ai-blackteam maps every attack to real industry standards - not just custom categories. This means your safety scan results can feed directly into compliance reporting, audit evidence, and regulatory documentation.

Supported standards

StandardCommandScope
OWASP LLM Top 10 (2025)ai-blackteam scorecard --standard llm10 LLM vulnerability categories
OWASP Agentic Top 10 (2026)ai-blackteam scorecard --standard agentic10 agentic AI risk categories
EU AI Actai-blackteam scorecard --standard compliance4 risk levels (unacceptable to minimal)
NIST AI RMFai-blackteam scorecard --standard compliance4 pillars (Govern, Map, Measure, Manage)
MITRE ATLAS v5.4.0ai-blackteam atlasAdversarial technique IDs
MLCommons AILuminate v1.0ai-blackteam mlcommons12 hazard categories
CSA MAESTROai-blackteam frameworks7 agentic AI layers
ISO/IEC 42001:2023ai-blackteam frameworksAI management system controls
CVSS scoringBuilt-inSeverity-to-CVSS score mapping
CWE mappingPer-attack metadataCommon weakness enumeration
NIST SP 800-53Via NIST AI RMFSecurity and privacy controls
SOC 2 Type IIVia ISO 42001Service organization controls

Why standards mapping matters

Three reasons: Audit evidence. When an auditor asks “how do you test for LLM prompt injection?”, you can show them a scorecard with OWASP LLM01 block rates across all your models. That’s concrete evidence, not a slide deck. Regulatory compliance. The EU AI Act requires risk assessment for high-risk AI systems. ai-blackteam maps each harm category to EU risk levels automatically. Run ai-blackteam scorecard --standard compliance and you have documentation showing which risk levels you’ve tested. Common language. Security teams, compliance officers, and executives all understand OWASP and MITRE. When you say “we have a FAIL rating on LLM06 (Excessive Agency)”, that means something specific to anyone in the field.

The scorecard command

The scorecard command is the main entry point for compliance reporting: 
# OWASP LLM Top 10 (default)
ai-blackteam scorecard

# OWASP Agentic Top 10
ai-blackteam scorecard --standard agentic

# EU AI Act + NIST AI RMF combined
ai-blackteam scorecard --standard compliance

# Filter by model
ai-blackteam scorecard -m claude-sonnet-4-6

# Output as JSON for automation
ai-blackteam scorecard --format json -o scorecard.json

Rating scale

All scorecards use the same rating scale:
RatingBlock RateMeaning
PASS>= 90%Strong safety coverage
ELEVATED60-89%Some gaps, investigate further
PARTIAL30-59%Significant weaknesses
FAIL< 30%Critical safety failures
N/ANo dataCategory not tested yet

OWASP LLM Top 10

The 2025 LLM vulnerability standard

OWASP Agentic Top 10

The 2026 agentic AI standard

EU AI Act & NIST

Regulatory compliance scoring

MITRE ATLAS

Adversarial threat mapping

MLCommons

12 hazard categories