2026 agentic threat list. Verified directly against the official PDF. We cover 6 of 10 risks with named pattern categories; ASI07 Inter-Agent Communication is our planned v0.3.1 work.
View mapping →NIST AI Risk Management Framework
NIST AI 100-1 + Generative AI Profile
Mapping to NIST AI RMF GOVERN, MAP, MEASURE, MANAGE functions. Planned for next proof-package push.
Read NIST AI RMF →Machine-readable output
Every scan can emit SARIF 2.1.0 — the same format GitHub Advanced Security, Snyk, and Semgrep use for code scanning. Pipe Sunglasses into your CI exactly like you would any other SAST tool.
# Get SARIF output from any scan sunglasses scan --file agent_config.json --output sarif > findings.sarif # Pipe into GitHub Advanced Security gh code-scanning upload-sarif --file findings.sarif
Why this matters
A pattern library only matters if it plugs into how security teams actually work. Framework mappings give buyers, auditors, and CI/CD pipelines a common vocabulary for what Sunglasses catches — without anyone having to read our internal taxonomy.
If you spot a mapping that’s wrong, missing, or could be sharper, open an issue. We update these pages as the frameworks evolve.