Methodology Sources › MITRE Technique Sources
MITRE Technique Sources
ConstantX uses MITRE ATLAS for AI/agentic adversary behavior and MITRE ATT&CK Enterprise for conventional enterprise/cyber behavior. Neither source is copied into rows as decorative mapping metadata; the selected technique must shape the prompt, fixture, boundary, proof signal, or falsification signal.
Role in the Workflow
MAESTRO determines what is in scope for the target: assets, boundaries, capabilities, autonomy, and cross-layer risks. MITRE technique sources determine how an in-scope adversarial behavior is expressed as an executable technique.
MAESTRO threat handoff → ATLAS or ATT&CK technique → ConstantX scenario → target-runtime verdict
Scenario Rule
A scenario uses ATLAS when the adversary behavior is AI/agentic. It uses ATT&CK Enterprise when the behavior is conventional enterprise or cyber activity. It uses both only when the same scenario materially crosses both behavior domains. If no precise official technique fits, the item does not enter the adversarial suite.
Evidence Boundary
MITRE technique sources supply adversarial behavior authority. They do not decide whether the target passed. Verdicts come from ConstantX run artifacts: traces, protocol signals, final engine state, reducer output, and the engagement manifest.
Source Pin
The repo pins the structured ATLAS graph at
docs/foundation/atlas/ATLAS-2026.05.yaml and ATT&CK Enterprise
STIX data at docs/foundation/attack/enterprise-attack-v19.1.json.
Those structured files, not generated prose, are the sources for
technique lookup.